Mirroring Configuration Commands
NOTE: The device supports the mirroring function, which is mainly used for network monitoring and fault management and may use user communication information. Huawei will not collect or save user communication information independently. You must use this function in compliance with applicable laws and regulations. Ensure that your customers' privacy is protected when you are using or saving communication information.
display observe-port
Usage Guidelines
After observing ports are configured using the observe-port (local observing port) or observe-port (remote observing port) command in the system view, you can run the display observe-port command to check detailed information about the configured observing ports.
Example
# Display the observing port configuration.
<HUAWEI> display observe-port
----------------------------------------------------------------------
Index : 1
Untag-packet : No
Interface : GigabitEthernet1/0/1
----------------------------------------------------------------------
Index : 2
Untag-packet : No
Interface-range: GigabitEthernet2/0/1 to GigabitEthernet2/0/3
----------------------------------------------------------------------
Index : 3
Untag-packet : No
Interface-range: GigabitEthernet3/0/1 to GigabitEthernet3/0/3
Vlan : 2
----------------------------------------------------------------------
Item |
Description |
|---|---|
Index |
Index of an observing port. This parameter is configured using the observe-port (local observing port) or observe-port (remote observing port) command. |
Untag-packet |
Whether to remove VLAN tags of mirrored packets. This parameter is configured using the observe-port (local observing port) command. NOTE:
VLAN tags of mirrored packets can be removed only when local observing ports are configured on X series cards and packets are mirrored to local observing ports. Each mirrored packet can have at most two VLAN tags removed. |
Interface |
Observing ports configured one by one. This parameter is configured using the observe-port (local observing port) or observe-port (remote observing port) command. |
Interface-range |
Observing ports configured in a batch. This parameter is configured using the observe-port (local observing port) or observe-port (remote observing port) command. |
Vlan |
VLAN ID This parameter is configured using the observe-port (remote observing port) command. |
display port-mirroring
Usage Guidelines
After observing ports and mirrored ports are configured on the switch, you can run the display port-mirroring command to check detailed mirroring configuration on the switch.
Example
# Display the mirroring configuration.
<HUAWEI> display port-mirroring
----------------------------------------------------------------------
Observe-port 1 : GigabitEthernet4/0/1
Observe-port 2 : GigabitEthernet4/0/2
----------------------------------------------------------------------
Port-mirror:
----------------------------------------------------------------------
Mirror-port Direction Observe-port
----------------------------------------------------------------------
1 GigabitEthernet4/0/10 Inbound Observe-port 1
----------------------------------------------------------------------
Stream-mirror:
----------------------------------------------------------------------
Behavior Direction Observe-port
----------------------------------------------------------------------
1 b1 - Observe-port 2
----------------------------------------------------------------------
Item |
Description |
|---|---|
Port-mirror |
Port mirroring configuration. |
Mirror-port |
Mirrored port. This parameter is configured using the port-mirroring to observe-port command. |
Direction |
Direction of mirrored packets:
This parameter is configured using the port-mirroring to observe-port command. |
Observe-port |
Observing port to which mirrored packets are sent. This parameter is configured using the observe-port (local observing port) or observe-port (remote observing port) command. |
Stream-mirror |
Traffic mirroring configuration. |
Behavior |
Traffic behavior of traffic mirroring.
|
mirroring to cpu
Function
The mirroring to cpu command copies traffic matching rules to the CPU.
The undo mirroring command cancels copying traffic matching rules to the CPU.
By default, traffic matching rules is not copied to the CPU.
mirroring to observe-port
Function
The mirroring to observe-port command copies traffic matching rules to observing ports.
The undo mirroring command cancels copying traffic matching rules to observing ports.
By default, traffic matching rules is not copied to observing ports.
Parameters
| Parameter | Description | Value |
|---|---|---|
| observe-port-index | Specifies the index of observing ports. |
The value is an integer that ranges from 1 to 8. |
Usage Guidelines
Usage Scenario
When configuring MQC-based traffic mirroring, you can run the mirroring to observe-port command to copy traffic matching rules to a specified observing port.
Prerequisites
Observing ports have been configured using the observe-port (local observing port) or observe-port (remote observing port) command in the system view.
Precautions
On the EH1D2G48TBC0 and EH1D2G48SBC0 cards of the S9700 and ES1D2G48TBC0 and ES1D2G48SBC0 cards of the S7700, outbound traffic mirroring does not take effect on Eth-Trunks. On other series cards, outbound traffic mirroring is invalid for inter-card traffic.
observe-port (local observing port)
Function
The observe-port command configures local observing ports.
The undo observe-port command deletes local observing ports.
By default, no local observing ports are configured.
Format
observe-port [ observe-port-index ] interface interface-type interface-number [ untag-packet ] (single configuration)
observe-port [ observe-port-index ] interface-range { interface-type interface-number [ to interface-type interface-number ] } &<1-8> [ untag-packet ] (batch configuration)
observe-port observe-port-index interface-range { add | delete } interface-type interface-number
undo observe-port observe-port-index
Parameters
| Parameter | Description | Value |
|---|---|---|
| observe-port-index | Specifies the index of observing ports. |
|
| interface-type interface-number | Specifies the type and number of an interface. |
- |
| add | Adds observing ports to the observing ports configured in a batch. |
- |
| delete | Deletes observing ports from the observing ports configured in a batch. |
- |
| untag-packet | Removes VLAN tags of mirrored packets. NOTE:
VLAN tags of mirrored packets can be removed only when a mirrored port belongs to X series cards, and each mirrored packet can have at most two VLAN tags removed. That is, during observing port configuration, the untag-packet parameter can be configured on ports of any card. If you configure the port-mirroring to observe-port command to bind a mirrored port to an observing port, the function of removing VLAN tags of mirrored packets takes effect only when the mirrored port belongs to X series cards. |
- |
Usage Guidelines
Usage Scenario
When an observing port is directly connected to a monitoring host, you can run the observe-port command to configure a local observing port. Observing ports can be configured one by one or in a batch. The single configuration and batch configuration modes can be used simultaneously. If multiple observing ports are configured in a batch, these observing ports are bound to the same mirrored port. Therefore, batch configuration is often used to simplify the configuration of 1:N mirroring.
Precautions
- The management interface cannot be configured as an observing port.
- If you configure observing ports without specifying observe-port-index, the system selects the smallest unused indexes and assigns the indexes to the observing ports in sequence.
- If you need to update the observing ports configured in a batch, run the observe-port observe-port-index interface-range { add | delete } interface-type interface-number command to add or delete observing ports to or from the configured observing ports.
- In 1:N mirroring, if you configure packets (in the inbound or outbound direction) on a mirrored port to be copied to multiple observing ports configured in a batch, the packets cannot be copied to other observing ports.
- Both Ethernet ports and Eth-Trunks can be configured as observing ports.
- An observing port in blocked state can still forward mirrored packets.
- The maximum number of observing ports varies depending on device models. For details, see Observing Port Specifications in "Mirroring Configuration" in the S7700 and S9700 V200R011C10 Configuration Guide - Network Management and Monitoring.
- An observing port is dedicated to forwarding mirrored traffic. Do not configure other services on an observing port; otherwise, mirrored traffic and other service traffic interfere with each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
Example
# Configure GigabitEthernet1/0/1 as a local observing port.
<HUAWEI> system-view [HUAWEI] observe-port 1 interface gigabitethernet 1/0/1
<HUAWEI> system-view [HUAWEI] observe-port 1 interface-range gigabitethernet 1/0/1 to gigabitethernet 1/0/3
observe-port (remote observing port)
Function
The observe-port command configures remote observing ports.
The undo observe-port command deletes remote observing ports.
By default, no remote observing ports are configured.
Format
observe-port [ observe-port-index ] interface interface-type interface-number vlan vlan-id (Layer 2 remote observing port configured one by one)
observe-port [ observe-port-index ] interface-range { interface-type interface-number [ to interface-type interface-number ] } &<1-8> vlan vlan-id (Layer 2 remote observing ports configured in a batch)
observe-port observe-port-index interface-range { add | delete } interface-type interface-number
undo observe-port observe-port-index
Parameters
| Parameter | Description | Value |
|---|---|---|
| observe-port-index | Specifies the index of observing ports. |
The value is an integer that ranges from 1 to 8. |
| interface-type interface-number | Specifies the type and number of an interface. |
- |
| add | Adds observing ports to the observing ports configured in a batch. |
- |
| delete | Deletes observing ports from the observing ports configured in a batch. |
- |
| vlan vlan-id | Specifies the VLAN ID encapsulated into mirrored packets. |
The value is an integer that ranges from 1 to 4094. |
Usage Guidelines
Usage Scenario
In remote mirroring, a monitoring device and monitored device where an observing port resides are connected through a Layer 2 network. The monitored device adds a specified VLAN tag to mirrored packets, and then the observing port broadcasts the mirrored packets in a specified VLAN so that the mirrored packets can be sent to the monitoring device.
Observing ports can be configured one by one or in a batch. The single configuration and batch configuration modes can be used simultaneously. If multiple observing ports are configured in a batch, these observing ports are bound to the same mirrored port. Therefore, batch configuration is often used to simplify the configuration of 1:N mirroring.
Precautions
- The management interface cannot be configured as an observing port.
- If you configure observing ports without specifying observe-port-index, the system selects the smallest unused indexes and assigns the indexes to the observing ports in sequence.
- If you need to update the observing ports configured in a batch, run the observe-port observe-port-index interface-range { add | delete } interface-type interface-number command to add or delete observing ports to or from the configured observing ports.
- In 1:N mirroring, if you configure packets (in the inbound or outbound direction) on a mirrored port to be copied to multiple observing ports configured in a batch, the packets cannot be copied to other observing ports.
- Both Ethernet ports and Eth-Trunks can be configured as observing ports.
- An observing port in blocked state can still forward mirrored packets.
- The maximum number of observing ports varies depending on device models. For details, see Observing Port Specifications in "Mirroring Configuration" in the S7700 and S9700 V200R011C10 Configuration Guide - Network Management and Monitoring.
- An observing port is dedicated to forwarding mirrored traffic. Do not configure other services on an observing port; otherwise, mirrored traffic and other service traffic interfere with each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
Example
# Configure GigabitEthernet1/0/1 as a Layer 2 remote observing port, and bind the port to VLAN 10.
<HUAWEI> system-view [HUAWEI] observe-port 1 interface gigabitethernet 1/0/1 vlan 10
<HUAWEI> system-view [HUAWEI] observe-port 2 interface-range gigabitethernet 1/0/1 to gigabitethernet 1/0/3 vlan 10
port-mirroring to observe-port
Function
The port-mirroring to observe-port command copies packets on a mirrored port to observing ports.
The undo port-mirroring command cancels copying packets on a mirrored port to observing ports.
By default, packets on a mirrored port are not copied to observing ports.
Format
port-mirroring to observe-port observe-port-index { both | inbound | outbound }
undo port-mirroring [ to observe-port observe-port-index ] { both | inbound | outbound }
Parameters
| Parameter | Description | Value |
|---|---|---|
| observe-port-index | Specifies the index of observing ports. |
The value is an integer that ranges from 1 to 8. |
| both | Copies inbound and outbound packets on a mirrored port to observing ports. |
- |
| inbound | Copies inbound packets on a mirrored port to observing ports. |
- |
| outbound | Copies outbound packets on a mirrored port to observing ports. |
- |
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view
Usage Guidelines
Usage Scenario
In port mirroring, you can run the port-mirroring to observe-port command to copy packets that pass through a mirrored port to specified observing ports.
Prerequisites
Observing ports have been configured using the observe-port (local observing port) or observe-port (remote observing port) command in the system view.
Precautions
To prevent mirrored packets from being lost, ensure that mirrored and monitoring ports have the same port type and bandwidth.
Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.
Previous
