No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
S12700 and S12700E Series Agile Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Remote MAC Address Mirroring

Example for Configuring Remote MAC Address Mirroring

Remote MAC Address Mirroring Overview

In remote MAC address mirroring, an observing port is connected to a monitoring device through an intermediate network and forwards the packets with a specified MAC address to the monitoring device through the intermediate network.

Configuration Notes

  • You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.

  • If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.

  • MAC address mirroring applies only to inbound packets.

  • Modular switches running V200R019C10 and later versions support this function.

Networking Requirements

As shown in Figure 16-20, all the hosts of a company access the Internet through SwitchA and belong to VLAN 10. The monitoring device Server is connected to SwitchA through SwitchB.

Internet access traffic of the host with a MAC address 0001-0001-0001 needs to be remotely monitored through the Server.

Figure 16-20 Remote MAC address mirroring networking

Configuration Roadmap

  1. Create VLAN 10 on SwitchA and add the ports that connect SwitchA to hosts to VLAN 10 so that the hosts can communicate with SwitchA at Layer 2.
  2. Create VLAN 20 on SwitchB, disable MAC address learning in this VLAN, and add the ports that connect SwitchB to SwitchA and the Server to VLAN 20 so that SwitchB can communicate with SwitchA and the Server at Layer 2.
  3. Configure GE0/0/4 of SwitchA as a remote observing port to forward mirrored packets to VLAN 20.
  4. Configure MAC address mirroring in VLAN 10 to copy Internet access traffic of the host with a specified MAC address in VLAN 10 to the remote observing port.

Procedure

  1. Add ports to VLANs.

    # Create VLAN 10 on SwitchA and add GE0/0/1 through GE0/0/3 to VLAN 10.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [SwitchA] vlan batch 10
    [SwitchA] interface gigabitethernet 0/0/1
    [SwitchA-GigabitEthernet0/0/1] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
    [SwitchA-GigabitEthernet0/0/1] port default vlan 10
    [SwitchA-GigabitEthernet0/0/1] quit
    [SwitchA] interface gigabitethernet 0/0/2
    [SwitchA-GigabitEthernet0/0/2] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
    [SwitchA-GigabitEthernet0/0/2] port default vlan 10
    [SwitchA-GigabitEthernet0/0/2] quit
    [SwitchA] interface gigabitethernet 0/0/3
    [SwitchA-GigabitEthernet0/0/3] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
    [SwitchA-GigabitEthernet0/0/3] port default vlan 10
    [SwitchA-GigabitEthernet0/0/3] quit

    # Create VLAN 20 on SwitchB, disable MAC address learning in this VLAN, and add GE0/0/1 and GE0/0/4 to VLAN 20.

    Here, VLAN 20 is used for forwarding only mirrored packets. If VLAN 20 already exists and has learned MAC address entries, run the undo mac-address vlan vlan-id command in the system view to delete all MAC address entries in VLAN 20.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchB
    [SwitchB] vlan 20
    [SwitchB-vlan20] mac-address learning disable     //Disable MAC address learning in this VLAN.
    [SwitchB-vlan20] quit
    [SwitchB] interface gigabitethernet 0/0/1
    [SwitchB-GigabitEthernet0/0/1] port link-type access     //Set the link type of the interface on the monitoring device to access. The default link type of interfaces is not access.
    [SwitchB-GigabitEthernet0/0/1] port default vlan 20
    [SwitchB-GigabitEthernet0/0/1] quit
    [SwitchB] interface gigabitethernet 0/0/4
    [SwitchB-GigabitEthernet0/0/4] port link-type trunk
    [SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 20     //Set the link type of the interface on the network side to trunk. The default link type of interfaces is not trunk.
    [SwitchB-GigabitEthernet0/0/4] return

  2. Configure an observing port.

    # Configure GE0/0/4 of SwitchA as a remote observing port.

    [SwitchA] observe-port 1 interface gigabitethernet 0/0/4 vlan 20     //Configure GE0/0/4 as Layer 2 remote observing port 1, and add it to VLAN 20.

    After the configuration is complete, the observing port forwards mirrored packets to VLAN 20 removing the need to add the observing port to the VLAN.

  3. Configure MAC address mirroring.

    # On SwitchA, configure MAC address mirroring in VLAN 10 and copy the packets that are received by all the ports in VLAN 10 and contain a MAC address 0001-0001-0001 to the remote observing port.

    [SwitchA] vlan 10
    [SwitchA-vlan10] mac-mirroring 0001-0001-0001 to observe-port 1 inbound     //Mirror incoming packets with the MAC address 0001-0001-0001 on all the interfaces in VLAN 10 to observing port 1.
    [SwitchA-vlan10] return

  4. Verify the configuration.

    # Check the observing port configuration.

    <SwitchA> display observe-port
      ----------------------------------------------------------------------
      Index          : 1
      Untag-packet   : No
      Interface      : GigabitEthernet0/0/4
      Vlan           : 20
      ----------------------------------------------------------------------

    # Check the mirroring configuration.

    <Switch> display port-mirroring
      ----------------------------------------------------------------------
      Observe-port 1 : GigabitEthernet0/0/4
      ---------------------------------------------------------------------- 
      Mac-mirror:
      ----------------------------------------------------------------------
      Mirror-mac       Vlan    Direction     Observe-port
      ----------------------------------------------------------------------
      0001-0001-0001   10      Inbound       Observe-port 1
      ----------------------------------------------------------------------

Configuration Files

  • Configuration file of SwitchA

    #
    sysname SwitchA
    #
    vlan batch 10
    #
    observe-port 1 interface GigabitEthernet0/0/4 vlan 20
    #
    vlan 10
     mac-mirroring 0001-0001-0001 to observe-port 1 inbound
    #
    interface GigabitEthernet0/0/1
     port link-type access
     port default vlan 10
    #
    interface GigabitEthernet0/0/2
     port link-type access
     port default vlan 10
    #
    interface GigabitEthernet0/0/3
     port link-type access
     port default vlan 10
    #
    return
  • Configuration file of SwitchB

    #
    sysname SwitchB
    #
    vlan batch 20
    #
    vlan 20
     mac-address learning disable
    #
    interface GigabitEthernet0/0/1
     port link-type access
     port default vlan 20
    #
    interface GigabitEthernet0/0/4
     port link-type trunk
     port trunk allow-pass vlan 20
    #
    return
Download
Updated: 2020-02-18

Document ID: EDOC1000069466

Views: 341323

Downloads: 2191

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next