No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - Network Management and Monitoring

This document provides the configurations of network management and monitoring features supported by the product, including SNMP, RMON and RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, Traffic Distribution, NetStream, sFlow, and TWAMP Light.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring ACL-based Remote Traffic Mirroring

Example for Configuring ACL-based Remote Traffic Mirroring

Networking Requirements

In Figure 8-19, external users access the servers of a company from the Internet through SwitchA. The antivirus monitoring device (Server) connects to SwitchA through SwitchB.

The official website of the company is paralyzed because of malicious attacks. The Server needs to remotely analyze traffic with TCP port number WWW to locate the attack source.

Figure 8-19  ACL-based remote traffic mirroring networking

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure GE1/0/2 of SwitchA as a Layer 2 remote observing port to forward mirrored packets to the specified VLAN.
  2. Configure an advanced ACL on SwitchA to match traffic with TCP port number WWW.
  3. Configure an ACL-based traffic policy on GE1/0/1 of SwitchA to mirror the matching traffic.
  4. Create a VLAN on SwitchB, disable MAC address learning in this VLAN, and add ports to the VLAN to forward the mirrored packets sent from the observing port to the Server.

Procedure

  1. Configure an observing port on SwitchA.

    # Configure GE1/0/2 of SwitchA as a Layer 2 remote observing port and bind the observing port to VLAN 10.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchA
    [SwitchA] observe-port 1 interface gigabitethernet 1/0/2 vlan 10

    After the configuration is complete, the observing port forwards mirrored packets to VLAN 10. There is no need to add the observing port to the VLAN.

  2. Configure an advanced ACL on SwitchA.

    # Create an advanced ACL numbered 3000 on SwitchA to match traffic with TCP port number WWW.

    [SwitchA] acl number 3000
    [SwitchA-acl-adv-3000] rule permit tcp destination-port eq www
    [SwitchA-acl-adv-3000] quit
    

  3. Configure an ACL-based traffic policy on SwitchA.

    # Configure an ACL-based traffic policy on GE1/0/1 of SwitchA to mirror the matching traffic.

    [SwitchA] interface gigabitethernet 1/0/1
    [SwitchA-GigabitEthernet1/0/1] traffic-mirror inbound acl 3000 to observe-port 1
    [SwitchA-GigabitEthernet1/0/1] return

  4. Create a VLAN on SwitchB and add ports to the VLAN.

    # Create VLAN 10 on SwitchB, disable MAC address learning in VLAN 10, and add GE1/0/1 and GE1/0/2 to VLAN 10.

    NOTE:

    VLAN 10 is used for forwarding only mirrored packets. If VLAN 10 already exists and has learned MAC address entries, run the undo mac-address vlan vlan-id command in the system view to delete all MAC address entries in VLAN 10.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchB
    [SwitchB] vlan 10
    [SwitchB-vlan10] mac-address learning disable
    [SwitchB-vlan10] quit
    [SwitchB] interface gigabitethernet 1/0/1
    [SwitchB-GigabitEthernet1/0/1] port link-type access
    [SwitchB-GigabitEthernet1/0/1] port default vlan 10
    [SwitchB-GigabitEthernet1/0/1] quit
    [SwitchB] interface gigabitethernet 1/0/2
    [SwitchB-GigabitEthernet1/0/2] port link-type trunk
    [SwitchB-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
    [SwitchB-GigabitEthernet1/0/2] return

  5. Verify the configuration.

    # Check ACL rules and traffic behavior information.

    <SwitchA> display traffic-applied interface gigabitethernet 1/0/1 inbound
    -----------------------------------------------------------
    ACL applied inbound interface GigabitEthernet1/0/1
    
    ACL 3000
     rule 5 permit tcp  destination-port eq www (match-counter 0)
    ACTIONS:
     mirror to observe-port 1
    -----------------------------------------------------------
    

    # Check the observing port configuration.

    <SwitchA> display observe-port
      ----------------------------------------------------------------------
      Index          : 1
      Untag-packet   : No
      Interface      : GigabitEthernet1/0/2
      Vlan           : 10
      ----------------------------------------------------------------------
    

    # Check the mirrored port configuration.

    <SwitchA> display port-mirroring
      ----------------------------------------------------------------------
      Observe-port 1 : GigabitEthernet1/0/2
      ----------------------------------------------------------------------
      Stream-mirror:
      ----------------------------------------------------------------------
           Behavior               Direction  Observe-port
      ----------------------------------------------------------------------
      1    SACL                   -          Observe-port 1
      ----------------------------------------------------------------------  
    

Configuration Files

  • SwitchA configuration file

    #
    sysname SwitchA
    #
    observe-port 1 interface GigabitEthernet1/0/2 vlan 10
    #
    acl number 3000
     rule 5 permit tcp destination-port eq www
    #
    interface GigabitEthernet1/0/1
     traffic-mirror inbound acl 3000 to observe-port 1
    #
    return
    
  • SwitchB configuration file

    #
    sysname SwitchB
    #
    vlan batch 10
    #
    vlan 10
     mac-address learning disable
    #
    interface GigabitEthernet1/0/1
     port link-type access
     port default vlan 10
    #
    interface GigabitEthernet1/0/2
     port link-type trunk
     port trunk allow-pass vlan 10
    #
    return
Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178113

Views: 136232

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next