H3C S3100 Series User manual
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Table of Contents
i
Table of Contents
Chapter 1 Mirroring Configuration ..............................................................................................1-1
1.1 Mirroring Overview.............................................................................................................1-1
1.1.1 Local Port Mirroring.................................................................................................1-1
1.1.2 Remote Port Mirroring.............................................................................................1-2
1.2 Mirroring Configuration......................................................................................................1-4
1.2.1 Configuring Local Port Mirroring .............................................................................1-4
1.2.2 Configuring Remote Port Mirroring ......................................................................... 1-5
1.2.3 Displaying Port Mirroring.........................................................................................1-8
1.3 Mirroring Configuration Example.......................................................................................1-9
1.3.1 Local Port Mirroring Configuration Example...........................................................1-9
1.3.2 Remote Port Mirroring Configuration Example.....................................................1-10
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-1
Chapter 1 Mirroring Configuration
1.1 Mirroring Overview
Mirroring refers to the process of copying packets of one or more ports (source ports) to
a destination port which is connected to a data detection device. Users can then use
the data detection device to analyze the mirrored packets on the destination port for
monitoring and troubleshooting the network.
PC
Data detection device
Network
Source
mirroring port
Destination
mirroring port
Figure 1-1 A port mirroring implementation
H3C S3100 series Ethernet switches support two kinds of port mirroring: local port
mirroring and remote port mirroring.
zLocal port mirroring: a device copies packets passing through one or more source
ports of the device to the destination port.
zRemote port mirroring implements port mirroring through the remote source
mirroring group and remote destination mirroring group. The device copies the
packets of the source port to the reflector port, which then broadcasts the packets
in the remote-probe VLAN. After the remote device receives the packets, it
compares the VLAN ID of the packets with that of the remote-probe VLAN on the
remote device. If the VLAN IDs are identical, the remote device forwards the
packets to the destination port of the remote destination mirroring group.
1.1.1 Local Port Mirroring
In local port mirroring, packets passing through one or more source ports of a device
are copied to the destination port on the same device for packet analysis and
monitoring. In this case, the source ports and the destination port must be located on
the same device.
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-2
1.1.2 Remote Port Mirroring
Remote port mirroring does not require the source and destination ports to be on the
same device. The source and destination ports can be located on multiple devices
across the network. Therefore, administrators can monitor the traffic on remote devices
conveniently.
To implement remote port mirroring, a special VLAN, called remote-probe VLAN, is
needed. All mirrored packets are sent from the reflector port of the source switch to the
monitor port (destination port) of the destination switch through the remote-probe VLAN,
so as to implement the monitoring of packets received on and sent from the source
switch on the destination switch. Figure 1-2 illustrates the implementation of remote
port mirroring.
Figure 1-2 Remote port mirroring application
The switches involved in the remote port mirroring implementation play the following
three roles.
zSource switch: The monitored port resident switch. It copies traffic to the reflector
port, which then transmits the traffic to an intermediate switch or destination switch
through the remote-probe VLAN.
zIntermediate switch: Switches between the source switch and destination switch
on the network. An intermediate switch forwards mirrored traffic flows to the next
intermediate switch or the destination switch through the remote-probe VLAN. No
intermediate switch is present if the source and destination switches directly
connect to each other.
zDestination switch: The remote mirroring destination port resident switch. It
forwards mirrored traffic flows it received from the remote-probe VLAN to the
monitoring device through the destination port.
Table 1-1 describes how the ports on various switches are involved in the mirroring
operation.
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-3
Table 1-1 Ports involved in the mirroring operation
Switch Ports involved Function
Source port Port monitored. It copies packets to the
reflector port through local port mirroring.
There can be more than one source port.
Reflector port Receives packets from the source port
and broadcasts the packets in the
remote-probe VLAN.
Source switch
Trunk port Sends mirrored packets to the
intermediate switch or the destination
switch.
Intermediate
switch Trunk port
Sends mirrored packets to the
destination switch.
Two trunk ports are necessary for the
intermediate switch to connect the
devices at the source switch side and the
destination switch side.
Trunk port Receives remote mirrored packets.
Destination switch Destination port Receives packets forwarded from the
trunk port and transmits the packets to
the data detection device.
Caution:
zDo not configure a default VLAN, a management VLAN, or a dynamic VLAN as the
remote-probe VLAN.
zConfigure all ports connecting the devices in the remote-probe VLAN as trunk ports,
and ensure the Layer 2 connectivity from the source switch to the destination switch
over the remote-probe VLAN.
zDo not configure a Layer 3 interface for the remote-probe VLAN, run other protocol
packets, or carry other service packets on the remote-prove VLAN and do not use
the remote-prove VLAN as the voice VLAN and protocol VLAN; otherwise, remote
port mirroring may be affected.
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-4
1.2 Mirroring Configuration
Table 1-2 Mirroring configuration tasks
Task Remarks
Configuring Local Port Mirroring Optional
Configuring Remote Port Mirroring Optional
1.2.1 Configuring Local Port Mirroring
I. Configuration prerequisites
zThe source port is determined and the direction in which the packets are to be
mirrored is determined.
zThe destination port is determined.
II. Configuration procedure
Table 1-3 Configure local port mirroring
Operation Command Description
Enter system view system-view —
Create a port mirroring group mirroring-group
group-id local Required
In system
view
mirroring-group
group-id mirroring-port
mirroring-port-list { both
| inbound | outbound }
interface interface-type
interface-number
mirroring-group
group-id mirroring-port
{ both | inbound |
outbound }
Configure the
source port for the
port mirroring group In port view
quit
Use either
approach
You can configure
multiple source
ports at a time in
system view, or
you can configure
the source port in
specific port view.
The configurations
in the two views
have the same
effect.
In system
view
mirroring-group
group-id monitor-port
monitor-port-id
interface interface-type
interface-number
Configure the
destination port for
the port mirroring
group In port view mirroring-group
group-id monitor-port
Use either
approach
The configurations
in the two views
have the same
effect.
When configuring local port mirroring, note that:
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-5
zYou need to configure the source and destination ports for the local port mirroring
to take effect.
zThe destination port cannot be a member port of an aggregation group or a port
enabled with LACP or STP.
1.2.2 Configuring Remote Port Mirroring
Note:
An S3100 series Ethernet switch can serve as a source switch, an intermediate switch,
or a destination switch in a remote port mirroring networking environment.
I. Configuration on a switch acting as a source switch
1) Configuration prerequisites
zThe source port, the reflector port, and the remote-probe VLAN are determined.
zLayer 2 connectivity is ensured between the source and destination switches over
the remote-probe VLAN.
zThe direction of the packets to be monitored is determined.
2) Configuration procedure
Table 1-4 Configuration on the source switch
Operation Command Description
Enter system view system-view —
Create a VLAN and
enter the VLAN view vlan vlan-id vlan-id is the ID of the
remote-probe VLAN.
Configure the current
VLAN as the
remote-probe VLAN remote-probe vlan enable Required
Return to system view quit —
Enter the view of the
Ethernet port that
connects to the
intermediate switch or
destination switch
interface interface-type
interface-number —
Configure the current
port as trunk port port link-type trunk Required
By default, the port type
is Access.
Configure the trunk port
to permit packets from
the remote-probe VLAN
port trunk permit vlan
remote-probe-vlan-id Required
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-6
Operation Command Description
Return to system view quit —
Create a remote source
mirroring group mirroring-group group-id
remote-source Required
Configure source port(s)
for the remote source
mirroring group
mirroring-group group-id
mirroring-port
mirroring-port-list { both |
inbound | outbound }
Required
Configure the reflector
port for the remote
source mirroring group
mirroring-group group-id
reflector-port reflector-port Required
Configure the
remote-probe VLAN for
the remote source
mirroring group
mirroring-group group-id
remote-probe vlan
remote-probe-vlan-id Required
When configuring the source switch, note that:
zAll ports of a remote source mirroring group are on the same device. Each remote
source mirroring group can be configured with only one reflector port.
zThe reflector port cannot be a member port of an aggregation group, or a port
enabled with LACP or STP. It must be an access port and cannot be configured
with the functions like VLAN-VPN, port loopback detection, packet filtering, QoS,
port security, and so on.
zIt is recommended not to configure the VLAN mapping and the selective QinQ
function on the reflector port; otherwise, port mirroring may not function properly.
zYou cannot modify the duplex mode, port rate, and MDI attribute of a reflector port.
zOnly an existing static VLAN can be configured as the remote-probe VLAN. To
remove a remote-probe VLAN, you need to restore it to a normal VLAN first. A
remote port mirroring group gets invalid if the corresponding remote port mirroring
VLAN is removed.
zDo not configure a port connecting the intermediate switch ordestination switch as
the mirroring source port. Otherwise, traffic disorder may occur in the network.
II. Configuration on a switch acting as an intermediate switch
1) Configuration prerequisites
zThe trunk ports and the remote-probe VLAN are determined.
zLayer 2 connectivity is ensured between the source and destination switches over
the remote-probe VLAN.
2) Configuration procedure
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-7
Table 1-5 Configuration on the intermediate switch
Operation Command Description
Enter system view system-view —
Create a VLAN and enter
VLAN view vlan vlan-id vlan-id is the ID of the
remote-probe VLAN.
Configure the current
VLAN as the
remote-probe VLAN
remote-probe vlan
enable Required
Return to system view quit —
Enter the view of the
Ethernet port connecting
to the source switch,
destination switch or
other intermediate switch
interface interface-type
interface-number —
Configure the current port
as trunk port port link-type trunk Required
By default, the port type is
Access.
Configure the trunk port to
permit packets from the
remote-probe VLAN
port trunk permit vlan
remote-probe-vlan-id Required
III. Configuration on a switch acting as a destination switch
1) Configuration prerequisites
zThe destination port and the remote-probe VLAN are determined.
zLayer 2 connectivity is ensured between the source and destination switches over
the remote-probe VLAN.
2) Configuration procedure
Table 1-6 Configure remote port mirroring on the destination switch
Operation Command Description
Enter system view system-view —
Create a VLAN and
enter VLAN view vlan vlan-id vlan-id is the ID of the
remote-probe VLAN.
Configure the current
VLAN as a
remote-probe VLAN remote-probe vlan enable Required
Return to system view quit —
Enter the view of the
Ethernet port connecting
to the source switch or
an intermediate switch
interface interface-type
interface-number —
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-8
Operation Command Description
Configure the current
port as trunk port port link-type trunk Required
By default, the port type
is Access.
Configure trunk port to
permit packets from the
remote-probe VLAN
port trunk permit vlan
remote-probe-vlan-id Required
Return to system view quit —
Create a remote
destination mirroring
group
mirroring-group group-id
remote-destination Required
Configure the
destination port for the
remote destination
mirroring group
mirroring-group group-id
monitor-port monitor-port Required
Configure the
remote-probe VLAN for
the remote destination
mirroring group
mirroring-group group-id
remote-probe vlan
remote-probe-vlan-id Required
When configuring a destination switch, note that:
zThe destination port of remote port mirroring cannot be a member port of an
aggregation group, or a port enabled with LACP or STP.
zOnly an existing static VLAN can be configured as the remote-probe VLAN. To
remove a remote-probe VLAN, you need to restore it to a normal VLAN first. A
remote port mirroring group gets invalid if the corresponding remote port mirroring
VLAN is removed.
1.2.3 Displaying Port Mirroring
After the above configurations, you can execute the display commands in any view to
view the mirroring running information, so as to verify your configurations.
Table 1-7 Display configuration of mirroring
Operation Command Description
Display port mirroring
configuration
display mirroring-group
{ group-id | all | local |
remote-destination |
remote-source }
Available in any view
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-9
1.3 Mirroring Configuration Example
1.3.1 Local Port Mirroring Configuration Example
I. Network requirements
The departments of a company connect to each other through S3100 Ethernet
switches:
zResearch and Development (R&D) department is connected to Switch C through
Ethernet 1/0/1.
zMarketing department is connected to Switch C through Ethernet 1/0/2.
zData detection device is connected to Switch C through Ethernet 1/0/3
The administrator wants to monitor the packets received on and sent from the R&D
department and the marketing department through the data detection device.
Use the local port mirroring function to meet the requirement. Perform the following
configurations on Switch C.
zConfigure Ethernet 1/0/1 and Ethernet 1/0/2 as mirroring source ports.
zConfigure Ethernet 1/0/3 as the mirroring destination port.
II. Network diagram
Switch C
The R&D
department Switch A
Switch B
Eth1/0/2
Eth1/0/1
Eth1/0/3
The Marketing
department
Data detection device
Figure 1-3 Network diagram for local port mirroring
III. Configuration procedure
Configure Switch C:
# Create a local mirroring group.
<Sysname> system-view
[Sysname] mirroring-group 1 local
# Configure the source ports and destination port for the local mirroring group.
[Sysname] mirroring-group 1 mirroring-port Ethernet 1/0/1 Ethernet 1/0/2 both
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-10
[Sysname] mirroring-group 1 monitor-port Ethernet 1/0/3
# Display configuration information about local mirroring group 1.
[Sysname] display mirroring-group 1
mirroring-group 1:
type: local
status: active
mirroring port:
Ethernet1/0/1 both
Ethernet1/0/2 both
monitor port: Ethernet1/0/3
After the configurations, you can monitor all packets received on and sent from the
R&D department and the marketing department on the data detection device.
1.3.2 Remote Port Mirroring Configuration Example
I. Network requirements
The departments of a company connect to each other through S3100 Ethernet
switches:
zSwitch A, Switch B, and Switch C are S3100 series switches.
zDepartment 1 is connected to Ethernet 1/0/1 of Switch A.
zDepartment 2 is connected to Ethernet 1/0/2 of Switch A.
zEthernet 1/0/3 of Switch A connects to Ethernet 1/0/1 of Switch B.
zEthernet 1/0/2 of Switch B connects to Ethernet 1/0/1 of Switch C.
zThe data detection device is connected to Ethernet 1/0/2 of Switch C.
The administrator wants to monitor the packets sent from Department 1 and 2 through
the data detection device.
Use the remote port mirroring function to meet the requirement. Perform the following
configurations:
zUse Switch A as the source switch, Switch B as the intermediate switch, and
Switch C as the destination switch.
zOn Switch A, create a remote source mirroring group, configure VLAN 10 as the
remote-probe VLAN, ports Ethernet 1/0/1 and Ethernet 1/0/2 as the source ports,
and port Ethernet 1/0/4 as the reflector port.
zOn Switch B, configure VLAN 10 as the remote-probe VLAN.
zConfigure Ethernet 1/0/3 of Switch A, Ethernet 1/0/1 and Ethernet 1/0/2 of Switch
B, and Ethernet 1/0/1 of Switch C as trunk ports, allowing packets of VLAN 10 to
pass.
zOn Switch C, create a remote destination mirroring group, configure VLAN 10 as
the remote-probe VLAN, and configure Ethernet 1/0/2 connected with the data
detection device as the destination port.
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-11
II. Network diagram
Figure 1-4 Network diagram for remote port mirroring
III. Configuration procedure
1) Configure the source switch (Switch A)
# Create remote source mirroring group 1.
<Sysname> system-view
[Sysname] mirroring-group 1 remote-source
# Configure VLAN 10 as the remote-probe VLAN.
[Sysname] vlan 10
[Sysname-vlan10] remote-probe vlan enable
[Sysname-vlan10] quit
# Configure the source ports, reflector port, and remote-probe VLAN for the remote
source mirroring group.
[Sysname] mirroring-group 1 mirroring-port Ethernet 1/0/1 Ethernet 1/0/2
inbound
[Sysname] mirroring-group 1 reflector-port Ethernet 1/0/4
[Sysname] mirroring-group 1 remote-probe vlan 10
# Configure Ethernet 1/0/3 as trunk port, allowing packets of VLAN 10 to pass.
[Sysname] interface Ethernet 1/0/3
[Sysname-Ethernet1/0/3] port link-type trunk
[Sysname-Ethernet1/0/3] port trunk permit vlan 10
[Sysname-Ethernet1/0/3] quit
# Display configuration information about remote source mirroring group 1.
[Sysname] display mirroring-group 1
mirroring-group 1:
type: remote-source
status: active
mirroring port:
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-12
Ethernet1/0/1 inbound
Ethernet1/0/2 inbound
reflector port: Ethernet1/0/4
remote-probe vlan: 10
2) Configure the intermediate switch (Switch B)
# Configure VLAN 10 as the remote-probe VLAN.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] remote-probe vlan enable
[Sysname-vlan10] quit
# Configure Ethernet 1/0/1 as the trunk port, allowing packets of VLAN 10 to pass.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] port link-type trunk
[Sysname-Ethernet1/0/1] port trunk permit vlan 10
[Sysname-Ethernet1/0/1] quit
# Configure Ethernet 1/0/2 as the trunk port, allowing packets of VLAN 10 to pass.
[Sysname] interface Ethernet 1/0/2
[Sysname-Ethernet1/0/2] port link-type trunk
[Sysname-Ethernet1/0/2] port trunk permit vlan 10
3) Configure the destination switch (Switch C)
# Create remote destination mirroring group 1.
<Sysname> system-view
[Sysname] mirroring-group 1 remote-destination
# Configure VLAN 10 as the remote-probe VLAN.
[Sysname] vlan 10
[Sysname-vlan10] remote-probe vlan enable
[Sysname-vlan10] quit
# Configure the destination port and remote-probe VLAN for the remote destination
mirroring group.
[Sysname] mirroring-group 1 monitor-port Ethernet 1/0/2
[Sysname] mirroring-group 1 remote-probe vlan 10
# Configure Ethernet 1/0/1 as the trunk port, allowing packets of VLAN 10 to pass.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] port link-type trunk
[Sysname-Ethernet1/0/1] port trunk permit vlan 10
[Sysname-Ethernet1/0/1] quit
# Display configuration information about remote destination mirroring group 1.
[Sysname] display mirroring-group 1
Operation Manual (For Soliton) – Mirroring
H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration
1-13
mirroring-group 1:
type: remote-destination
status: active
monitor port: Ethernet1/0/2
remote-probe vlan: 10
After the configurations, you can monitor all packets sent from Department 1 and 2 on
the data detection device.
Other manuals for S3100 Series
17
Table of contents
Other H3C Switch manuals
H3C
H3C S5830V2 series Installation manual
H3C
H3C S9505 SRP User manual
H3C
H3C S9500 Series User manual
H3C
H3C S5130S-10P-EI User manual
H3C
H3C S5150-EI Series User manual
H3C
H3C S5830V2 series Installation manual
H3C
H3C S10504 User manual
H3C
H3C EPON OLT User manual
H3C
H3C S12500-X User manual
H3C
H3C S9500 Series User manual
H3C
H3C S5560S-SI User manual
H3C
H3C S9500 Series User manual
H3C
H3C S9500 Series User manual
H3C
H3C S9500 Series User manual
H3C
H3C S9500 Series User manual
H3C
H3C S6850 Series User manual
H3C
H3C S10500X Series Operating and maintenance manual
H3C
H3C IE4300-12P-PWR User manual
H3C
H3C S5560-EI series User manual
H3C
H3C S9500 Series User manual
