Table of Contents 1 Port Mirroring Configuration 1-1

Similar documents
Table of Contents Chapter 1 Multicast VLAN Configuration

Configuring BPDU tunneling

Table of Contents 1 ARP Configuration Guide 1-1

Operation Manual ARP H3C S5500-SI Series Ethernet Switches. Table of Contents

Table of Contents 1 VLAN Configuration 1-1

Table of Contents 1 QinQ Configuration BPDU Tunneling Configuration 2-1

Configuring GVRP. Introduction to GVRP GARP. How GARP works. GARP messages

Contents. EVPN overview 1

Table of Contents 1 IGMP Snooping Configuration 1-1

H3C S12500 VLAN Configuration examples

Command Manual MAC Address Table Management H3C S5500-EI Series Ethernet Switches. Table of Contents

Configuring SPAN and RSPAN

Configuring SPAN and RSPAN

Port ACLs (PACLs) Prerequisites for PACls CHAPTER

DHCP H3C Low-End Ethernet Switches Configuration Examples. Table of Contents

DHCP Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents

Configuring ARP attack protection 1

Operation Manual MPLS VLL. Table of Contents

Index. Numerics. Index p priority (QoS) definition Q VLAN standard w as a region 5-54

Table of Contents 1 QinQ Configuration 1-1

HPE FlexFabric 7900 Switch Series

Port Mirroring Best Practice

H3C S12500 Unauthorized DHCP Server Detection Configuration Examples

Configuring MPLS L2VPN

Configuring MPLS L2VPN

Configuring Access and Trunk Interfaces

Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling

Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling

Chapter 4 Configuring Switching

24 GE with 4 Shared SFP Web Smart Switch

Table of Contents. Chapter 1 Port Configuration Overview

Contents. QoS overview 1

HP 6125 Blade Switch Series

H3C SR G Core Routers

Table of Contents 1 Stack Configuration 1-1

Configuring SPAN. Understanding SPAN CHAPTER. This chapter describes how to configure Switched Port Analyzer (SPAN) and on the Catalyst 2960 switch.

Table of Contents X Configuration 1-1

Configuring SPAN and RSPAN

Configuring Q-in-Q VLAN Tunnels

24 Port 10/100Mbps L2 Managed POE Switch with 2 x Combo (RJ45/SFP) 100/1000 Mbps Uplink Port, 100m

Product features. Applications

Contents. Configuring GRE 1

Configuring PIM snooping

TS-IMF2F4-P: L2 Managed Industrial Switch. with PoE Injector

Ethernet Virtual Connections Configuration

JSH2402GBM. Introduction. Main Features Combo Port Mixed Giga Ethernet SNMP Switch. Picture for reference

Configuring SPAN and RSPAN

Powered by Accton. ES Port Gigabit Web-Smart Switch. Management Guide.

Quidway S5700 Series Ethernet Switches V100R006C01. Configuration Guide - Ethernet. Issue 02 Date HUAWEI TECHNOLOGIES CO., LTD.

GS-1626G Web Smart+ GbE Switch

Table of Contents Chapter 1 Tunneling Configuration

Operation Manual VRRP. Table of Contents

Loop detection commands 1

Configuring SPAN and RSPAN

Operation Manual DHCP H3C S5500-SI Series Ethernet Switches. Table of Contents. Table of Contents

HP Routing Switch Series

HP 6125G & 6125G/XG Blade Switches

Command Manual QinQ-BPDU Tunneling H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Management Software AT-S101. User s Guide. For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch. Version Rev.

Spanning-Tree Protocol

Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks

Command Manual (For Soliton) VLAN-VPN. Table of Contents

ASR 9000 Series Common Problems with Spanning Tree Protocols

H3C S5120-EI Switch Series

HP 5120 SI Switch Series

GV-PoE Switch Comparison Table (Full Version)

Configuring VPLS. VPLS overview. Operation of VPLS. Basic VPLS concepts

ARP attack protection commands

Figure 7-1 Unicast Static FDB window

H3C S10500 Switch Series

Configuring Private VLANs

Configuring MPLS L2VPN

Real4Test. Real IT Certification Exam Study materials/braindumps

HP 3600 v2 Switch Series

Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch

Configuring SPAN and RSPAN

HPE ArubaOS-Switch Advanced Traffic Management Guide for WC.16.02

Monitor Commands. monitor session source, page 2 monitor session destination, page 4

Index. Numerics. Index 1

Configuring Voice VLAN

Contents. Configuring EVI 1

48-Port 10/100/1000BASE-T + 4-Port 100/1000BASE-X SFP Gigabit Managed Switch GS T4S

DES P MANUAL WEBSMART SWITCH V1.05

Table of Contents 1 LLDP Configuration 1-1

VLAN Configuration via CLI on 300/500 Series Managed Switches

The DPtech LSW3600-SI series switches include the following models: LSW T2GC-SI: 24 10/100 BASE-T Ethernet ports, 2 Gigabit SFP ports (Combo).

H3C S10500 OpenFlow Configuration Examples

Traditional network management methods have typically

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

H3C SecBlade NetStream Card Configuration Examples

L3 Managed Fiber Switch

HP0-Y47. Deploying HP FlexNetwork Core Technologies.

H3C S5120-EI Switch Series

Campus Networking Workshop. Layer 2 engineering Spanning Tree and VLANs

IGMP Snooping Configuration

Multicast Protocol Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents

Configuring Private VLANs

ZyXEL ES-2108PWR V3.80(ABS.1)C0 Release Note/Manual Supplement

Configuring ARP attack protection 1

Table of Contents X Configuration 1-1

Transcription:

Table of Contents 1 Port Mirroring Configuration 1-1 Introduction to Port Mirroring 1-1 Classification of Port Mirroring 1-1 Implementing Port Mirroring 1-2 Other Functions Supported by Port Mirroring 1-3 Configuring Local Port Mirroring 1-3 Configuring Remote Port Mirroring 1-4 Configuring a Remote Source Mirroring Group 1-4 Configuring a Remote Destination Port Mirroring Group 1-5 Displaying Port Mirroring 1-6 Port Mirroring Configuration Examples 1-6 Local Port Mirroring Configuration Example 1-6 Remote Port Mirroring Configuration Example 1-7 i

1 Port Mirroring Configuration The term switch in this document refers to a switch in a generic sense or an access controller configured with the switching function unless otherwise specified. When configuring port mirroring, go to these sections for information you are interested in: Introduction to Port Mirroring Configuring Local Port Mirroring Configuring Remote Port Mirroring Displaying Port Mirroring Port Mirroring Configuration Examples Introduction to Port Mirroring Port mirroring allows you to duplicate the packets passing specified ports to the destination mirroring port. As destination mirroring ports usually have data monitoring devices connected to them, you can analyze the packets duplicated to the destination mirroring port on these devices so as to monitor and troubleshoot the network. Figure 1-1 A port mirroring implementation Network Destination mirroring port Source mirroring port Data monitoring device Host Classification of Port Mirroring There are two kinds of port mirroring: local port mirroring and remote port mirroring. 1-1

Local port mirroring copies packets passing through one or more ports (known as source ports) of a device to the monitor port (also destination port) for analysis and monitoring purpose. In this case, the source ports and the destination port are located on the same device. Remote port mirroring implements port mirroring between multiple devices. That is, the source ports and the destination port can be located on different devices in a network. Currently, remote port mirroring can only be implemented on Layer 2. Implementing Port Mirroring Port mirroring is implemented through port mirroring groups, which fall into these three categories: local port mirroring group, remote source port mirroring group, and remote destination port mirroring group. Two port mirroring implementation modes are introduced in the following section. Local port mirroring Local port mirroring is implemented by local port mirroring group. In this mode, the source ports and the destination port are in the same local port mirroring group. Packets passing through the source ports are duplicated and then forwarded to the destination port. Remote port mirroring Remote port mirroring is achieved through the cooperation of remote source port mirroring group and remote destination port mirroring group. Figure 1-2 illustrates a remote port mirroring implementation. Figure 1-2 A remote mirroring implementation The devices in Figure 1-2 function as follows: Source device Source device contains source mirroring ports, and remote source port mirroring groups are created on source devices. A source device duplicates the packets passing the source ports on it and sends them to the outbound port. The packets are then broadcast in the remote mirroring VLAN and are received by the intermediate device or destination device. Intermediate device Intermediate devices are used to connect source devices and destination devices. An intermediate device forwards the mirrored packets to the next intermediate device or the destination device. If the source device is directly connected to the destination device, no intermediate device is needed. In a remote mirroring VLAN, the source devices and the destination device need to be able to communicate with one another on Layer 2. Destination device 1-2

Destination device contains destination mirroring port, and remote destination port mirroring groups are created on destination devices. Upon receiving a mirrored packet, the destination device checks to see if the VLAN ID of the received packet is the same as that of the remote mirroring VLAN of the remote destination port mirroring group. If yes, the destination device forwards the packet to the monitoring device through the destination mirroring port. Other Functions Supported by Port Mirroring In addition, in a port mirroring group, a destination port can monitor multiple source ports simultaneously in the mirroring group. Configuring Local Port Mirroring Follow these steps to configure local port mirroring: To do Use the command Remarks Enter system view system-view Create a local mirroring group mirroring-group group-id local Required Add ports to the port mirroring group as source ports In system view In interface view mirroring-group group-id mirroring-port mirroring-port-list { both inbound outbound } interface interface-type interface-number [ mirroring-group group-id ] mirroring-port { both inbound outbound } quit Use either approach. You can add ports to a port mirroring group as source ports in either system view or interface view. In system view, you can add multiple ports to a port mirroring group at one time. While in interface view, you can only add the current port to a port mirroring group. Add a port to the mirroring group as the destination port In system view In interface view mirroring-group group-id monitor-port monitor-port-id interface interface-type interface-number [ mirroring-group group-id ] monitor-port Use either approach. You can add a destination port to a port mirroring group in either system view or interface view. They achieve the same purpose. A local mirroring group is effective only when it has both source ports and the destination port configured. It is not recommended to enable STP, RSTP or MSTP on the destination port; otherwise, the mirroring function may be affected. Do not use the destination mirroring port for any purpose other than port mirroring. The source ports and the destination port cannot be the member ports of the current mirroring group. Before adding the destination port for a port mirroring group, make sure the port mirroring group exists. A mirroring group can have only one destination port. 1-3

Configuring Remote Port Mirroring You can configure a remote source port mirroring group as well as a remote destination port mirroring group on a WX6103 access controller switch interface board. Configuring a Remote Source Mirroring Group Follow these steps to configure a remote port mirroring group To do Use the command Remarks Enter system view system-view Create a remote source mirroring group mirroring-group group-id remote-source Required Add ports to the mirroring group as source ports In system view In interface view mirroring-group group-id mirroring-port mirroring-port-list { both inbound outbound } interface interface-type interface-number [ mirroring-group group-id ] mirroring-port { both inbound outbound } Use either approach. You can add ports to a source port mirroring group in either system view or interface view. They achieve the same purpose. quit Add a port to the mirroring group as the outbound mirroring port In system view In interface view mirroring-group group-id monitor-egress monitor-egress-port-id interface interface-type interface-number mirroring-group group-id monitor-egress quit Use either approach. You can add ports to a source mirroring group in either system view or interface view. They achieve the same purpose. Configure the remote port mirroring VLAN for the mirroring group mirroring-group group-id remote-probe vlan rprobe-vlan-id Required 1-4

All ports in a remote mirroring group belong to the same device. A remote source mirroring group can have only one outbound mirroring port. The outbound mirroring port cannot be a member port of the current mirroring group. It is not recommended to add the source ports to a remote VLAN, which can be used for remote mirroring only. It is not recommended to configure STP, RSTP, MSTP, 802.1x, IGMP Snooping, static ARP and MAC address learning on the outbound mirroring port; otherwise, the mirroring function may be affected. Only existing static VLANs can be configured as remote port mirroring VLANs. To remove a VLAN operating as a remote port mirroring VLAN, you need to restore it to a normal VLAN first. A remote port mirroring group gets invalid if the corresponding remote port mirroring VLAN is removed. A port can belong to only one port mirroring group. A VLAN can be the remote port mirroring VLAN of only one port mirroring group. Configuring a Remote Destination Port Mirroring Group Follow these steps to configure a remote destination port mirroring group: To do Use the command Remarks Enter system view system-view Create a remote destination port mirroring group Configure the remote port mirroring VLAN for the port mirroring group mirroring-group group-id remote-destination mirroring-group group-id remote-probe vlan rprobe-vlan-id Required Required Add a port to the port mirroring group as the destination port In system view In interface view mirroring-group group-id monitor-port monitor-port-id interface interface-type interface-number [ mirroring-group group-id ] monitor-port quit Use either approach. You can add a port to a remote port mirroring group as the destination port in either system view or interface view. They achieve the same purpose. Enter destination interface view interface interface-type interface-number Add the port to the remote port mirroring VLAN The port is an access port The port is a trunk port The port is a hybrid port port access vlan rprobe-vlan-id port trunk permit vlan rprobe-vlan-id port hybrid vlan rprobe-vlan-id { tagged untagged } Perform one of these three operations according to the port type. 1-5

The remote destination mirroring port cannot be a member port of the current mirroring group. The remote destination mirroring port can be an access, trunk, or hybrid port. It must be assigned to the remote mirroring VLAN. Do not enable STP, RSTP or MSTP on the remote destination mirroring port. Otherwise, the mirroring function may be affected. Do not use the remote destination mirroring port for any purpose other than port mirroring. Only existing static VLANs can be configured as remote port mirroring VLANs. To remove a VLAN operating as a remote port mirroring VLAN, you need to restore it to a normal VLAN first. A remote port mirroring group gets invalid if the corresponding remote port mirroring VLAN is removed. Use a remote port mirroring VLAN for remote port mirroring only. A port can belong to only one port mirroring group. A VLAN can be the remote port mirroring VLAN of only one port mirroring group. Displaying Port Mirroring Follow these steps to display port mirroring: To do Use the command Remarks Display the configuration of a port mirroring group display mirroring-group { group-id all local remote-destination remote-source } Available in any view Port Mirroring Configuration Examples Local Port Mirroring Configuration Example Network requirements The departments of a company connect to each other through Ethernet switches: Research and Development (R&D) department is connected to AC through GigabitEthernet 0/0/1. Marketing department is connected to AC through GigabitEthernet 0/0/2. Data monitoring device is connected to AC through GigabitEthernet 0/0/3 The administrator wants to monitor the packets received on and sent from the R&D department and the marketing department through the data monitoring device. Use the local port mirroring function to meet the requirement. Perform the following configurations on AC. Configure GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 as mirroring source ports. Configure GigabitEthernet 0/0/3 as the mirroring destination port. 1-6

Network diagram Figure 1-3 Network diagram for local port mirroring configuration Configuration procedure Configure AC. # Create a local port mirroring group. <AC> system-view [AC] mirroring-group 1 local # Add port GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 to the port mirroring group as source ports. Add port GigabitEthernet 0/0/3 to the port mirroring group as the destination port. [AC] mirroring-group 1 mirroring-port GigabitEthernet 0/0/1 GigabitEthernet 0/0/2 both [AC] mirroring-group 1 monitor-port GigabitEthernet 0/0/3 # Display the configuration of all the port mirroring groups. [AC] display mirroring-group all mirroring-group 1: type: local status: active mirroring port: GigabitEthernet0/0/1 both GigabitEthernet0/0/2 both monitor port: GigabitEthernet0/0/3 After finishing the configuration, you can monitor all the packets received and sent by R&D department and Marketing department on the Data monitoring device. Remote Port Mirroring Configuration Example Network requirements The departments of a company connect to each other through Ethernet switches: Department 1 is connected to GigabitEthernet 0/0/1 of AC. Department 2 is connected to GigabitEthernet 0/0/2 of AC. GigabitEthernet 0/0/3 of AC connects to GigabitEthernet 0/0/1 of Switch A. GigabitEthernet 0/0/2 of Switch A connects to GigabitEthernet 0/0/1 of Switch B. The data monitoring device is connected to GigabitEthernet 0/0/2 of Switch B. 1-7

The administrator wants to monitor the packets sent from Department 1 and 2 through the data monitoring device. Use the remote port mirroring function to meet the requirement. Perform the following configurations: Use AC as the source device, Switch A as the intermediate device, and Switch B as the destination device. On AC, create a remote source mirroring group; create VLAN 2 and configure it as the remote port mirroring VLAN; add port GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 to the port mirroring group as two source ports. Configure port GigabitEthernet 0/0/3 as the outbound mirroring port. Configure port GigabitEthernet 0/0/3 of AC, port GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 of Switch A, and port GigabitEthernet 0/0/1 of Switch B as trunk ports and configure them to permit packets of VLAN 2. Create a remote destination mirroring group on Switch B. Configure VLAN 2 as the remote port mirroring VLAN and port GigabitEthernet 0/0/2, to which the data monitoring device is connected, as the destination port. Network diagram Figure 1-4 Network diagram for remote port mirroring configuration Configuration procedure 1) Configure AC (the source device). # Create a remote source port mirroring group. <AC> system-view [AC] mirroring-group 1 remote-source # Create VLAN 2. [AC] vlan 2 [AC-vlan2] quit # Configure VLAN 2 as the remote port mirroring VLAN of the remote port mirroring group. Add port GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 to the remote port mirroring group as source ports. Configure port GigabitEthernet 0/0/3 as the outbound mirroring port. [AC] mirroring-group 1 remote-probe vlan 2 [AC] mirroring-group 1 mirroring-port GigabitEthernet 0/0/1 GigabitEthernet 0/0/2 inbound [AC] mirroring-group 1 monitor-egress GigabitEthernet 0/0/3 # Configure port GigabitEthernet 0/0/3 as a trunk port and configure the port to permit the packets of VLAN 2. [AC] interface GigabitEthernet 0/0/3 1-8

[AC-GigabitEthernet0/0/3] port link-type trunk [AC-GigabitEthernet0/0/3] port trunk permit vlan 2 2) Configure Switch A (the intermediate device). # Configure port GigabitEthernet 0/0/1 as a trunk port and configure the port to permit the packets of VLAN 2. <SwitchA> system-view [SwitchA] interface GigabitEthernet 0/0/1 [SwitchA-GigabitEthernet0/0/1] port link-type trunk [SwitchA-GigabitEthernet0/0/1] port trunk permit vlan 2 [SwitchA-GigabitEthernet0/0/1] quit # Configure port GigabitEthernet 0/0/2 as a trunk port and configure the port to permit the packets of VLAN 2. [SwitchA] interface GigabitEthernet 0/0/2 [SwitchA-GigabitEthernet0/0/2] port link-type trunk [SwitchA-GigabitEthernet0/0/2] port trunk permit vlan 2 3) Configure Switch B (the destination device). # Configure port GigabitEthernet 0/0/1 as a trunk port and configure the port to permit the packets of VLAN 2. <SwitchB> system-view [SwitchB] interface GigabitEthernet 0/0/1 [SwitchB-GigabitEthernet0/0/1] port link-type trunk [SwitchB-GigabitEthernet0/0/1] port trunk permit vlan 2 [SwitchB-GigabitEthernet0/0/1] quit # Create a remote destination port mirroring group. [SwitchB] mirroring-group 1 remote-destination # Create VLAN 2. [SwitchB] vlan 2 [SwitchB-vlan2] quit # Configure VLAN 2 as the remote port mirroring VLAN of the remote destination port mirroring group. Add port GigabitEthernet 0/0/2 to the remote destination port mirroring group as the destination port. [SwitchB] mirroring-group 1 remote-probe vlan 2 [SwitchB] mirroring-group 1 monitor-port GigabitEthernet 0/0/2 [SwitchB] interface GigabitEthernet 0/0/2 [SwitchB-GigabitEthernet0/0/2] port access vlan 2 After finishing the configuration, you can monitor all the packets sent by Department 1 and Department 2 on the Data monitoring device. 1-9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback