Typical Mirroring Configuration

S300, S500, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples(V100 and V200)

This document provides campus networks typical configuration examples and feature typical configuration examples. "Campus Networks Typical Configuration Examples" provides typical campus network networking modes and a variety of deployment examples."Feature Typical Configuration Examples" provides typical configuration examples of a single feature on a switch. You can configure required features after deploying a campus network.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Typical Mirroring Configuration

Example for Configuring Local Port Mirroring (1:1 Mirroring)
Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured One by One)
Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured in a Group)
Example for Configuring Local Port Mirroring (N:1 Mirroring)
Example for Configuring Local Port Mirroring (M:N Mirroring)
Example for Configuring Layer 2 Remote Port Mirroring
Example for Configuring MQC-based Local Traffic Mirroring
Example for Configuring ACL-based Local Traffic Mirroring
Example for Configuring MQC-based Remote Traffic Mirroring
Example for Configuring ACL-based Remote Traffic Mirroring
Example for Configuring Local VLAN Mirroring
Example for Configuring Remote VLAN Mirroring
Example for Configuring Local MAC Address Mirroring
Example for Configuring Remote MAC Address Mirroring

Example for Configuring Local Port Mirroring (1:1 Mirroring)

Local Port Mirroring Overview

In local port mirroring, an observing port is directly connected to a monitoring device and directly forwards the packets copied from a mirrored port to the monitoring device for fault location and service monitoring.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
This configuration example applies to all switches running all versions.

Networking Requirements

As shown in Figure 3-275, the administrative department of a company accesses the Internet through the Switch, and the monitoring device Server is directly connected to the Switch.

Internet access traffic of the administrative department needs to be monitored through the Server.

Figure 3-275 Networking of local port mirroring

Configuration Roadmap

Configure GE1/0/2 of the Switch as a local observing port to forward mirrored packets to the Server.
Configure GE1/0/1 of the Switch as a mirrored port to copy Internet access traffic of the administrative department to the local observing port.

Procedure

Configure an observing port.

# Configure GE1/0/2 of the Switch as a local observing port.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] observe-port 1 interface gigabitethernet 1/0/2     //Configure GE1/0/2 as a local observing port 1.

Configure a mirrored port.

# Configure GE1/0/1 of the Switch as a mirrored port to copy the packets received by the mirrored port to the local observing port.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port-mirroring to observe-port 1 inbound     //Mirror incoming packets on GE1/0/1 to observing port 1.
[Switch-GigabitEthernet1/0/1] return

Verify the configuration.

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/2
  ----------------------------------------------------------------------

# Check the mirrored port configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/2
  ----------------------------------------------------------------------
  Port-mirror:
  ----------------------------------------------------------------------
       Mirror-port               Direction  Observe-port
  ----------------------------------------------------------------------
  1    GigabitEthernet1/0/1      Inbound    Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
observe-port 1 interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/1
 port-mirroring to observe-port 1 inbound
#
return

Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured One by One)

1:N Mirroring Overview

In 1:N mirroring, packets on one mirrored port are copied to N observing ports so that the packets can be copied to different monitoring devices for analysis and processing.

In 1:N mirroring, multiple observing ports need to be configured and connected to different monitoring devices. There are two modes for configuring observing ports: configure a single observing port and configure an observing port group. Observing port group is often used in 1:N mirroring to simplify the configuration and save observing port indexes. This is because an observing port group occupies only one observing port index regardless of how many ports are configured in the group.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
This example applies to the following products and versions:
- Modular switches: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S5700-HI: V200R005(C00SPC500&C01&C02)
- S5710-EI: V200R005(C00&C02)
- S5710-HI: V200R005(C00&C02&C03)
- S6700-EI: V200R005(C00&C01)
- S5720-EI, S2730S-S, S5735-L-I, S5735-L1, S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5735-S, S500, S5735S-S, S5735-S-I, S6720-EI, S6720S-EI: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
For the S7700, versions earlier than V200R005 support 1:N mirroring in the inbound direction; however, the system supports a maximum of 1:2 mirroring and FC and SA series cards do not support 1:N mirroring. In V200R005 and later versions, SA series cards (except the ES0D0X12SA00 and ES0D0X12SA01 cards) do not support 1:N mirroring, X series cards do not support 1:N mirroring in which observing ports are configured one by one, and other cards support 1:N mirroring in the inbound and outbound directions.
For the S9700, versions earlier than V200R005 support 1:N mirroring in the inbound direction; however, the system supports a maximum of 1:2 mirroring and FC and SA series cards do not support 1:N mirroring. In V200R005 and later versions, SA series cards (except EH1D2X12SSA0 card and ET1D2X12SSA0 card) do not support 1:N mirroring, X series cards do not support 1:N mirroring in which observing ports are configured one by one, and other cards support 1:N mirroring in the inbound and outbound directions.

Networking Requirements

As shown in Figure 3-276, the R&D department of a company accesses the Internet through the Switch, and monitoring devices Server1, Server2, and Server3 are directly connected to the Switch.

Internet access traffic of the R&D department needs to be mirrored to different servers for different monitoring and analysis purposes.

Figure 3-276 Local port mirroring networking

Configuration Roadmap

Configure GE1/0/2 through GE1/0/4 of the Switch as local observing ports to forward mirrored packets to different servers.
Configure GE1/0/1 of the Switch as a mirrored port to copy the traffic passing through it to different local observing ports.

Procedure

Configure observing ports.

# Configure GE1/0/2 through GE1/0/4 of the Switch as local observing ports one by one.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] observe-port 1 interface gigabitethernet 1/0/2     //Configure GE1/0/2 as a local observing port with the index 1.
[Switch] observe-port 2 interface gigabitethernet 1/0/3     //Configure GE1/0/3 as a local observing port with the index 2.
[Switch] observe-port 3 interface gigabitethernet 1/0/4     //Configure GE1/0/4 as a local observing port 3.

Configure a mirrored port.

# Configure GE1/0/1 of the Switch as a mirrored port to copy the packets received by the mirrored port to local observing ports.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port-mirroring to observe-port 1 inbound     //Mirror incoming traffic on GE1/0/1 to observing port 1.
[Switch-GigabitEthernet1/0/1] port-mirroring to observe-port 2 inbound     //Mirror incoming traffic on GE1/0/1 to observing port 2.
[Switch-GigabitEthernet1/0/1] port-mirroring to observe-port 3 inbound
[Switch-GigabitEthernet1/0/1] return     //Mirror incoming traffic on GE1/0/1 to observing port 3.

Verify the configuration.

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/2
  ----------------------------------------------------------------------
  Index          : 2
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/3
  ----------------------------------------------------------------------
  Index          : 3
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/4
  ----------------------------------------------------------------------

# Check the mirrored port configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/2
  Observe-port 2 : GigabitEthernet1/0/3
  Observe-port 3 : GigabitEthernet1/0/4
  ----------------------------------------------------------------------
  Port-mirror:
  ----------------------------------------------------------------------
       Mirror-port               Direction  Observe-port
  ----------------------------------------------------------------------
  1    GigabitEthernet1/0/1      Inbound    Observe-port 1
  2    GigabitEthernet1/0/1      Inbound    Observe-port 2
  3    GigabitEthernet1/0/1      Inbound    Observe-port 3
  ----------------------------------------------------------------------

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
observe-port 1 interface GigabitEthernet1/0/2
observe-port 2 interface GigabitEthernet1/0/3
observe-port 3 interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/1
 port-mirroring to observe-port 1 inbound
 port-mirroring to observe-port 2 inbound
 port-mirroring to observe-port 3 inbound
#
return

Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured in a Group)

1:N Mirroring Overview

In 1:N mirroring, packets on one mirrored port are copied to N observing ports so that the packets can be copied to different monitoring devices for analysis and processing.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
In 1:N mirroring, if you batch configure either inbound or outbound packets to be copied from a mirrored port to multiple observing ports, the packets cannot be copied to other observing ports.
This example applies to the following products and versions:
- Modular switches: V200R005C00 and later versions
- S5700-HI: V200R005(C00SPC500&C01&C02)
- S5710-EI: V200R005(C00&C02)
- S5710-HI: V200R005(C00&C02&C03)
- S6700-EI: V200R005(C00&C01)
- S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-S, S5731S-H, S5732-H, S6720-EI, S6720S-EI, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
For the S7700, SA series cards (except the ES0D0X12SA00 and ES0D0X12SA01 cards) on the S7700 and SA series cards (except EH1D2X12SSA0 card and ET1D2X12SSA0 card) on the S9700 do not support 1:N mirroring.

Networking Requirements

As shown in Figure 3-277, the R&D department of a company accesses the Internet through the Switch, and monitoring devices Server1, Server2, and Server3 are directly connected to the Switch.

Internet access traffic of the R&D department needs to be mirrored to different servers for different monitoring and analysis purposes.

Figure 3-277 Local port mirroring networking

Configuration Roadmap

Configure GE1/0/2 through GE1/0/4 of the Switch as local observing ports to forward mirrored packets to different servers.
Configure GE1/0/1 of the Switch as a mirrored port to copy the traffic passing through it to different local observing ports.

Procedure

Configure observing ports.

# Configure GE1/0/2 through GE1/0/4 of the Switch as local observing ports in a batch.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] observe-port 1 interface-range gigabitethernet 1/0/2 to gigabitethernet 1/0/4     //Configure GE1/0/2 through GE1/0/4 as local observing ports in a batch and share the same observing port 1.

Configure a mirrored port.

# Configure GE1/0/1 of the Switch as a mirrored port to copy the packets received by the mirrored port to local observing ports.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port-mirroring to observe-port 1 inbound     //Mirror incoming traffic on GE1/0/1 to observing port 1.
[Switch-GigabitEthernet1/0/1] return

Verify the configuration.

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface-range: GigabitEthernet1/0/2 to GigabitEthernet1/0/4
  ----------------------------------------------------------------------

# Check the mirrored port configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/2 to GigabitEthernet1/0/4
  ----------------------------------------------------------------------
  Port-mirror:
  ----------------------------------------------------------------------
       Mirror-port               Direction  Observe-port
  ----------------------------------------------------------------------
  1    GigabitEthernet1/0/1      Inbound    Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
observe-port 1 interface-range GigabitEthernet1/0/2 to GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/1
 port-mirroring to observe-port 1 inbound
#
return

To view detailed information about software mappings, visit Info-Finder, select a product series or product model, and click Hardware Center.

Example for Configuring Local Port Mirroring (N:1 Mirroring)

N:1 Mirroring Overview

In N:1 mirroring, packets on N mirrored ports are copied to one observing port so that packets on different ports can be copied to the same monitoring device for analysis.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
This configuration example applies to all switches running all versions.

Networking Requirements

As shown in Figure 3-278, three departments (science and technology department 1, science and technology department 2, and administrative department) of a company access the Internet through the Switch, and the monitoring device Server is directly connected to the Switch.

Internet access traffic of the three departments needs to be monitored through the Server.

Figure 3-278 Local port mirroring networking

Configuration Roadmap

Configure GE1/0/4 of the Switch as a local observing port to forward mirrored packets to the Server.
Configure GE1/0/1 through GE1/0/3 of the Switch as mirrored ports to copy Internet access traffic of the three departments to the local observing port.

Procedure

Configure an observing port.

# Configure GE1/0/4 of the Switch as a local observing port.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] observe-port 1 interface gigabitethernet 1/0/4     //Configure GE1/0/4 as a local observing port 1.

Configure mirrored ports.

# Configure GE1/0/1 through GE1/0/3 of the Switch as mirrored ports to copy the packets received by the mirrored ports to the local observing port.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port-mirroring to observe-port 1 inbound     //Mirror incoming traffic on GE1/0/1 to observing port 1.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port-mirroring to observe-port 1 inbound     //Mirror incoming traffic on GE1/0/2 to observing port 1.
[Switch-GigabitEthernet1/0/2] quit
[Switch] interface gigabitethernet 1/0/3
[Switch-GigabitEthernet1/0/3] port-mirroring to observe-port 1 inbound     //Mirror incoming traffic on GE1/0/3 to observing port 1.
[Switch-GigabitEthernet1/0/3] return

Verify the configuration.

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/4
  ----------------------------------------------------------------------

# Check the mirrored port configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/4
  ----------------------------------------------------------------------
  Port-mirror:
  ----------------------------------------------------------------------
       Mirror-port               Direction  Observe-port
  ----------------------------------------------------------------------
  1    GigabitEthernet1/0/1      Inbound    Observe-port 1
  2    GigabitEthernet1/0/2      Inbound    Observe-port 1
  3    GigabitEthernet1/0/3      Inbound    Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
observe-port 1 interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/1
 port-mirroring to observe-port 1 inbound
#
interface GigabitEthernet1/0/2
 port-mirroring to observe-port 1 inbound
#
interface GigabitEthernet1/0/3
 port-mirroring to observe-port 1 inbound
#
return

Example for Configuring Local Port Mirroring (M:N Mirroring)

M:N Mirroring Overview

In M:N mirroring, packets on M mirrored ports are copied to N observing ports so that packets on multiple ports can be copied to different monitoring devices for analysis and processing.

An M:N mirroring rule is equivalent to multiple 1:N mirroring rules and also requires multiple observing ports to be configured and connected to different monitoring devices. There are two modes for configuring observing ports: configure a single observing port and configure an observing port group. Observing port group is often used in 1:N mirroring to simplify the configuration and save observing port indexes. This is because an observing port group occupies only one observing port index regardless of how many ports are configured in the group.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
In M:N mirroring, if you batch configure either inbound or outbound packets to be copied from a mirrored port to multiple observing ports, the packets cannot be copied to other observing ports.
In this configuration example, observing ports are configured in a batch, so applicable products and versions of this example are the same as Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured in a Group). If observing ports are configured one by one, applicable products and versions of the configuration example are the same as Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured One by One).

Networking Requirements

As shown in Figure 3-279, three departments (R&D department 1, R&D department 2, and Marketing department) of a company access the Internet through the Switch, and monitoring devices Server1 and Server2 are directly connected to the Switch.

Internet access traffic of the three departments needs to be mirrored to different servers for different monitoring and analysis purposes.

Figure 3-279 Local port mirroring networking

Configuration Roadmap

Configure GE1/0/4 and GE1/0/5 of the Switch as local observing ports to forward mirrored packets to different servers.
Configure GE1/0/1 through GE1/0/3 of the Switch as mirrored ports to copy the traffic passing through the mirrored ports to different local observing ports.

Procedure

Configure observing ports.

# Configure GE1/0/4 and GE1/0/5 of the Switch as local observing ports in a batch.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] observe-port 1 interface-range gigabitethernet 1/0/4 gigabitethernet 1/0/5     //Configure GE1/0/4 and GE1/0/5 as local observing ports in a batch and share observing port 1.

Configure mirrored ports.

# Configure GE1/0/1 through GE1/0/3 of the Switch as mirrored ports to copy the packets received by the mirrored ports to different local observing ports.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] port-mirroring to observe-port 1 inbound     //Mirror incoming traffic on GE1/0/1 to observing port 1.
[Switch-GigabitEthernet1/0/1] quit
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] port-mirroring to observe-port 1 inbound     //Mirror incoming traffic on GE1/0/2 to observing port 1.
[Switch-GigabitEthernet1/0/2] quit
[Switch] interface gigabitethernet 1/0/3
[Switch-GigabitEthernet1/0/3] port-mirroring to observe-port 1 inbound     //Mirror incoming traffic on GE1/0/3 to observing port 1.
[Switch-GigabitEthernet1/0/3] return

Verify the configuration.

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface-range: GigabitEthernet1/0/4 to GigabitEthernet1/0/5
  ----------------------------------------------------------------------

# Check the mirrored port configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/4 to GigabitEthernet1/0/5
  ----------------------------------------------------------------------
  Port-mirror:
  ----------------------------------------------------------------------
       Mirror-port               Direction  Observe-port
  ----------------------------------------------------------------------
  1    GigabitEthernet1/0/1      Inbound    Observe-port 1
  2    GigabitEthernet1/0/2      Inbound    Observe-port 1
  3    GigabitEthernet1/0/3      Inbound    Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
observe-port 1 interface-range GigabitEthernet1/0/4 to GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/1
 port-mirroring to observe-port 1 inbound
#
interface GigabitEthernet1/0/2
 port-mirroring to observe-port 1 inbound
#
interface GigabitEthernet1/0/3
 port-mirroring to observe-port 1 inbound
#
return

Example for Configuring Layer 2 Remote Port Mirroring

Layer 2 Remote Port Mirroring Overview

In Layer 2 remote port mirroring, an observing port is connected to a monitoring device through a Layer 2 network. After the observing port receives mirrored packets from a mirrored port, the observing port adds a VLAN tag corresponding to the Layer 2 network to the packets and forwards the packets to the Layer 2 network. An intermediate Layer 2 device then sends the packets to the monitoring device.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
The vlan vlan-id parameter will be specified during the configuration of a Layer 2 remote observing port, indicating that the Layer 2 remote observing port can send mirrored packets to the monitoring device through the specified VLAN. In this situation, the Layer 2 remote observing port does not need to be added to the specified VLAN.
All Huawei switch models except S2700-SI and S2710-SI running V100R006C05 support Layer 2 remote port mirroring.

Networking Requirements

As shown in Figure 3-280, the administrative department of a company accesses the Internet through SwitchA, and the monitoring device Server is connected to SwitchA through SwitchB.

Internet access traffic of the administrative department needs to be monitored through the Server.

Figure 3-280 Layer 2 remote port mirroring networking

Configuration Roadmap

Configure GE1/0/2 of SwitchA as a Layer 2 remote observing port to forward mirrored packets to the specified VLAN.
Configure GE1/0/1 of SwitchA as a mirrored port to copy Internet access traffic of the administrative department to the Layer 2 remote observing port.
Create a VLAN on SwitchB, disable MAC address learning in this VLAN, and add ports to the VLAN to forward the mirrored packets sent from the observing port to the Server.

Procedure

Configure an observing port on SwitchA.
# Configure GE1/0/2 of SwitchA as a Layer 2 remote observing port and bind the observing port to VLAN 10.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] observe-port 1 interface gigabitethernet 1/0/2 vlan 10     //Configure GE1/0/2 as Layer 2 remote observing port 1, and add it to VLAN 10.
```
After the configuration is complete, the observing port forwards mirrored packets to VLAN 10 removing the need to add the observing port to the VLAN.

Configure a mirrored port on SwitchA.

# Configure GE1/0/1 of SwitchA as a mirrored port to copy the packets received by the mirrored port to the Layer 2 remote observing port.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port-mirroring to observe-port 1 inbound     //Mirror incoming traffic on GE1/0/1 to observing port 1.
[SwitchA-GigabitEthernet1/0/1] return

Create a VLAN on SwitchB and add ports to the VLAN.

# Create VLAN 10 on SwitchB, disable MAC address learning in this VLAN, and add GE1/0/1 and GE1/0/2 to VLAN 10.

Here, VLAN 10 is used for forwarding only mirrored packets. If VLAN 10 already exists and has learned MAC address entries, run the undo mac-address vlan vlan-id command in the system view to delete all MAC address entries in VLAN 10.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan 10
[SwitchB-vlan10] mac-address learning disable     //Disable MAC address learning in this VLAN.
[SwitchB-vlan10] quit
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type access     //Set the link type of the interface on the monitoring device to access. The default link type of interfaces is not access.
[SwitchB-GigabitEthernet1/0/1] port default vlan 10
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk     //Set the link type of the interface on the network side to trunk. The default link type of interfaces is not trunk.
[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet1/0/2] return

Verify the configuration.

# Check the observing port configuration.

<SwitchA> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/2
  Vlan           : 10
  ----------------------------------------------------------------------

# Check the mirrored port configuration.

<SwitchA> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/2
  ----------------------------------------------------------------------
  Port-mirror:
  ----------------------------------------------------------------------
       Mirror-port               Direction  Observe-port
  ----------------------------------------------------------------------
  1    GigabitEthernet1/0/1      Inbound    Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of SwitchA

#
sysname SwitchA
#
observe-port 1 interface GigabitEthernet1/0/2 vlan 10
#
interface GigabitEthernet1/0/1
 port-mirroring to observe-port 1 inbound
#
return

Configuration file of SwitchB

#
sysname SwitchB
#
vlan batch 10
#
vlan 10
 mac-address learning disable
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
return

Example for Configuring MQC-based Local Traffic Mirroring

Local Traffic Mirroring Overview

In local traffic mirroring, service traffic matching configured rules is copied to an observing port that is directly connected to a monitoring device for analysis and monitoring.

You can configure traffic mirroring using Modular QoS Command-Line Interface (MQC) and ACL. MQC-based traffic mirroring is complex to configure but supports more matching rules and can be applied to both the inbound and outbound directions. ACL-based traffic mirroring is easy to configure but supports fewer matching rules than MQC-based traffic mirroring.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
This example applies to the following products and versions:
- Modular switches: Both inbound and outbound traffic mirroring are supported. For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S2700-52P-EI, S2700-52P-PWR-EI, S2710-SI, S2720-EI, S2750-EI, S3700-SI, S3700-EI, S3700-HI, S5700-LI, S5700S-LI, S5710-C-LI, S5710-X-LI, S5700-SI, S5720-LI, S5720S-LI, S5720-SI, S5720S-SI, S5720I-SI, S5730-SI, S5730S-EI, S2730S-S, S5735-L-I, S5735-L1, S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5735-S, S500, S5735S-S, S6720-LI, S6720S-LI, S6720-SI, S6720S-SI, S5735-S-I, S5735S-H, S5736-S: Only inbound traffic mirroring is supported. For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S5700-EI, S5710-EI, S5700-HI, S5710-HI, S6700-EI: Outbound traffic mirroring is supported since V200R005. For applicable versions about inbound traffic mirroring, see Table 3-1 in the section "Applicable Products and Versions."
- S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-S, S5731S-H, S5732-H, S6720-EI, S6720S-EI, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S: Both inbound and outbound traffic mirroring are supported. For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."

Networking Requirements

As shown in Figure 3-281, the science and technology department and administrative department of a company use 10.1.1.0/24 and 10.1.2.0/24 respectively to access the Internet or communicate with each other through the Switch. The monitoring device Server is directly connected to the Switch.

The following traffic of the science and technology department needs to be monitored through the Server:

Internet access traffic
Traffic sent to the administrative department
Figure 3-281 Local traffic mirroring networking

Configuration Roadmap

Configure GE1/0/2 of the Switch as a local observing port to forward mirrored packets to the Server.
Configure a traffic classifier on the Switch to match Internet access traffic and traffic sent to the administrative department, and configure a traffic behavior to mirror traffic to a local observing port.
Configure a traffic policy on the Switch, bind the traffic classifier and traffic behavior to the traffic policy, and apply the traffic policy to GE1/0/1.

Procedure

Configure an observing port.

# Configure GE1/0/2 of the Switch as a local observing port.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] observe-port 1 interface gigabitethernet 1/0/2     //Configure GE1/0/2 as a local observing port 1.

Configure a traffic classifier.

# Create a traffic classifier c1 on the Switch, and configure rules to match two types of traffic: traffic with source network segment 10.1.1.0/24 and destination TCP port number WWW and traffic with source network segment 10.1.1.0/24 and destination network segment 10.1.2.0/24.

[Switch] acl number 3000     //Create ACL 3000 to allow the packets with source network segment 10.1.1.0/24 and destination TCP port number WWW to pass through.
[Switch-acl-adv-3000] rule permit tcp source 10.1.1.0 0.0.0.255 destination-port eq www
[Switch-acl-adv-3000] quit
[Switch] acl number 3001     //Create ACL 3001 to allow the packets with source network segment 10.1.1.0/24 and destination network segment 10.1.2.0/24 to pass through.
[Switch-acl-adv-3001] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
[Switch-acl-adv-3001] quit
[Switch] traffic classifier c1 operator or     //Create a traffic classifier c1, and match ACL 3000 or ACL 3001.
[Switch-classifier-c1] if-match acl 3000
[Switch-classifier-c1] if-match acl 3001
[Switch-classifier-c1] quit

Configure a traffic behavior.
# Create a traffic behavior b1 on the Switch, and define traffic mirroring in the traffic behavior to copy specified traffic to local observing port GE1/0/2.
```
[Switch] traffic behavior b1     //Create a traffic behavior b1 to mirror specified traffic to observing port 1.
[Switch-behavior-b1] mirroring to observe-port 1
[Switch-behavior-b1] quit
```
For fixed switches S6720-EI and S6720S-EI as well as cards (except X series cards) on modular switches, when configuring outbound traffic mirroring, do not configure other traffic behaviors (except the traffic statistics function of modular switches running V100R006 and earlier versions). From V200R001 to V200R010, the permit action generated by default when a traffic behavior is created on modular switches must also be deleted; otherwise, outbound traffic mirroring is ineffective.

Configure a traffic policy and apply the traffic policy to an interface.

# Create a traffic policy named p1 on the Switch, bind the traffic behavior and traffic classifier to the traffic policy, and apply the traffic policy to the inbound direction of GE1/0/1 to monitor specified traffic of the science and technology department.

[Switch] traffic policy p1     //Create a traffic policy p1 and bind the traffic behavior and traffic classifier to the traffic policy.
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] quit
[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] traffic-policy p1 inbound     //Apply the traffic policy p1 to the inbound direction of GE1/0/1.
[Switch-GigabitEthernet1/0/1] return

Verify the configuration.

# Check the traffic classifier configuration.

<Switch> display traffic classifier user-defined c1
  User Defined Classifier Information:
   Classifier: c1
    Precedence: 5
    Operator: OR
    Rule(s) : if-match acl 3000
              if-match acl 3001

# Check the traffic policy configuration.

<Switch> display traffic policy user-defined p1
  User Defined Traffic Policy Information:
  Policy: p1
   Classifier: c1
    Operator: OR
     Behavior: b1
      Permit
      Mirroring  to observe-port 1

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/2
  ----------------------------------------------------------------------

# Check the mirroring configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/2
  ----------------------------------------------------------------------
  Stream-mirror:
  ----------------------------------------------------------------------
       Behavior                  Direction  Observe-port
  ----------------------------------------------------------------------
  1    b1                        -          Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Switch configuration file

#
sysname Switch
#
observe-port 1 interface GigabitEthernet1/0/2
#
acl number 3000
 rule 5 permit tcp source 10.1.1.0 0.0.0.255 destination-port eq www
acl number 3001
 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
#
traffic classifier c1 operator or precedence 5
 if-match acl 3000
 if-match acl 3001
#
traffic behavior b1
 permit
 mirroring to observe-port 1
#
traffic policy p1 match-order config
 classifier c1 behavior b1
#
interface GigabitEthernet1/0/1
 traffic-policy p1 inbound
#
return

To view detailed information about software mappings, visit Info-Finder, select a product series or product model, and click Hardware Center.

Example for Configuring ACL-based Local Traffic Mirroring

Local Traffic Mirroring Overview

In local traffic mirroring, service traffic matching configured rules is copied to an observing port that is directly connected to a monitoring device for analysis and monitoring.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
Huawei S series fixed switches except S2700-SI running V100R006C05 support ACL-based local traffic mirroring. Huawei S series modular switches support ACL-based local traffic mirroring in V200R005 and later versions.

Networking Requirements

As shown in Figure 3-282, the science and technology department and administrative department of a company use 10.1.1.0/24 and 10.1.2.0/24 respectively to access the Internet or communicate with each other through the Switch. The monitoring device Server is directly connected to the Switch.

The following traffic of the science and technology department needs to be monitored through the Server:

Internet access traffic
Traffic sent to the administrative department

Figure 3-282 Local traffic mirroring networking

Configuration Roadmap

Configure GE1/0/2 of the Switch as a local observing port to forward mirrored packets to the Server.
Configure advanced ACLs to match two types of traffic of the science and technology department: Internet access traffic and traffic sent to the administrative department.
Configure an ACL-based traffic policy on GE1/0/1 to mirror the matching traffic.

Procedure

Configure an observing port.

# Configure GE1/0/2 of the Switch as a local observing port.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] observe-port 1 interface gigabitethernet 1/0/2     //Configure GE1/0/2 as local observing port 1.

Configure advanced ACLs.

# Create two advanced ACLs numbered 3000 and 3001 on the Switch, configure ACL 3000 to match traffic with source network segment 10.1.1.0/24 and destination TCP port number WWW, and configure ACL 3001 to match traffic with source network segment 10.1.1.0/24 and destination network segment 10.1.2.0/24.

[Switch] acl number 3000     //Create ACL 3000 to allow the packets with source network segment 10.1.1.0/24 and destination TCP port number WWW to pass through.
[Switch-acl-adv-3000] rule permit tcp source 10.1.1.0 0.0.0.255 destination-port eq www
[Switch-acl-adv-3000] quit
[Switch] acl number 3001     //Create ACL 3001 to allow the packets with source network segment 10.1.1.0/24 and destination network segment 10.1.2.0/24 to pass through.
[Switch-acl-adv-3001] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
[Switch-acl-adv-3001] quit

Configure an ACL-based traffic policy.

# Configure an ACL-based traffic policy on GE1/0/1 of the Switch to mirror the matching traffic.

[Switch] interface gigabitethernet 1/0/1
[Switch-GigabitEthernet1/0/1] traffic-mirror inbound acl 3000 to observe-port 1     //Mirror the incoming packets that match ACL 3000 on GE1/0/1 to observing port 1.
[Switch-GigabitEthernet1/0/1] traffic-mirror inbound acl 3001 to observe-port 1     //Mirror the incoming packets that match ACL 3001 on GE1/0/1 to observing port 1.
[Switch-GigabitEthernet1/0/1] return

Verify the configuration.

# Check ACL rules and traffic behavior information.

<Switch> display traffic-applied interface gigabitethernet 1/0/1 inbound
-----------------------------------------------------------
ACL applied inbound interface GigabitEthernet1/0/1

ACL 3000
 rule 5 permit tcp source 10.1.1.0 0.0.0.255 destination-port eq www (match-counter 0)
ACTIONS:
 mirror to observe-port 1
-----------------------------------------------------------

ACL 3001
 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 (match-counter 0)
ACTIONS:
 mirror to observe-port 1
-----------------------------------------------------------

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/2
  ----------------------------------------------------------------------

# Check the mirroring configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/2
  ----------------------------------------------------------------------
  Stream-mirror:
  ----------------------------------------------------------------------
       Behavior                  Direction  Observe-port
  ----------------------------------------------------------------------
  1    SACL                      -          Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
observe-port 1 interface GigabitEthernet1/0/2
#
acl number 3000
 rule 5 permit tcp source 10.1.1.0 0.0.0.255 destination-port eq www
acl number 3001
 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
#
interface GigabitEthernet1/0/1
 traffic-mirror inbound acl 3000 to observe-port 1
 traffic-mirror inbound acl 3001 to observe-port 1
#
return

Example for Configuring MQC-based Remote Traffic Mirroring

Remote Traffic Mirroring Overview

In remote traffic mirroring, service traffic matching configured rules is copied to an observing port that is connected to a monitoring device through an intermediate network for analysis and monitoring.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
This example applies to the following products and versions:
- Modular switches: Both inbound and outbound traffic mirroring are supported. For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S2700-EI, S3700-SI, S3700-EI, S3700-HI, S2730S-S, S5735-L-I, S5735-L1,S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5735-S, S500, S5735S-S, S5735-S-I: Only support inbound traffic mirroring. For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S5700-EI, S5710-EI, S5700-HI, S5710-HI, S6700-EI: Outbound traffic mirroring is supported since V200R005. For applicable versions about inbound traffic mirroring, see Table 3-1 in the section "Applicable Products and Versions."
- S5720-EI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-S, S5731S-H, S5732-H, S6720-EI, S6720S-EI, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S: Both inbound and outbound traffic mirroring are supported. For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."

Networking Requirements

As shown in Figure 3-283, external users on the Internet access the servers of a company through SwitchA. The antivirus monitoring device Server connects to SwitchA through SwitchB.

The official website of the company is paralyzed because of malicious attacks. The Server needs to remotely analyze traffic with TCP port number WWW to locate the attack source.

Figure 3-283 Remote traffic mirroring networking

Configuration Roadmap

Configure GE1/0/2 of SwitchA as a Layer 2 remote observing port to forward mirrored packets to the specified VLAN.
Configure a traffic classifier on SwitchA to match traffic with TCP port number WWW, and configure a traffic behavior to mirror packets to the observing port.
Configure a traffic policy on SwitchA, bind the traffic classifier and traffic behavior to the traffic policy, and apply the traffic policy to GE1/0/1.
Create a VLAN on SwitchB, disable MAC address learning in this VLAN, and add ports to the VLAN to forward the mirrored packets sent from the observing port to the Server.

Procedure

Configure an observing port on SwitchA.
# Configure GE1/0/2 of SwitchA as a Layer 2 remote observing port and bind the observing port to VLAN 10.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] observe-port 1 interface gigabitethernet 1/0/2 vlan 10     //Configure GE1/0/2 as Layer 2 remote observing port 1, and add it to VLAN 10.
```
After the configuration is complete, the observing port forwards mirrored packets to VLAN 10 removing the need to add the observing port to the VLAN.

Configure a traffic classifier on SwitchA.

# Create a traffic classifier c1 on SwitchA to match traffic with TCP port number WWW.

[SwitchA] acl number 3000     //Create ACL 3000 to allow the packets with the TCP port number WWW to pass through.
[SwitchA-acl-adv-3000] rule permit tcp destination-port eq www
[SwitchA-acl-adv-3000] quit
[SwitchA] traffic classifier c1     //Create a traffic classifier c1, and match ACL 3000.
[SwitchA-classifier-c1] if-match acl 3000
[SwitchA-classifier-c1] quit

Configure a traffic behavior on SwitchA.
# Create a traffic behavior b1 on SwitchA, and define traffic mirroring in the traffic behavior to copy specified traffic to observing port GE1/0/2.
```
[SwitchA] traffic behavior b1     //Create a traffic behavior b1, and define traffic mirroring to mirror specified traffic to observing port 1.
[SwitchA-behavior-b1] mirroring to observe-port 1
[SwitchA-behavior-b1] quit
```
For fixed switches S6720-EI and S6720S-EI as well as cards (except X series cards) on modular switches, when configuring outbound traffic mirroring, do not configure other traffic behaviors (except the traffic statistics function of modular switches running V100R006 and earlier versions). From V200R001 to V200R010, the permit action generated by default when a traffic behavior is created on modular switches must also be deleted; otherwise, outbound traffic mirroring is ineffective.

Configure a traffic policy on SwitchA to apply it to an interface.

# Create a traffic policy p1 on SwitchA, bind the traffic behavior and traffic classifier to the traffic policy, and apply the traffic policy to the inbound direction of GE1/0/1 to monitor traffic with a specified TCP port number.

[SwitchA] traffic policy p1     //Create a traffic policy p1, and bind the traffic behavior and traffic classifier to the traffic policy.
[SwitchA-trafficpolicy-p1] classifier c1 behavior b1
[SwitchA-trafficpolicy-p1] quit
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] traffic-policy p1 inbound     //Apply the traffic policy to the inbound direction of GE1/0/1.
[SwitchA-GigabitEthernet1/0/1] return

Create a VLAN on SwitchB and add ports to the VLAN.

# Create VLAN 10 on SwitchB, disable MAC address learning in this VLAN, and add GE1/0/1 and GE1/0/2 to VLAN 10.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan 10
[SwitchB-vlan10] mac-address learning disable     //Disable MAC address learning in this VLAN.
[SwitchB-vlan10] quit
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type access     //Set the link type of the interface on the monitoring device to access. The default link type of interfaces is not access.
[SwitchB-GigabitEthernet1/0/1] port default vlan 10
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk     //Set the link type of the interface on the network side to trunk. The default link type of interfaces is not trunk.
[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet1/0/2] return

Verify the configuration.

# Check the traffic classifier configuration.

<SwitchA> display traffic classifier user-defined c1
  User Defined Classifier Information:
   Classifier: c1
    Precedence: 5
    Operator: OR
    Rule(s) : if-match acl 3000

# Check the traffic policy configuration.

<SwitchA> display traffic policy user-defined p1
  User Defined Traffic Policy Information:
  Policy: p1
   Classifier: c1
    Operator: OR
     Behavior: b1
      Permit
      Mirroring  to observe-port 1

# Check the observing port configuration.

<SwitchA> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/2
  Vlan           : 10
  ----------------------------------------------------------------------

# Check the mirrored port configuration.

<SwitchA> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/2
  ----------------------------------------------------------------------
  Stream-mirror:
  ----------------------------------------------------------------------
       Behavior               Direction  Observe-port
  ----------------------------------------------------------------------
  1    b1                     -          Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

SwitchA configuration file

#
sysname SwitchA
#
observe-port 1 interface GigabitEthernet1/0/2 vlan 10
#
acl number 3000
 rule 5 permit tcp destination-port eq www
#
traffic classifier c1 operator or precedence 5
 if-match acl 3000
#
traffic behavior b1
 permit
 mirroring to observe-port 1
#
traffic policy p1 match-order config
 classifier c1 behavior b1
#
interface GigabitEthernet1/0/1
 traffic-policy p1 inbound
#
return

SwitchB configuration file

#
sysname SwitchB
#
vlan batch 10
#
vlan 10
 mac-address learning disable
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
return

Example for Configuring ACL-based Remote Traffic Mirroring

Remote Traffic Mirroring Overview

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
This example applies to the following products and versions:
- Modular switches: V200R005C00 and later versions
- S2700-EI, S3700-SI, S3700-EI, S3700-HI, S5700-EI, S5710-EI, S5720-EI, S5700-HI, S5710-HI, S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-S, S5731S-H, S5732-H, S2730S-S, S5735-L-I, S5735-L1,S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5735-S, S500, S5735S-S, S5735-S-I, S6700-EI, S6720-EI, S6720S-EI, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."

Networking Requirements

As shown in Figure 3-284, external users on the Internet access the servers of a company through SwitchA. The antivirus monitoring device Server connects to SwitchA through SwitchB.

The official website of the company is paralyzed because of malicious attacks. The Server needs to remotely analyze traffic with TCP port number WWW to locate the attack source.

Figure 3-284 Remote traffic mirroring networking

Configuration Roadmap

Configure GE1/0/2 of SwitchA as a Layer 2 remote observing port to forward mirrored packets to the specified VLAN.
Configure an advanced ACL on SwitchA to match traffic with TCP port number WWW.
Configure an ACL-based traffic policy on GE1/0/1 of SwitchA to mirror the matching traffic.
Create a VLAN on SwitchB, disable MAC address learning in this VLAN, and add ports to the VLAN to forward the mirrored packets sent from the observing port to the Server.

Procedure

Configure an observing port on SwitchA.
# Configure GE1/0/2 of SwitchA as a Layer 2 remote observing port and bind the observing port to VLAN 10.
```
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] observe-port 1 interface gigabitethernet 1/0/2 vlan 10     //Configure GE1/0/2 as Layer 2 remote observing port 1, and add it to VLAN 10.
```
After the configuration is complete, the observing port forwards mirrored packets to VLAN 10 removing the need to add the observing port to the VLAN.

Configure an advanced ACL on SwitchA.

# Create an advanced ACL numbered 3000 on SwitchA to match traffic with TCP port number WWW.

[SwitchA] acl number 3000     //Create ACL 3000 to allow the packets with the TCP port number WWW to pass through.
[SwitchA-acl-adv-3000] rule permit tcp destination-port eq www
[SwitchA-acl-adv-3000] quit

Configure an ACL-based traffic policy on SwitchA.

# Configure an ACL-based traffic policy on GE1/0/1 of SwitchA to mirror the matching traffic.

[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] traffic-mirror inbound acl 3000 to observe-port 1     //Mirror incoming packets that match ACL 3000 on GE1/0/1 to observing port 1.
[SwitchA-GigabitEthernet1/0/1] return

Create a VLAN on SwitchB and add ports to the VLAN.

# Create VLAN 10 on SwitchB, disable MAC address learning in this VLAN, and add GE1/0/1 and GE1/0/2 to VLAN 10.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan 10
[SwitchB-vlan10] mac-address learning disable     //Disable MAC address learning in this VLAN.
[SwitchB-vlan10] quit
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type access     //Set the link type of the interface on the monitoring device to access. The default link type of interfaces is not access.
[SwitchB-GigabitEthernet1/0/1] port default vlan 10
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-type trunk     //Set the link type of the interface on the network side to trunk. The default link type of interfaces is not trunk.
[SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
[SwitchB-GigabitEthernet1/0/2] return

Verify the configuration.

# Check ACL rules and traffic behavior information.

<SwitchA> display traffic-applied interface gigabitethernet 1/0/1 inbound
-----------------------------------------------------------
ACL applied inbound interface GigabitEthernet1/0/1

ACL 3000
 rule 5 permit tcp  destination-port eq www (match-counter 0)
ACTIONS:
 mirror to observe-port 1
-----------------------------------------------------------

# Check the observing port configuration.

<SwitchA> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet1/0/2
  Vlan           : 10
  ----------------------------------------------------------------------

# Check the mirrored port configuration.

<SwitchA> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/2
  ----------------------------------------------------------------------
  Stream-mirror:
  ----------------------------------------------------------------------
       Behavior               Direction  Observe-port
  ----------------------------------------------------------------------
  1    SACL                   -          Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of SwitchA

#
sysname SwitchA
#
observe-port 1 interface GigabitEthernet1/0/2 vlan 10
#
acl number 3000
 rule 5 permit tcp destination-port eq www
#
interface GigabitEthernet1/0/1
 traffic-mirror inbound acl 3000 to observe-port 1
#
return

Configuration file of SwitchB

#
sysname SwitchB
#
vlan batch 10
#
vlan 10
 mac-address learning disable
#
interface GigabitEthernet1/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet1/0/2
 port link-type trunk
 port trunk allow-pass vlan 10
#
return

Example for Configuring Local VLAN Mirroring

Local VLAN Mirroring Overview

In local VLAN mirroring, an observing port is directly connected to a monitoring device and forwards the packets copied from a VLAN to the monitoring device for analysis.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
VLAN mirroring applies only to inbound packets.
This example applies to the following products and versions:
- Modular switches: V200R019C10 and later versions
- S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730-S, S6730S-S: V200R019C10 and later versions
- S2700-52P-EI, S2700-52P-PWR-EI, S2720-EI, S2750-EI, S3700-SI, S3700-EI, S3700-HI: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S5700-LI, S5700S-LI, S5710-C-LI, S5710-X-LI, S5700-SI, S5700-EI, S5710-EI, S5700-HI, S5710-HI, S5720-LI, S5720S-LI, S5720-SI, S5720S-SI, S5720I-SI, S5730-SI, S5730S-EI, S5720-EI, S2730S-S, S5735-L-I, S5735-L1,S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5735-S, S500, S5735S-S, S5735-S-I, S5735S-H, S5736-S: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S6700-EI, S6720-LI, S6720S-LI, S6720-SI, S6720S-SI, S6720-EI, S6720S-EI, S6730S-H: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."

Networking Requirements

As shown in Figure 3-285, all the hosts of a company access the Internet through the Switch and belong to VLAN 10. The monitoring device Server is directly connected to the Switch.

Internet access traffic of all the hosts needs to be monitored through the Server.

Figure 3-285 Local VLAN mirroring networking

Configuration Roadmap

Create VLAN 10 on the Switch and add the ports that connect the Switch to hosts to VLAN 10 so that the hosts can communicate with the Switch at Layer 2.
Configure GE0/0/4 of the Switch as a local observing port to forward mirrored packets to the Server.
Configure VLAN 10 as a mirrored VLAN to copy Internet access traffic of all the hosts in VLAN 10 to the local observing port.

Procedure

Add ports to a VLAN.

# Create VLAN 10 on the Switch and add GE0/0/1 through GE0/0/3 to VLAN 10.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[Switch-GigabitEthernet0/0/1] port default vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[Switch-GigabitEthernet0/0/2] port default vlan 10
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[Switch-GigabitEthernet0/0/3] port default vlan 10
[Switch-GigabitEthernet0/0/3] quit

Configure an observing port.

# Configure GE0/0/4 of the Switch as a local observing port.

[Switch] observe-port 1 interface gigabitethernet 0/0/4     //Configure GE0/0/4 as local observing port 1.

Configure a mirrored VLAN.

# On the Switch, configure VLAN 10 as a mirrored VLAN and copy the packets received by all the ports in VLAN 10 to the local observing port.

[Switch] vlan 10
[Switch-vlan10] mirroring to observe-port 1 inbound     //Mirror incoming packets on all the interfaces in VLAN 10 to observing port 1.
[Switch-vlan10] return

Verify the configuration.

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet0/0/4
  ----------------------------------------------------------------------

# Check the mirroring configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet0/0/4
  ----------------------------------------------------------------------
  Vlan-mirror:
  ----------------------------------------------------------------------
  Mirror-vlan              Direction     Observe-port
  ----------------------------------------------------------------------
  10                       Inbound       Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
vlan batch 10
#
observe-port 1 interface GigabitEthernet0/0/4
#
vlan 10
 mirroring to observe-port 1 inbound
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
#
return

Example for Configuring Remote VLAN Mirroring

Remote VLAN Mirroring Overview

In remote VLAN mirroring, an observing port is connected to a monitoring device through an intermediate network and forwards the packets copied in a VLAN to the monitoring device through the intermediate network.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
VLAN mirroring applies only to inbound packets.
This example applies to the following products and versions:
- Modular switches: V200R019C10 and later versions
- S5700-LI, S5700S-LI, S5700-SI: V200R002C00 and later versions
- S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730-S, S6730S-S: V200R019C10 and later versions
- S2700-52P-EI, S2700-52P-PWR-EI, S2720-EI, S2750-EI, S3700-SI, S3700-EI, S3700-HI: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S5710-X-LI, S5700-EI, S5710-EI, S5700-HI, S5710-HI, S5720-LI, S5720S-LI, S5720-SI, S5720S-SI, S5720I-SI, S5730-SI, S5730S-EI, S5720-EI, S2730S-S, S5735-L-I, S5735-L1,S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5735-S, S500, S5735S-S, S5735-S-I, S5735S-H, S5736-S: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S6700-EI, S6720-LI, S6720S-LI, S6720-SI, S6720S-SI, S6720-EI, S6720S-EI, S6730S-H: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."

Networking Requirements

As shown in Figure 3-286, all the hosts of a company access the Internet through SwitchA and belong to VLAN 10. The monitoring device Server is connected to SwitchA through SwitchB.

Internet access traffic of all the hosts needs to be monitored through the Server.

Figure 3-286 Remote VLAN mirroring networking

Configuration Roadmap

Create VLAN 10 on SwitchA and add the ports that connect SwitchA to hosts to VLAN 10 so that the hosts can communicate with SwitchA at Layer 2.
Create VLAN 20 on SwitchB, disable MAC address learning in this VLAN, and add the ports that connect SwitchB to SwitchA and the Server to VLAN 20 so that SwitchB can communicate with SwitchA and the Server at Layer 2.
Configure GE0/0/4 of SwitchA as a remote observing port to forward mirrored packets to VLAN 20.
Configure VLAN 10 as a mirrored VLAN to copy Internet access traffic of all the hosts in VLAN 10 to the remote observing port.

Procedure

Add ports to VLANs.

# Create VLAN 10 on SwitchA and add GE0/0/1 through GE0/0/3 to VLAN 10.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[SwitchA-GigabitEthernet0/0/1] port default vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[SwitchA-GigabitEthernet0/0/2] port default vlan 10
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[SwitchA-GigabitEthernet0/0/3] port default vlan 10
[SwitchA-GigabitEthernet0/0/3] quit

# Create VLAN 20 on SwitchB, disable MAC address learning in this VLAN, and add GE0/0/1 and GE0/0/4 to VLAN 20.

Here, VLAN 20 is used for forwarding only mirrored packets. If VLAN 20 already exists and has learned MAC address entries, run the undo mac-address vlan vlan-id command in the system view to delete all MAC address entries in VLAN 20.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan 20
[SwitchB-vlan20] mac-address learning disable     //Disable MAC address learning in this VLAN.
[SwitchB-vlan20] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type access     //Set the link type of the interface on the monitoring device to access. The default link type of interfaces is not access.
[SwitchB-GigabitEthernet0/0/1] port default vlan 20
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/4
[SwitchB-GigabitEthernet0/0/4] port link-type trunk
[SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 20     //Set the link type of the interface on the network side to trunk. The default link type of interfaces is not trunk.
[SwitchB-GigabitEthernet0/0/4] return

Configure an observing port.
# Configure GE0/0/4 of SwitchA as a remote observing port.
```
[SwitchA] observe-port 1 interface gigabitethernet 0/0/4 vlan 20     //Configure GE0/0/4 as Layer 2 remote observing port 1, and add it to VLAN 20.
```
After the configuration is complete, the observing port forwards mirrored packets to VLAN 20 removing the need to add the observing port to the VLAN.

Configure a mirrored VLAN.

# On SwitchA, configure VLAN 10 as a mirrored VLAN and copy the packets received by all the ports in VLAN 10 to the remote observing port.

[SwitchA] vlan 10
[SwitchA-vlan10] mirroring to observe-port 1 inbound     //Mirror incoming packets on all the interfaces in VLAN 10 to observing port 1.
[SwitchA-vlan10] return

Verify the configuration.

# Check the observing port configuration.

<SwitchA> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet0/0/4
  Vlan           : 20
  ----------------------------------------------------------------------

# Check the mirroring configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet0/0/4
  ----------------------------------------------------------------------
  Vlan-mirror:
  ----------------------------------------------------------------------
  Mirror-vlan              Direction     Observe-port
  ----------------------------------------------------------------------
  10                       Inbound       Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of SwitchA

#
sysname SwitchA
#
vlan batch 10
#
observe-port 1 interface GigabitEthernet0/0/4 vlan 20
#
vlan 10
 mirroring to observe-port 1 inbound
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
#
return

Configuration file of SwitchB

#
sysname SwitchB
#
vlan batch 20
#
vlan 20
 mac-address learning disable
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 20
#
return

Example for Configuring Local MAC Address Mirroring

Local MAC Address Mirroring Overview

In local MAC address mirroring, an observing port is directly connected to a monitoring device and forwards the packets with a specified MAC address to the monitoring device for analysis.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
MAC address mirroring applies only to inbound packets.
This example applies to the following products and versions:
- Modular switches: V200R019C10 and later versions
- S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730-S, S6730S-S: V200R019C10 and later versions
- S2700-52P-EI, S2700-52P-PWR-EI, S2720-EI, S2750-EI, S3700-SI, S3700-EI, S3700-HI: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S5700-LI, S5700S-LI, S5710-C-LI, S5710-X-LI, S5700-SI, S5700-EI, S5710-EI, S5700-HI, S5710-HI, S5720-LI, S5720S-LI, S5720-SI, S5720S-SI, S5720I-SI, S5730-SI, S5730S-EI, S5720-EI, S2730S-S, S5735-L-I, S5735-L1,S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5735-S, S500, S5735S-S, S5735-S-I, S5735S-H, S5736-S: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S6700-EI, S6720-LI, S6720S-LI, S6720-SI, S6720S-SI, S6720-EI, S6720S-EI, S6730S-H: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."

Networking Requirements

As shown in Figure 3-287, all the hosts of a company access the Internet through the Switch and belong to VLAN 10. The monitoring device Server is directly connected to the Switch.

Internet access traffic of the host with a MAC address 0001-0001-0001 needs to be monitored through the Server.

Figure 3-287 Local MAC address mirroring networking

Configuration Roadmap

Create VLAN 10 on the Switch and add the ports that connect the Switch to hosts to VLAN 10 so that the hosts can communicate with the Switch at Layer 2.
Configure GE0/0/4 of the Switch as a local observing port to forward mirrored packets to the Server.
Configure MAC address mirroring in VLAN 10 to copy Internet access traffic of the host with a specified MAC address in VLAN 10 to the local observing port.

Procedure

Add ports to a VLAN.

# Create VLAN 10 on the Switch and add GE0/0/1 through GE0/0/3 to VLAN 10.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 10
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[Switch-GigabitEthernet0/0/1] port default vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[Switch-GigabitEthernet0/0/2] port default vlan 10
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[Switch-GigabitEthernet0/0/3] port default vlan 10
[Switch-GigabitEthernet0/0/3] quit

Configure an observing port.

# Configure GE0/0/4 of the Switch as a local observing port.

[Switch] observe-port 1 interface gigabitethernet 0/0/4     //Configure GE0/0/4 as local observing port 1.

Configure MAC address mirroring.

# On the Switch, configure MAC address mirroring in VLAN 10 and copy the packets that are received by all the ports in VLAN 10 and contain a MAC address 0001-0001-0001 to the local observing port.

[Switch] vlan 10
[Switch-vlan10] mac-mirroring 0001-0001-0001 to observe-port 1 inbound     //Mirror incoming packets with the MAC address 0001-0001-0001 on all the interfaces in VLAN 10 to observing port 1.
[Switch-vlan10] return

Verify the configuration.

# Check the observing port configuration.

<Switch> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet0/0/4
  ----------------------------------------------------------------------

# Check the mirroring configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet0/0/4
  ---------------------------------------------------------------------- 
  Mac-mirror:
  ----------------------------------------------------------------------
  Mirror-mac       Vlan    Direction     Observe-port
  ----------------------------------------------------------------------
  0001-0001-0001   10      Inbound       Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
vlan batch 10
#
observe-port 1 interface GigabitEthernet0/0/4
#
vlan 10
 mac-mirroring 0001-0001-0001 to observe-port 1 inbound
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
#
return

Example for Configuring Remote MAC Address Mirroring

Remote MAC Address Mirroring Overview

In remote MAC address mirroring, an observing port is connected to a monitoring device through an intermediate network and forwards the packets with a specified MAC address to the monitoring device through the intermediate network.

Configuration Notes

You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
If the mirroring function is deployed on many ports of a device, a great deal of internal forwarding bandwidth will be occupied, which affects the forwarding of other services. Additionally, if the mirrored port bandwidth is higher than the observing port bandwidth, for example, 1000 Mbit/s on a mirrored port and 100 Mbit/s on an observing port, the observing port will fail to forward all mirrored packets in a timely manner because of insufficient bandwidth, leading to packet loss.
MAC address mirroring applies only to inbound packets.
This example applies to the following products and versions:
- Modular switches: V200R019C10 and later versions
- S2750-EI, S5700-LI, S5700S-LI: V200R005C00SPC300 and later versions
- S5700-SI: V200R005C00
- S5730-HI, S5731-H, S5731S-H, S5731-S, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730-S, S6730S-S: V200R019C10 and later versions
- S2700-52P-EI, S2700-52P-PWR-EI, S2720-EI, S3700-SI, S3700-EI, S3700-HI: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S5710-X-LI, S5700-EI, S5710-EI, S5700-HI, S5710-HI, S5720-LI, S5720S-LI, S5720-SI, S5720S-SI, S5720I-SI, S5730-SI, S5730S-EI, S5720-EI, S2730S-S, S5735-L-I, S5735-L1,S300, S5735-L, S5735S-L, S5735S-L1, S5735S-L-M, S5735-S, S500, S5735S-S, S5735-S-I, S5735S-H, S5736-S: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."
- S6700-EI, S6720-LI, S6720S-LI, S6720-SI, S6720S-SI, S6720-EI, S6720S-EI, S6730S-H: For the applicable versions, see Table 3-1 in the section "Applicable Products and Versions."

Networking Requirements

As shown in Figure 3-288, all the hosts of a company access the Internet through SwitchA and belong to VLAN 10. The monitoring device Server is connected to SwitchA through SwitchB.

Internet access traffic of the host with a MAC address 0001-0001-0001 needs to be remotely monitored through the Server.

Figure 3-288 Remote MAC address mirroring networking

Configuration Roadmap

Create VLAN 10 on SwitchA and add the ports that connect SwitchA to hosts to VLAN 10 so that the hosts can communicate with SwitchA at Layer 2.
Create VLAN 20 on SwitchB, disable MAC address learning in this VLAN, and add the ports that connect SwitchB to SwitchA and the Server to VLAN 20 so that SwitchB can communicate with SwitchA and the Server at Layer 2.
Configure GE0/0/4 of SwitchA as a remote observing port to forward mirrored packets to VLAN 20.
Configure MAC address mirroring in VLAN 10 to copy Internet access traffic of the host with a specified MAC address in VLAN 10 to the remote observing port.

Procedure

Add ports to VLANs.

# Create VLAN 10 on SwitchA and add GE0/0/1 through GE0/0/3 to VLAN 10.

<HUAWEI> system-view
[HUAWEI] sysname Switch
[SwitchA] vlan batch 10
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[SwitchA-GigabitEthernet0/0/1] port default vlan 10
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[SwitchA-GigabitEthernet0/0/2] port default vlan 10
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] port link-type access     //Set the link type of the host-side interface to access. The default link type of interfaces is not access.
[SwitchA-GigabitEthernet0/0/3] port default vlan 10
[SwitchA-GigabitEthernet0/0/3] quit

# Create VLAN 20 on SwitchB, disable MAC address learning in this VLAN, and add GE0/0/1 and GE0/0/4 to VLAN 20.

<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] vlan 20
[SwitchB-vlan20] mac-address learning disable     //Disable MAC address learning in this VLAN.
[SwitchB-vlan20] quit
[SwitchB] interface gigabitethernet 0/0/1
[SwitchB-GigabitEthernet0/0/1] port link-type access     //Set the link type of the interface on the monitoring device to access. The default link type of interfaces is not access.
[SwitchB-GigabitEthernet0/0/1] port default vlan 20
[SwitchB-GigabitEthernet0/0/1] quit
[SwitchB] interface gigabitethernet 0/0/4
[SwitchB-GigabitEthernet0/0/4] port link-type trunk
[SwitchB-GigabitEthernet0/0/4] port trunk allow-pass vlan 20     //Set the link type of the interface on the network side to trunk. The default link type of interfaces is not trunk.
[SwitchB-GigabitEthernet0/0/4] return

Configure an observing port.
# Configure GE0/0/4 of SwitchA as a remote observing port.
```
[SwitchA] observe-port 1 interface gigabitethernet 0/0/4 vlan 20     //Configure GE0/0/4 as Layer 2 remote observing port 1, and add it to VLAN 20.
```
After the configuration is complete, the observing port forwards mirrored packets to VLAN 20 removing the need to add the observing port to the VLAN.

Configure MAC address mirroring.

# On SwitchA, configure MAC address mirroring in VLAN 10 and copy the packets that are received by all the ports in VLAN 10 and contain a MAC address 0001-0001-0001 to the remote observing port.

[SwitchA] vlan 10
[SwitchA-vlan10] mac-mirroring 0001-0001-0001 to observe-port 1 inbound     //Mirror incoming packets with the MAC address 0001-0001-0001 on all the interfaces in VLAN 10 to observing port 1.
[SwitchA-vlan10] return

Verify the configuration.

# Check the observing port configuration.

<SwitchA> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Forwarding     : No
  Interface      : GigabitEthernet0/0/4
  Vlan           : 20
  ----------------------------------------------------------------------

# Check the mirroring configuration.

<Switch> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet0/0/4
  ---------------------------------------------------------------------- 
  Mac-mirror:
  ----------------------------------------------------------------------
  Mirror-mac       Vlan    Direction     Observe-port
  ----------------------------------------------------------------------
  0001-0001-0001   10      Inbound       Observe-port 1
  ----------------------------------------------------------------------

Configuration Files

Configuration file of SwitchA

#
sysname SwitchA
#
vlan batch 10
#
observe-port 1 interface GigabitEthernet0/0/4 vlan 20
#
vlan 10
 mac-mirroring 0001-0001-0001 to observe-port 1 inbound
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 10
#
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 10
#
return

Configuration file of SwitchB

#
sysname SwitchB
#
vlan batch 20
#
vlan 20
 mac-address learning disable
#
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 20
#
interface GigabitEthernet0/0/4
 port link-type trunk
 port trunk allow-pass vlan 20
#
return

To view detailed information about software mappings, visit Info-Finder, select a product series or product model, and click Hardware Center.

Example for Configuring Local Port Mirroring (1:1 Mirroring)
Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured One by One)
Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured in a Group)
Example for Configuring Local Port Mirroring (N:1 Mirroring)
Example for Configuring Local Port Mirroring (M:N Mirroring)
Example for Configuring Layer 2 Remote Port Mirroring
Example for Configuring MQC-based Local Traffic Mirroring
Example for Configuring ACL-based Local Traffic Mirroring
Example for Configuring MQC-based Remote Traffic Mirroring
Example for Configuring ACL-based Remote Traffic Mirroring
Example for Configuring Local VLAN Mirroring
Example for Configuring Remote VLAN Mirroring
Example for Configuring Local MAC Address Mirroring
Example for Configuring Remote MAC Address Mirroring

Translation

Español 日本語 Русский 简体中文

Download

Updated: 2023-07-29

Document ID: EDOC1000069520

Downloads: 41253

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

Example for Configuring Local Port Mirroring (1:1 Mirroring)

Local Port Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured One by One)

1:N Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring Local 1:N Port Mirroring (Observing Ports Are Configured in a Group)

1:N Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring Local Port Mirroring (N:1 Mirroring)

N:1 Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring Local Port Mirroring (M:N Mirroring)

M:N Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring Layer 2 Remote Port Mirroring

Layer 2 Remote Port Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring MQC-based Local Traffic Mirroring

Local Traffic Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring ACL-based Local Traffic Mirroring

Local Traffic Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring MQC-based Remote Traffic Mirroring

Remote Traffic Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring ACL-based Remote Traffic Mirroring

Remote Traffic Mirroring Overview

Configuration Notes

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Example for Configuring Local VLAN Mirroring

Local VLAN Mirroring Overview

Configuration Notes

Networking Requirements