No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Port Mirroring

Example for Configuring Port Mirroring

This section provides an example of how to configure VLAN port mirroring.

Networking Requirements

As shown in Figure 14-3, SwitchA forwards user packets from VLAN 10 and VLAN 20 to Device B. To monitor VLAN 10's user packets that are forwarded to Device B through interface2, configure Device B's interface1 as an observing port. Then, configure port mirroring on interface2 to copy all user packets received on interface2 to interface1. Finally, use HostD to analyze the user packets received on interface1.

Figure 14-3 Port mirroring
NOTE:
  • The configurations in this example are performed on Device B and Device C. HUAWEI NE20E-S2 can function as Device B and Device C.
  • Interface1, interface2, and Interface3 in this example are GE 0/1/0, 0/3/0, and 0/3/1, respectively.


Device Name

Interface Name

Interface IP Address

Interface MAC Address

DeviceB

GE 0/1/0

9.1.1.1/24

-

DeviceB

GE 0/3/0

- -

DeviceB

GE 0/3/1

8.1.1.2/24

-

DeviceC

GE 0/1/0

8.1.1.1/24

-

Precautions

Do not configure an interface as both an observing port and a mirroring port.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure Device B's GE 0/1/0 as an observing port.

  2. Configure Device B's GE 0/3/0 as a mirroring port, and enable port mirroring.

Data Preparation

To complete the configuration, you need the following data:

  • Interface types and numbers for an observing port and a mirroring port

Procedure

  1. Configure router interface IP addresses and ensure route reachability.
  2. Configure GE 0/1/0 as an observing port.

    <DeviceB> system-view
    [~DeviceB] interface gigabitethernet0/1/0
    [*DeviceB-GigabitEthernet0/1/0] port-observing observe-index 1
    [*DeviceB-GigabitEthernet0/1/0] commit
    [~DeviceB-GigabitEthernet0/1/0] quit

  3. Configure GE 0/3/0 as a mirroring port, and enable inbound traffic mirroring for VLAN 10.

    [~DeviceB] vlan 10
    [*DeviceB-vlan10] commit
    [~DeviceB-vlan10] quit
    [~DeviceB] interface gigabitethernet0/3/0
    [~DeviceB-GigabitEthernet0/3/0] portswitch
    [*DeviceB-GigabitEthernet0/3/0] port default vlan 10
    [*DeviceB-GigabitEthernet0/3/0] port-mirroring inbound vlan 10
    [*DeviceB-GigabitEthernet0/3/0] commit
    [~DeviceB-GigabitEthernet0/3/0] quit

    After the preceding configurations are complete, VLAN 10's user packets received on GE 0/3/0 are mirrored to GE 0/1/0.

  4. Specify the observing port for GE 0/3/0.

    [~DeviceB] interface gigabitethernet0/3/0
    [~DeviceB-GigabitEthernet0/3/0] port-mirroring to observe-index 1
    [*DeviceB-GigabitEthernet0/3/0] commit
    [~DeviceB-GigabitEthernet0/3/0] quit

  5. Verify the configuration.

    To view traffic mirroring information, run the ping command or use other traffic generation methods. For example, you can send 10 ping packets from SwitchA to Device B's GE 0/3/0 and check whether all the 10 ping packets are received on HostD.

    Check GE 0/1/0 information on Device B.

    <DeviceB> display interface gigabitethernet0/1/0
    GigabitEthernet0/1/0 current state : UP
    Line protocol current state : UP
    Description:HUAWEI, GigabitEthernet0/1/0 Interface
    Route Port,The Maximum Transmit Unit is 1500
    Internet protocol processing : disabled
    IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7d-a497
    The Vendor PN is HFBR-5710L
    Port BW: 1G, Transceiver max BW: 1G, Transceiver Mode: MultiMode
    WaveLength: 850nm, Transmission Distance: 550m
     Loopback:none, full-duplex mode, negotiation: disable, Pause Flowcontrol:Send and Receive Enable
    Statistics last cleared:never
        Last 300 seconds input rate: 0 bits/sec, 0 packets/sec
        Last 300 seconds output rate: 0 bits/sec, 0 packets/sec
        Input: 107628 bytes, 1016 packets
        Output: 107628 bytes, 1016 packets
        Input:
          Unicast: 0, Multicast: 0
          Broadcast: 0, JumboOctets: 0
          CRC: 0, Symbol: 0
          Overrun: 0 , InRangeLength: 0
          LongPacket: 0 , Jabber: 0, Alignment: 0
          Fragment: 0, Undersized Frame: 0
          RxPause: 0
        Output:
          Unicast: 10, Multicast: 0
          Broadcast: 0, Jumbo: 0
          Lost: 0, Overflow: 0, Underrun: 0
          TxPause: 0                                    

Configuration Files

  • Device B configuration file

    #
     sysname DeviceB
     vlan 10
    #
    interface GigabitEthernet0/3/0
     portswitch
     port default vlan 10
     port-mirroring inbound vlan 10
     port-mirroring to observe-index 1
    #
    interface GigabitEthernet0/3/1
     ip address 8.1.1.2 255.255.255.0
    #
    interface GigabitEthernet0/1/0
     ip address 9.1.1.1 255.255.255.0
     port-observing observe-index 1
    #
    return
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 21690

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next