No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - Network Management and Monitoring

This document provides the configurations of network management and monitoring features supported by the product, including SNMP, RMON and RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, Traffic Distribution, NetStream, sFlow, and TWAMP Light.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ACL-based Remote Traffic Mirroring

Configuring ACL-based Remote Traffic Mirroring

Procedure

  1. Run the system-view command to enter the system view.
  2. Configure remote observing ports.

    • Configure a single remote observing port.

      Run the observe-port [ observe-port-index ] interface interface-type interface-number vlan vlan-id command to configure a Layer 2 remote observing port.

      vlan vlan-id indicates that a Layer 2 remote observing port sends mirrored packets to the monitoring device through the specified VLAN. Therefore, the Layer 2 remote observing port does not need to be added to the VLAN.

    • Configure multiple remote observing ports in a batch.

      1. Run the observe-port [ observe-port-index ] interface-range { interface-type interface-number [ to interface-type interface-number ] } &<1-8> vlan vlan-id command to configure multiple Layer 2 remote observing ports in a batch.

        Layer 2 remote observing ports configured in a batch can be bound to the same mirrored port to simplify the configuration. Therefore, batch configuration is recommended in 1:N mirroring.

        vlan vlan-id indicates that a Layer 2 remote observing port sends mirrored packets to the monitoring device through the specified VLAN. Therefore, the Layer 2 remote observing port does not need to be added to the VLAN.

      2. (Optional) Run the observe-port observe-port-index interface-range { add | delete } interface-type interface-number command to add or delete Layer 2 remote observing ports to or from multiple Layer 2 remote observing ports configured in a batch.

    NOTE:

    An observing port is dedicated to forwarding mirrored traffic. Do not configure other services on an observing port; otherwise, mirrored traffic and other service traffic interfere with each other.

  3. Configure ACL-based traffic mirroring.

    • Configure ACL-based traffic mirroring in the system or a VLAN.

      • Run the following command to apply a basic ACL, an advanced ACL, a named ACL, a Layer 2 ACL, or a user-defined ACL (in IPv4).

        traffic-mirror [ vlan vlan-id ] inbound acl { bas-acl | adv-acl | name acl-name | l2-acl | user-acl } [ rule rule-id ] to observe-port observe-port-index

      • Run the following command to apply a basic ACL, an advanced ACL, or a named ACL (in IPv6).

        traffic-mirror [ vlan vlan-id ] inbound acl ipv6 { bas-acl | adv-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

      • Run the following command to apply a Layer 2 ACL and a basic ACL/advanced ACL/named ACL (in IPv4).

        traffic-mirror [ vlan vlan-id ] inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

      • Run the following command to apply a basic ACL/advanced ACL and a Layer 2 ACL/named ACL (in IPv4).

        traffic-mirror [ vlan vlan-id ] inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

      • Run the following command to apply a named ACL and a basic ACL/advanced ACL/Layer 2 ACL/named ACL (in IPv4).

        traffic-mirror [ vlan vlan-id ] inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

    • Configure ACL-based traffic mirroring on an interface. (Before the configuration, run the interface interface-type interface-number command to enter the interface view.)

      • Run the following command to apply a basic ACL, an advanced ACL, a named ACL, a Layer 2 ACL, or a user-defined ACL (in IPv4).

        traffic-mirror inbound acl { bas-acl | adv-acl | name acl-name | l2-acl | user-acl } [ rule rule-id ] to observe-port observe-port-index

      • Run the following command to apply a basic ACL, an advanced ACL, or a named ACL (in IPv6).

        traffic-mirror inbound acl ipv6 { bas-acl | adv-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

      • Run the following command to apply a Layer 2 ACL and a basic ACL/advanced ACL/named ACL (in IPv4).

        traffic-mirror inbound acl l2-acl [ rule rule-id ] acl { bas-acl | adv-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

      • Run the following command to apply a basic ACL/advanced ACL and a Layer 2 ACL/named ACL (in IPv4).

        traffic-mirror inbound acl { bas-acl | adv-acl } [ rule rule-id ] acl { l2-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

      • Run the following command to apply a named ACL and a basic ACL/advanced ACL/Layer 2 ACL/named ACL (in IPv4).

        traffic-mirror inbound acl name acl-name [ rule rule-id ] acl { bas-acl | adv-acl | l2-acl | name acl-name } [ rule rule-id ] to observe-port observe-port-index

    observe-port-index specifies the observing port index and must be the same as the index of the configured observing port.

Configuration Tips

Restoring the default configuration of an Ethernet port or Eth-Trunk configured as an observing port

  1. Delete the ACL-based traffic mirroring configured in the system or interface view. In the following example, ACL-based traffic mirroring is deleted from the interface view.

    [HUAWEI] interface gigabitethernet x/x/x
    [HUAWEI-GigabitEthernetx/x/x] undo traffic-mirror inbound acl xxx
    [HUAWEI-GigabitEthernetx/x/x] quit
  2. Delete the observing port configuration in the system view.

    [HUAWEI] undo observe-port x
    
  3. After steps 1 and 2 are complete, the default configuration of the Ethernet port or Eth-Trunk is restored. You can then configure other services on the Ethernet port or Eth-Trunk.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178113

Views: 135868

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next