H3C S9500 Series User manual

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Table of Contents

Table of Contents

Chapter 1 Port Mirroring Configuration......................................................................................1-1

1.1 Introduction to Port Mirroring.............................................................................................1-1

1.1.1 Types of Port Mirroring............................................................................................1-1

1.1.2 Implementing Port Mirroring....................................................................................1-2

1.2 Configuring Local Port Mirroring........................................................................................1-4

1.3 Configuring Remote Port Mirroring....................................................................................1-5

1.3.1 Configuring a Remote Source Mirroring Group (on the Source Device) ................1-5

1.3.2 Configuring a Remote Destination Mirroring Group (on the Destination Device).........1-7

1.4 Displaying and Maintaining Port Mirroring.........................................................................1-9

1.5 Port Mirroring Configuration Examples..............................................................................1-9

1.5.1 Local Port Mirroring Configuration Example...........................................................1-9

1.5.2 Remote Port Mirroring Configuration Example.....................................................1-10

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Chapter 1 Port Mirroring Configuration

1-1

Chapter 1 Port Mirroring Configuration

When configuring port mirroring, go to these sections for information you are interested

in:

zIntroduction to Port Mirroring

zConfiguring Local Port Mirroring

zConfiguring Remote Port Mirroring

zDisplaying and Maintaining Port Mirroring

zPort Mirroring Configuration Examples

1.1 Introduction to Port Mirroring

Port mirroring is to copy the packets passing through a port (called a mirroring port) to

another port (called the monitor port) connected with a monitoring device for packet

analysis, as shown in the following figure.

IP network

Mirroring port

Monitor port

Monitoring

device

Figure 1-1 Port mirroring implementation example

You can select to port-mirror inbound, outbound, or bidirectional traffic on a port as

needed.

1.1.1 Types of Port Mirroring

Port mirroring can be local or remote.

zIn local port mirroring, the mirroring port or ports and the monitor port are located

on the same device.

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Chapter 1 Port Mirroring Configuration

1-2

zIn remote port mirroring, the mirroring port or ports and the monitor port can be

located on the same device or different devices. When they are located on

different devices, there should be no Layer-3 network in between.

1.1.2 Implementing Port Mirroring

Port mirroring is implemented through port mirroring groups. There are three types of

mirroring groups: local, remote source, and remote destination.

The following subsections describe how local port mirroring and remote port mirroring

are implemented.

I. Local port mirroring

In local port mirroring, all packets passing through a port can be mirrored. Local port

mirroring is implemented through local mirroring groups.

As shown in Figure 1-2, packets on the mirroring port are mirrored to the monitor port

for the data monitoring device to analyze.

Figure 1-2 Local port mirroring implementation

II. Remote port mirroring

Remote port mirroring is implemented through the cooperation of a remote source

mirroring group and a remote destination mirroring group as shown in Figure 1-3.

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Chapter 1 Port Mirroring Configuration

1-3

Figure 1-3 Remote port mirroring implementation

Remote mirroring involves the following device roles:

zSource device

The source device is the device where the mirroring ports are located. On it, you must

create a remote source mirroring group to hold the mirroring ports.

The source device copies the packets passing through the mirroring ports, broadcasts

the packets through the reflector port in the remote probe VLAN.

zIntermediate device

Intermediate devices (if any) are devices located in between the source device and the

destination device.

An intermediate device forwards mirrored packets to the next intermediate device (if

any) or the destination device.

zDestination device

The destination device is the device where the monitor port is located. On it, you must

create the remote destination mirroring group.

When receiving a packet, the destination device compares the VLAN ID carried in the

packet with the ID of the probe VLAN configured in the remote destination mirroring

group. If they are the same, the device forwards the packet to the monitoring device

through the monitor port.

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Chapter 1 Port Mirroring Configuration

1-4

Note:

zThe S9500 series support inter-board mirroring, that is, the mirroring port(s) and the

monitor port can be located on different boards on the same device.

zA source device can be connected to its destination device directly without any

intermediate device.

zAs for the four Ten-GigabitEthernet ports (TE ports) on XP4B and XP4CA boards,

port mirroring can only be implemented between port 1 and 2 (for example,

Ten-GigabitEthernet 2/1/1 and Ten-GigabitEthernet 2/1/2), and between port 3 and

4 (for example, Ten-GigabitEthernet 2/1/3 and Ten-GigabitEthernet 2/1/4.)

Caution:

As port mirroring conflicts with STP, RSTP, and MSTP, do not enable STP, RSTP, or

MSTP on monitor ports.

1.2 Configuring Local Port Mirroring

Configuring local port mirroring is to configure local mirroring groups.

Alocal mirroring group comprises one or multiple mirroring ports and one monitor port.

These ports must not have been assigned to any other mirroring group.

Follow these steps to configure local port mirroring:

To do… Use the command… Remarks

Enter system view system-view —

Create a local mirroring

group mirroring-group groupid local Required

In system

view

mirroring-group groupid

mirroring-port

mirroring-port-list { inbound |

outbound | both }

interface interface-type

interface-number

[mirroring-group groupid ]

mirroring-port { inbound |

outbound | both }

Assign

ports to

the port

mirroring

group as

mirroring

ports

In Ethernet

interface

view

quit

Required

Use either approach.

In system view, you

can assign a list of

ports to the mirroring

group at a time.

In interface view, you

can assign only the

current port to the

mirroring group. To

monitor multiple

ports, repeat the

step.

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Chapter 1 Port Mirroring Configuration

1-5

To do… Use the command… Remarks

In system

view mirroring-group groupid

monitor-port monitor-port-id

interface interface-type

interface-number

Assign a

port to the

mirroring

group as

the

monitor

port

In Ethernet

interface

view [mirroring-group groupid ]

monitor-port

Required

Use either approach.

Note:

zAfter you configure a port as a monitor port, you are recommended not to use it for

any other purposes. This is to ensure that the data monitoring device receives only

the mirrored traffic rather than a mix of mirrored traffic and normally forwarded

traffic.

zTo have a local mirroring group take effect, you must configure a monitor port and at

least one mirroring ports in it.

1.3 Configuring Remote Port Mirroring

Configuring remote port mirroring is to configure remote mirroring groups. When doing

that, configure the remote source mirroring group on the source device and the

cooperating remote destination mirroring group on the destination device.

The two mirroring groups must be configured with the same remote probe VLAN. If

intermediate devices are involved, you must configure these devices to permit the

probe VLAN to pass through.

1.3.1 Configuring a Remote Source Mirroring Group (on the Source Device)

A remote source mirroring group comprises one or multiple mirroring ports, a remote

probe VLAN, and a reflector port. The ports and the probe VLAN must not have been

assigned to any other mirroring groups.

Follow these steps to configure a remote source port mirroring group on the source

device:

To do… Use the command… Remarks

Enter system view system-view —

Create a remote probe

VLAN vlan vlan-id Required

Return to system view quit —

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Chapter 1 Port Mirroring Configuration

1-6

To do… Use the command… Remarks

Create a remote source

mirroring group mirroring-group groupid

remote-source Required

In system

view

mirroring-group groupid

mirroring-port

mirroring-port-list { inbound |

outbound | both }

interface interface-type

interface-number

[ mirroring-group groupid ]

mirroring-port { inbound |

outbound | both }

Assign

ports to

the

mirroring

group as

mirroring

ports

In Ethernet

interface

view

quit

Required

Use either approach.

In system view, you

can assign a list of

ports to the mirroring

group at a time.

In interface view, you

can assign only the

current interface to

the mirroring group.

To monitor multiple

ports, repeat the step.

In system

view mirroring-group groupid

reflector-port reflector-port-id

interface interface-type

interface-number

mirroring-group groupid

reflector-port

Assign a

port to

the

mirroring

group as

the

reflector

port

In Ethernet

interface

view

quit

Required

Use either approach.

Configure the remote

probe VLAN for the

mirroring group

mirroring-group groupid

remote-probe vlan

rprobe-vlan-id Required

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Chapter 1 Port Mirroring Configuration

1-7

Note:

zTo ensure device performance, do not assign mirroring ports to a remote probe

VLAN.

zTo configure a port as a reflector port, you must ensure that its link type is access, it

belongs to the default VLAN (that is, VLAN 1), and it is neither a destination port for

traffic mirroring nor a member of any other port mirroring group.

zYou are recommended not to connect a network cable to a reflector port. On a

reflector port, you must disable these features: 802.1x, QinQ, port loopback, and

service loopback. To ensure normal operation of the device, you are recommended

to disable static ARP and MAC address learning on the reflector port as well.

zThe outgoing port for a mirrored packet must not be the same as the reflector port.

zYou are recommended to use a remote probe VLAN for port mirroring only.

zOnly existing static VLANs can be configured as remote probe VLANs. To remove

the VLAN operating as a remote probe VLAN, you need to remove the VLAN from

the remote mirroring group first with the undo mirroring-group remote-probe vlan

command. Removing the probe VLAN can invalidate the remote source mirroring

group.

zTo ensure the functionality of remote port mirroring, disable MAC address learning

in a remote probe VLAN on the intermediate devices, if any.

zEnsure that the mirrored packets leave the source device with the tag of the remote

probe VLAN.

1.3.2 Configuring a Remote Destination Mirroring Group (on the Destination

Device)

A remote destination mirroring group comprises a remote probe VLAN and a monitor

port. The port and the probe VLAN must not have been assigned to any other mirroring

groups. In addition, you must ensure that the remote probe VLAN is the same as the

one configured in the remote source mirroring group.

Follow these steps to configure a remote destination port mirroring group on the

destination device:

To do… Use the command… Remarks

Enter system view system-view —

Create a VLAN and enter

the VLAN view vlan vlan-id Required

Disable MAC address

learning in the VLAN by

assigning 0 to the count

argument

mac-address

max-mac-count count Required

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Chapter 1 Port Mirroring Configuration

1-8

To do… Use the command… Remarks

Return to system view quit —

Create a remote

destination port mirroring

group

mirroring-group groupid

remote-destination Required

Assign the VLAN you

created to the port

mirroring group

mirroring-group groupid

remote-probe vlan

rprobe-vlan-id Required

In system

view mirroring-group groupid

monitor-port monitor-port-id

interface interface-type

interface-number

[mirroring-group groupid ]

monitor-port

Assign a

port to the

port

mirroring

group as

the

monitor

port

In Ethernet

interface

view

quit

Required

Use either approach.

In Ethernet interface

view, if no destination

mirroring group is

specified, group 1 is

used by default.

Enter the interface view of

the monitor port interface interface-type

interface-number —

If the port is

an access

port

port access vlan

rprobe-vlan-id

If the port is a

trunk port port trunk permit vlan

rprobe-vlan-id

Assign the

monitor

port to the

remote

probe

VLAN If the port is a

hybrid port

port hybrid vlan

rprobe-vlan-id { tagged |

untagged }

Required

Use one of the

commands

depending on the link

type of the monitor

port.

Note:

zAfter you configure a port as a monitor port, you are recommended not to use it for

any other purposes. This is to ensure that the data monitoring device receives only

the mirrored traffic rather than a mix of mirrored traffic and normally forwarded

traffic.

zOnly existing static VLANs can be configured as remote probe VLANs. To remove

the VLAN operating as a remote probe VLAN, you need to remove the VLAN from

the remote mirroring group first with the undo mirroring-group remote-probe vlan

command. Removing the probe VLAN can invalidate the remote source mirroring

group.

zYou are recommended to use a remote probe VLAN for port mirroring only.

zTo ensure the functionality of remote port mirroring, disable MAC address learning

in the remote probe VLAN on the source, intermediate, and destination devices.

Operation Manual – Port Mirroring

H3C S9500 Series Routing Switches Chapter 1 Port Mirroring Configuration

1-9

1.4 Displaying and Maintaining Port Mirroring

To do… Use the command… Remarks

Display the configuration

of port mirroring groups

display mirroring-group

{ groupid |local |remote-source

|remote-destination | all }

Available in any

view

1.5 Port Mirroring Configuration Examples

1.5.1 Local Port Mirroring Configuration Example

I. Network requirements

On a network shown in Figure 1-4,

zHost A is connected to port Ethernet 1/1/1 of Switch C through Switch A.

zHost B is connected to port Ethernet 1/1/2 of Switch C through Switch B.

zA data monitoring server is connected to port Ethernet 1/1/3 of Switch C.

To monitor the packets of Host A and Host B on the server, you can configure a local

port mirroring group on Switch C by:

zConfiguring ports Ethernet 1/1/1 and Ethernet 1/1/2 as mirroring ports.

zConfiguring port Ethernet 1/1/3 as the monitor port.

II. Network diagram

Switch A

Switch B

Switch C Server

Eth1/1/1

Eth1/1/2

Eth1/1/3

Host A

Host B

Figure 1-4 Network diagram for local port mirroring configuration

III. Configuration procedure

1) Configure Switch C.

# Enter system view.

<Sysname> system-view

Other manuals for S9500 Series

Table of contents

Popular Switch manuals by other brands

URC

URC Total Control MFS-8 installation manual

Azbil

Azbil HPQ-D11 user manual

Sony

Sony DFS-900M operating instructions

SICK

SICK i17S operating instructions

F&F

F&F SZR-277 quick start guide

Shure

Shure UAMS/BK user guide

Dräger

Dräger X-zone Switch Off Instructions for use

Asco

Asco Joucomatic 349 Series manual

BT Mini Hub user guide

D-Link

D-Link DES-1226G manual

Johnson Controls

Johnson Controls FS80-C installation instructions

MicroNet

MicroNet SP1200A user manual

Ruijie

Ruijie RG-PF2920 Series Hardware installation and reference guide

Altinex

Altinex DA1914SX user guide

RJM

RJM MASTERMIND PBC/6X user manual

Atlas

Atlas MMK-KVM8 owner's manual

Cabletron Systems

Cabletron Systems GIGAswitch GSR-16 Getting started guide

Cisco

Cisco Catalyst X4448 supplementary guide