H3C S3100 Series User manual

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Table of Contents

Table of Contents

Chapter 1 Mirroring Configuration ..............................................................................................1-1

1.1 Mirroring Overview.............................................................................................................1-1

1.1.1 Local Port Mirroring.................................................................................................1-1

1.1.2 Remote Port Mirroring.............................................................................................1-2

1.2 Mirroring Configuration......................................................................................................1-4

1.2.1 Configuring Local Port Mirroring .............................................................................1-4

1.2.2 Configuring Remote Port Mirroring ......................................................................... 1-5

1.2.3 Displaying Port Mirroring.........................................................................................1-8

1.3 Mirroring Configuration Example.......................................................................................1-9

1.3.1 Local Port Mirroring Configuration Example...........................................................1-9

1.3.2 Remote Port Mirroring Configuration Example.....................................................1-10

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration

1-1

Chapter 1 Mirroring Configuration

1.1 Mirroring Overview

Mirroring refers to the process of copying packets of one or more ports (source ports) to

a destination port which is connected to a data detection device. Users can then use

the data detection device to analyze the mirrored packets on the destination port for

monitoring and troubleshooting the network.

Data detection device

Network

Source

mirroring port

Destination

mirroring port

Figure 1-1 A port mirroring implementation

H3C S3100 series Ethernet switches support two kinds of port mirroring: local port

mirroring and remote port mirroring.

zLocal port mirroring: a device copies packets passing through one or more source

ports of the device to the destination port.

zRemote port mirroring implements port mirroring through the remote source

mirroring group and remote destination mirroring group. The device copies the

packets of the source port to the reflector port, which then broadcasts the packets

in the remote-probe VLAN. After the remote device receives the packets, it

compares the VLAN ID of the packets with that of the remote-probe VLAN on the

remote device. If the VLAN IDs are identical, the remote device forwards the

packets to the destination port of the remote destination mirroring group.

1.1.1 Local Port Mirroring

In local port mirroring, packets passing through one or more source ports of a device

are copied to the destination port on the same device for packet analysis and

monitoring. In this case, the source ports and the destination port must be located on

the same device.

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration

1-2

1.1.2 Remote Port Mirroring

Remote port mirroring does not require the source and destination ports to be on the

same device. The source and destination ports can be located on multiple devices

across the network. Therefore, administrators can monitor the traffic on remote devices

conveniently.

To implement remote port mirroring, a special VLAN, called remote-probe VLAN, is

needed. All mirrored packets are sent from the reflector port of the source switch to the

monitor port (destination port) of the destination switch through the remote-probe VLAN,

so as to implement the monitoring of packets received on and sent from the source

switch on the destination switch. Figure 1-2 illustrates the implementation of remote

port mirroring.

Figure 1-2 Remote port mirroring application

The switches involved in the remote port mirroring implementation play the following

three roles.

zSource switch: The monitored port resident switch. It copies traffic to the reflector

port, which then transmits the traffic to an intermediate switch or destination switch

through the remote-probe VLAN.

zIntermediate switch: Switches between the source switch and destination switch

on the network. An intermediate switch forwards mirrored traffic flows to the next

intermediate switch or the destination switch through the remote-probe VLAN. No

intermediate switch is present if the source and destination switches directly

connect to each other.

zDestination switch: The remote mirroring destination port resident switch. It

forwards mirrored traffic flows it received from the remote-probe VLAN to the

monitoring device through the destination port.

Table 1-1 describes how the ports on various switches are involved in the mirroring

operation.

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration

1-3

Table 1-1 Ports involved in the mirroring operation

Switch Ports involved Function

Source port Port monitored. It copies packets to the

reflector port through local port mirroring.

There can be more than one source port.

Reflector port Receives packets from the source port

and broadcasts the packets in the

remote-probe VLAN.

Source switch

Trunk port Sends mirrored packets to the

intermediate switch or the destination

switch.

Intermediate

switch Trunk port

Sends mirrored packets to the

destination switch.

Two trunk ports are necessary for the

intermediate switch to connect the

devices at the source switch side and the

destination switch side.

Trunk port Receives remote mirrored packets.

Destination switch Destination port Receives packets forwarded from the

trunk port and transmits the packets to

the data detection device.

Caution:

zDo not configure a default VLAN, a management VLAN, or a dynamic VLAN as the

remote-probe VLAN.

zConfigure all ports connecting the devices in the remote-probe VLAN as trunk ports,

and ensure the Layer 2 connectivity from the source switch to the destination switch

over the remote-probe VLAN.

zDo not configure a Layer 3 interface for the remote-probe VLAN, run other protocol

packets, or carry other service packets on the remote-prove VLAN and do not use

the remote-prove VLAN as the voice VLAN and protocol VLAN; otherwise, remote

port mirroring may be affected.

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration

1-4

1.2 Mirroring Configuration

Table 1-2 Mirroring configuration tasks

Task Remarks

Configuring Local Port Mirroring Optional

Configuring Remote Port Mirroring Optional

1.2.1 Configuring Local Port Mirroring

I. Configuration prerequisites

zThe source port is determined and the direction in which the packets are to be

mirrored is determined.

zThe destination port is determined.

II. Configuration procedure

Table 1-3 Configure local port mirroring

Operation Command Description

Enter system view system-view —

Create a port mirroring group mirroring-group

group-id local Required

In system

view

mirroring-group

group-id mirroring-port

mirroring-port-list { both

| inbound | outbound }

interface interface-type

interface-number

mirroring-group

group-id mirroring-port

{ both | inbound |

outbound }

Configure the

source port for the

port mirroring group In port view

quit

Use either

approach

You can configure

multiple source

ports at a time in

system view, or

you can configure

the source port in

specific port view.

The configurations

in the two views

have the same

effect.

In system

view

mirroring-group

group-id monitor-port

monitor-port-id

interface interface-type

interface-number

Configure the

destination port for

the port mirroring

group In port view mirroring-group

group-id monitor-port

Use either

approach

The configurations

in the two views

have the same

effect.

When configuring local port mirroring, note that:

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration

1-5

zYou need to configure the source and destination ports for the local port mirroring

to take effect.

zThe destination port cannot be a member port of an aggregation group or a port

enabled with LACP or STP.

1.2.2 Configuring Remote Port Mirroring

Note:

An S3100 series Ethernet switch can serve as a source switch, an intermediate switch,

or a destination switch in a remote port mirroring networking environment.

I. Configuration on a switch acting as a source switch

1) Configuration prerequisites

zThe source port, the reflector port, and the remote-probe VLAN are determined.

zLayer 2 connectivity is ensured between the source and destination switches over

the remote-probe VLAN.

zThe direction of the packets to be monitored is determined.

2) Configuration procedure

Table 1-4 Configuration on the source switch

Operation Command Description

Enter system view system-view —

Create a VLAN and

enter the VLAN view vlan vlan-id vlan-id is the ID of the

remote-probe VLAN.

Configure the current

VLAN as the

remote-probe VLAN remote-probe vlan enable Required

Return to system view quit —

Enter the view of the

Ethernet port that

connects to the

intermediate switch or

destination switch

interface interface-type

interface-number —

Configure the current

port as trunk port port link-type trunk Required

By default, the port type

is Access.

Configure the trunk port

to permit packets from

the remote-probe VLAN

port trunk permit vlan

remote-probe-vlan-id Required

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration

1-6

Operation Command Description

Return to system view quit —

Create a remote source

mirroring group mirroring-group group-id

remote-source Required

Configure source port(s)

for the remote source

mirroring group

mirroring-group group-id

mirroring-port

mirroring-port-list { both |

inbound | outbound }

Required

Configure the reflector

port for the remote

source mirroring group

mirroring-group group-id

reflector-port reflector-port Required

Configure the

remote-probe VLAN for

the remote source

mirroring group

mirroring-group group-id

remote-probe vlan

remote-probe-vlan-id Required

When configuring the source switch, note that:

zAll ports of a remote source mirroring group are on the same device. Each remote

source mirroring group can be configured with only one reflector port.

zThe reflector port cannot be a member port of an aggregation group, or a port

enabled with LACP or STP. It must be an access port and cannot be configured

with the functions like VLAN-VPN, port loopback detection, packet filtering, QoS,

port security, and so on.

zIt is recommended not to configure the VLAN mapping and the selective QinQ

function on the reflector port; otherwise, port mirroring may not function properly.

zYou cannot modify the duplex mode, port rate, and MDI attribute of a reflector port.

zOnly an existing static VLAN can be configured as the remote-probe VLAN. To

remove a remote-probe VLAN, you need to restore it to a normal VLAN first. A

remote port mirroring group gets invalid if the corresponding remote port mirroring

VLAN is removed.

zDo not configure a port connecting the intermediate switch ordestination switch as

the mirroring source port. Otherwise, traffic disorder may occur in the network.

II. Configuration on a switch acting as an intermediate switch

1) Configuration prerequisites

zThe trunk ports and the remote-probe VLAN are determined.

zLayer 2 connectivity is ensured between the source and destination switches over

the remote-probe VLAN.

2) Configuration procedure

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration

1-7

Table 1-5 Configuration on the intermediate switch

Operation Command Description

Enter system view system-view —

Create a VLAN and enter

VLAN view vlan vlan-id vlan-id is the ID of the

remote-probe VLAN.

Configure the current

VLAN as the

remote-probe VLAN

remote-probe vlan

enable Required

Return to system view quit —

Enter the view of the

Ethernet port connecting

to the source switch,

destination switch or

other intermediate switch

interface interface-type

interface-number —

Configure the current port

as trunk port port link-type trunk Required

By default, the port type is

Access.

Configure the trunk port to

permit packets from the

remote-probe VLAN

port trunk permit vlan

remote-probe-vlan-id Required

III. Configuration on a switch acting as a destination switch

1) Configuration prerequisites

zThe destination port and the remote-probe VLAN are determined.

zLayer 2 connectivity is ensured between the source and destination switches over

the remote-probe VLAN.

2) Configuration procedure

Table 1-6 Configure remote port mirroring on the destination switch

Operation Command Description

Enter system view system-view —

Create a VLAN and

enter VLAN view vlan vlan-id vlan-id is the ID of the

remote-probe VLAN.

Configure the current

VLAN as a

remote-probe VLAN remote-probe vlan enable Required

Return to system view quit —

Enter the view of the

Ethernet port connecting

to the source switch or

an intermediate switch

interface interface-type

interface-number —

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration

1-8

Operation Command Description

Configure the current

port as trunk port port link-type trunk Required

By default, the port type

is Access.

Configure trunk port to

permit packets from the

remote-probe VLAN

port trunk permit vlan

remote-probe-vlan-id Required

Return to system view quit —

Create a remote

destination mirroring

group

mirroring-group group-id

remote-destination Required

Configure the

destination port for the

remote destination

mirroring group

mirroring-group group-id

monitor-port monitor-port Required

Configure the

remote-probe VLAN for

the remote destination

mirroring group

mirroring-group group-id

remote-probe vlan

remote-probe-vlan-id Required

When configuring a destination switch, note that:

zThe destination port of remote port mirroring cannot be a member port of an

aggregation group, or a port enabled with LACP or STP.

zOnly an existing static VLAN can be configured as the remote-probe VLAN. To

remove a remote-probe VLAN, you need to restore it to a normal VLAN first. A

remote port mirroring group gets invalid if the corresponding remote port mirroring

VLAN is removed.

1.2.3 Displaying Port Mirroring

After the above configurations, you can execute the display commands in any view to

view the mirroring running information, so as to verify your configurations.

Table 1-7 Display configuration of mirroring

Operation Command Description

Display port mirroring

configuration

display mirroring-group

{ group-id | all | local |

remote-destination |

remote-source }

Available in any view

Operation Manual (For Soliton) – Mirroring

H3C S3100 Series Ethernet Switches Chapter 1 Mirroring Configuration

1-9

1.3 Mirroring Configuration Example

1.3.1 Local Port Mirroring Configuration Example

I. Network requirements

The departments of a company connect to each other through S3100 Ethernet

switches:

zResearch and Development (R&D) department is connected to Switch C through

Ethernet 1/0/1.

zMarketing department is connected to Switch C through Ethernet 1/0/2.

zData detection device is connected to Switch C through Ethernet 1/0/3

The administrator wants to monitor the packets received on and sent from the R&D

department and the marketing department through the data detection device.

Use the local port mirroring function to meet the requirement. Perform the following

configurations on Switch C.

zConfigure Ethernet 1/0/1 and Ethernet 1/0/2 as mirroring source ports.

zConfigure Ethernet 1/0/3 as the mirroring destination port.

II. Network diagram

Switch C

The R&D

department Switch A

Switch B

Eth1/0/2

Eth1/0/1

Eth1/0/3

The Marketing

department

Data detection device

Figure 1-3 Network diagram for local port mirroring

III. Configuration procedure

Configure Switch C:

# Create a local mirroring group.

<Sysname> system-view

[Sysname] mirroring-group 1 local

# Configure the source ports and destination port for the local mirroring group.

[Sysname] mirroring-group 1 mirroring-port Ethernet 1/0/1 Ethernet 1/0/2 both

Other manuals for S3100 Series

Table of contents

Other H3C Switch manuals

Popular Switch manuals by other brands

URC

URC Total Control MFS-8 installation manual

Azbil

Azbil HPQ-D11 user manual

Sony

Sony DFS-900M operating instructions

SICK

SICK i17S operating instructions

F&F

F&F SZR-277 quick start guide

Shure

Shure UAMS/BK user guide

Dräger

Dräger X-zone Switch Off Instructions for use

Asco

Asco Joucomatic 349 Series manual

BT Mini Hub user guide

D-Link

D-Link DES-1226G manual

Johnson Controls

Johnson Controls FS80-C installation instructions

MicroNet

MicroNet SP1200A user manual

Ruijie

Ruijie RG-PF2920 Series Hardware installation and reference guide

Altinex

Altinex DA1914SX user guide

RJM

RJM MASTERMIND PBC/6X user manual

Atlas

Atlas MMK-KVM8 owner's manual

Cabletron Systems

Cabletron Systems GIGAswitch GSR-16 Getting started guide

Cisco

Cisco Catalyst X4448 supplementary guide