S1720, S2700, S5700, and S6720 V200R011C10 Command Reference
This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Mirroring Configuration Commands
The device supports the mirroring function, which is mainly used for network monitoring and fault management and may use user communication information. Huawei will not collect or save user communication information independently. You must use this function in compliance with applicable laws and regulations. Ensure that your customers' privacy is protected when you are using or saving communication information.
display observe-port
Usage Guidelines
After observing ports are configured using the observe-port (local observing port) or observe-port (remote observing port) command in the system view, you can run the display observe-port command to check detailed information about the configured observing ports.
Example
# Display the observing port configuration.
<HUAWEI> display observe-port
----------------------------------------------------------------------
Index : 1
Untag-packet : No
Interface : GigabitEthernet0/0/1
Vlan : 10
----------------------------------------------------------------------
Item |
Description |
|---|---|
Index |
Index of an observing port. This parameter is configured using the observe-port (local observing port) or observe-port (remote observing port) command. |
Untag-packet |
Whether to remove VLAN tags of mirrored packets. This parameter is configured using the observe-port (local observing port) command. NOTE:
VLAN tags of mirrored packets can be removed only when local observing ports are configured on an S5720HI. Each mirrored packet can have at most two VLAN tags removed. |
Interface |
Observing ports configured one by one. This parameter is configured using the observe-port (local observing port) or observe-port (remote observing port) command. |
Vlan |
ID of the VLAN to which an observing port belongs. This parameter is configured using the observe-port (remote observing port) command. |
display port-mirroring
Usage Guidelines
After observing ports and mirrored ports are configured on the switch, you can run the display port-mirroring command to check detailed mirroring configuration on the switch.
Example
# Display the mirroring configuration.
<HUAWEI> display port-mirroring
----------------------------------------------------------------------
Observe-port 1 : GigabitEthernet0/0/2
----------------------------------------------------------------------
Port-mirror:
----------------------------------------------------------------------
Mirror-port Direction Observe-port
----------------------------------------------------------------------
1 GigabitEthernet0/0/15 Inbound Observe-port 1
----------------------------------------------------------------------
Stream-mirror:
----------------------------------------------------------------------
Behavior Direction Observe-port
----------------------------------------------------------------------
1 b1 - Observe-port 1
----------------------------------------------------------------------
Vlan-mirror:
----------------------------------------------------------------------
Mirror-vlan Direction Observe-port
----------------------------------------------------------------------
10 Inbound Observe-port 1
----------------------------------------------------------------------
Mac-mirror:
----------------------------------------------------------------------
Mirror-mac Vlan Direction Observe-port
----------------------------------------------------------------------
0001-0001-0001 10 Inbound Observe-port 1
----------------------------------------------------------------------
Item |
Description |
|---|---|
Port-mirror |
Port mirroring configuration. |
Mirror-port |
Mirrored port. This parameter is configured using the port-mirroring to observe-port command. |
Direction |
Direction of mirrored packets:
This parameter is configured using the port-mirroring to observe-port command. |
Observe-port |
Observing port to which mirrored packets are sent. This parameter is configured using the observe-port (local observing port) or observe-port (remote observing port) command. |
Stream-mirror |
Traffic mirroring configuration. |
Behavior |
Traffic behavior of traffic mirroring.
|
Vlan-mirror |
VLAN mirroring configuration. |
Mirror-vlan |
VLAN ID in VLAN mirroring. This parameter is configured using the mirroring to observe-port (VLAN view) command. |
Mac-mirror |
MAC address mirroring configuration. |
Mirror-mac |
MAC address in MAC address mirroring. This parameter is configured using the mac-mirroring command. |
Vlan |
VLAN in which MAC address mirroring is used. |
mac-mirroring
Function
The mac-mirroring command copies packets with a specified MAC address to observing ports.
The undo mac-mirroring command cancels copying packets with a specified MAC address to observing ports.
By default, packets with a specified MAC address are not copied to observing ports.
This command is not supported by the S5720HI.
Format
mac-mirroring mac-address to observe-port observe-port-index inbound
undo mac-mirroring mac-address [ to observe-port observe-port-index ] inbound
Parameters
Parameter |
Description |
Value |
|---|---|---|
mac-address |
Specifies the MAC address of mirrored packets. |
The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. |
observe-port-index |
Specifies the index of observing ports. |
The value is an integer. The value ranges from 1 to 8 on the S5720EI, S6720EI, or S6720S-EI. The value is 1 on other devices. |
inbound |
Copies inbound packets on all the active ports in a VLAN to observing ports. |
- |
Usage Guidelines
Usage Scenario
In MAC address mirroring, you can run the mac-mirroring command to copy packets matching a specified source or destination MAC address in a VLAN to observing ports.
Prerequisites
Observing ports have been configured using the observe-port (local observing port) or observe-port (remote observing port) command in the system view.
Precautions
Currently, in MAC address mirroring, only the packets that are received by all the active ports in a VLAN and contain a specified MAC address can be copied to observing ports.
Example
# Copy inbound packets of which the source or destination MAC address is 0000-0000-0001 on the active ports in VLAN 3 to observing ports with index 1.
<HUAWEI> system-view [HUAWEI] observe-port 1 interface gigabitethernet 0/0/1 [HUAWEI] vlan 3 [HUAWEI-vlan3] mac-mirroring 0000-0000-0001 to observe-port 1 inbound
mirroring to observe-port (VLAN view)
Function
The mirroring to observe-port command copies packets on all the active ports in a VLAN to observing ports.
The undo mirroring command cancels copying packets on all the active ports in a VLAN to observing ports.
By default, packets on all the active ports in a VLAN are not copied to observing ports.
This command is not supported by the S5720HI.
Format
mirroring to observe-port observe-port-index inbound
undo mirroring [ to observe-port observe-port-index ] inbound
Usage Guidelines
Usage Scenario
In VLAN mirroring, you can run the mirroring to observe-port command to copy packets on all the active ports in a specified VLAN to observing ports.
Prerequisites
Observing ports have been configured using the observe-port (local observing port) or observe-port (remote observing port) command in the system view.
Precautions
Currently, in VLAN mirroring, only the packets that are received by all the active ports in a VLAN can be copied to observing ports.
mirroring to observe-port (traffic behavior view)
Function
The mirroring to observe-port command copies traffic that matches rules to observing ports.
The undo mirroring command cancels copying traffic that matches rules to observing ports.
By default, the switch does not copy traffic that matches rules to observing ports.
Usage Guidelines
Usage Scenario
In traffic mirroring, you can run the mirroring to observe-port command to copy traffic that matches rules to specified observing ports.
Prerequisites
Observing ports have been configured using the observe-port (local observing port) or observe-port (remote observing port) command in the system view.
observe-port (local observing port)
Function
The observe-port command configures local observing ports.
The undo observe-port command deletes local observing ports.
By default, no local observing ports are configured.
Format
observe-port [ observe-port-index ] interface interface-type interface-number [ untag-packet ] (single configuration)
observe-port [ observe-port-index ] interface-range { interface-type interface-number [ to interface-type interface-number ] } &<1-n> [ untag-packet ] (batch configuration, supported only by the S5720EI, S5720HI, S6720EI, and S6720S-EI; n in &<1-n> is 4 on an S5720EI, S6720EI, or S6720S-EI and 8 on an S5720HI)
observe-port observe-port-index interface-range { add | delete } interface-type interface-number (supported only by the S5720EI, S5720HI, S6720EI, and S6720S-EI)
undo observe-port observe-port-index
Parameters
Usage Guidelines
Usage Scenario
When an observing port is directly connected to a monitoring host, you can run the observe-port command to configure a local observing port. Observing ports can be configured one by one or in a batch. The single configuration and batch configuration modes can be used simultaneously. If multiple observing ports are configured in a batch, these observing ports are bound to the same mirrored port. Therefore, batch configuration is often used to simplify the configuration of 1:N mirroring.
Precautions
- The management interface cannot be configured as an observing port.
- If you configure observing ports without specifying observe-port-index, the system selects the smallest unused indexes and assigns the indexes to the observing ports in sequence.
- If you need to update the observing ports configured in a batch, run the observe-port observe-port-index interface-range { add | delete } interface-type interface-number command to add or delete observing ports to or from the configured observing ports.
- In 1:N mirroring, if you configure packets (in the inbound or outbound direction) on a mirrored port to be copied to multiple observing ports configured in a batch, the packets cannot be copied to other observing ports.
- On the S5720EI, S5720HI, S6720EI, and S6720S-EI, both Ethernet ports and Eth-Trunks can be configured as observing ports. On other devices, only Ethernet ports can be configured as observing ports.
- An observing port in blocked state can still forward mirrored packets.
- The maximum number of observing ports varies depending on device models. For details, see Observing Port Specifications in "Mirroring Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Network Management and Monitoring.
- An observing port is dedicated to forwarding mirrored traffic. Do not configure other services on an observing port; otherwise, mirrored traffic and other service traffic interfere with each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
Example
# Configure GigabitEthernet0/0/1 as a local observing port.
<HUAWEI> system-view [HUAWEI] observe-port 1 interface gigabitethernet 0/0/1
<HUAWEI> system-view [HUAWEI] observe-port 1 interface-range gigabitethernet 0/0/1 to gigabitethernet 0/0/3
observe-port (remote observing port)
Function
The observe-port command configures remote observing ports.
The undo observe-port command deletes remote observing ports.
By default, no remote observing ports are configured.
Format
observe-port [ observe-port-index ] interface interface-type interface-number vlan vlan-id (Layer 2 remote observing port configured one by one)
observe-port [ observe-port-index ] interface-range { interface-type interface-number [ to interface-type interface-number ] } &<1-n> vlan vlan-id (Layer 2 remote observing ports configured in a batch, supported only by the S5720EI, S5720HI, S6720EI, and S6720S-EI; n in &<1-n> is 4 on an S5720EI, S6720EI, or S6720S-EI and 8 on an S5720HI)
observe-port observe-port-index interface-range { add | delete } interface-type interface-number (supported only by the S5720EI, S5720HI, S6720EI, and S6720S-EI)
undo observe-port observe-port-index
Parameters
| Parameter | Description | Value |
|---|---|---|
| observe-port-index | Specifies the index of observing ports. |
The value is an integer. The value ranges from 1 to 8 on the S5720EI, S5720HI, S6720EI, or S6720S-EI, and ranges from 1 to 6 on other devices. |
| interface-type interface-number | Specifies the type and number of an interface. |
- |
| add | Adds observing ports to the observing ports configured in a batch. |
- |
| delete | Deletes observing ports from the observing ports configured in a batch. |
- |
| vlan vlan-id | Specifies the VLAN ID encapsulated into mirrored packets. |
The value is an integer that ranges from 1 to 4094. |
Usage Guidelines
Usage Scenario
In remote mirroring, a monitoring device and monitored device where an observing port resides are connected through a Layer 2 network. The monitored device adds a specified VLAN tag to mirrored packets, and then the observing port broadcasts the mirrored packets in a specified VLAN so that the mirrored packets can be sent to the monitoring device.
Observing ports can be configured one by one or in a batch. The single configuration and batch configuration modes can be used simultaneously. If multiple observing ports are configured in a batch, these observing ports are bound to the same mirrored port. Therefore, batch configuration is often used to simplify the configuration of 1:N mirroring.
Precautions
- The management interface cannot be configured as an observing port.
- If you configure observing ports without specifying observe-port-index, the system selects the smallest unused indexes and assigns the indexes to the observing ports in sequence.
- If you need to update the observing ports configured in a batch, run the observe-port observe-port-index interface-range { add | delete } interface-type interface-number command to add or delete observing ports to or from the configured observing ports.
- In 1:N mirroring, if you configure packets (in the inbound or outbound direction) on a mirrored port to be copied to multiple observing ports configured in a batch, the packets cannot be copied to other observing ports.
- On the S5720EI, S5720HI, S6720EI, and S6720S-EI, both Ethernet ports and Eth-Trunks can be configured as observing ports. On other devices, only Ethernet ports can be configured as observing ports.
- An observing port in blocked state can still forward mirrored packets.
- The maximum number of observing ports varies depending on device models. For details, see Observing Port Specifications in "Mirroring Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10 Configuration Guide - Network Management and Monitoring.
- An observing port is dedicated to forwarding mirrored traffic. Do not configure other services on an observing port; otherwise, mirrored traffic and other service traffic interfere with each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
The mac-address learning disable command must be run in the VLAN view to disable the MAC address learning function in VLANs on all the intermediate devices between the monitoring device and the observing port. Otherwise, mirrored traffic will be discarded on the intermediate devices.
Example
# Configure GigabitEthernet0/0/1 as a Layer 2 remote observing port, and bind the port to VLAN 10.
<HUAWEI> system-view [HUAWEI] observe-port 1 interface gigabitethernet 0/0/1 vlan 10
<HUAWEI> system-view [HUAWEI] observe-port 2 interface-range gigabitethernet 0/0/1 to gigabitethernet 0/0/3 vlan 10
port-mirroring to observe-port
Function
The port-mirroring to observe-port command copies packets on a mirrored port to observing ports.
The undo port-mirroring command cancels copying packets on a mirrored port to observing ports.
By default, packets on a mirrored port are not copied to observing ports.
Format
port-mirroring to observe-port observe-port-index { both | inbound | outbound }
undo port-mirroring [ to observe-port observe-port-index ] { both | inbound | outbound }
Parameters
| Parameter | Description | Value |
|---|---|---|
| observe-port-index | Specifies the index of observing ports. |
The value is an integer. The value ranges from 1 to 8 on the S5720EI, S5720HI, S6720EI, or S6720S-EI, and ranges from 1 to 6 on other devices. |
| both | Copies inbound and outbound packets on a mirrored port to observing ports. |
- |
| inbound | Copies inbound packets on a mirrored port to observing ports. |
- |
| outbound | Copies outbound packets on a mirrored port to observing ports. |
- |
Views
Ethernet interface view, GE interface view, XGE interface view, MultiGE interface view, 40GE interface view, Eth-Trunk interface view, port group view
Usage Guidelines
Usage Scenario
In port mirroring, you can run the port-mirroring to observe-port command to copy packets that pass through a mirrored port to specified observing ports.
Prerequisites
Observing ports have been configured using the observe-port (local observing port) or observe-port (remote observing port) command in the system view.
Precautions
To prevent mirrored packets from being lost, ensure that mirrored and monitoring ports have the same port type and bandwidth.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.