No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Mirroring Configuration Commands

Mirroring Configuration Commands

NOTE:

The device supports the mirroring function, which is mainly used for network monitoring and fault management and may use user communication information. Huawei will not collect or save user communication information independently. You must use this function in compliance with applicable laws and regulations. Ensure that your customers' privacy is protected when you are using or saving communication information.

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

display observe-port

Function

The display observe-port command displays the observing port configuration.

Format

display observe-port

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After observing ports are configured using the observe-port (local observing port) or observe-port (Layer 2 remote observing port) command in the system view, you can run the display observe-port command to check detailed information about the configured observing ports.

Example

# Display the observing port configuration.

<HUAWEI> display observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Interface      : GigabitEthernet1/0/1
  ----------------------------------------------------------------------
  Index          : 2
  Untag-packet   : No
  Interface-range: GigabitEthernet1/0/2
  Vlan           : 20
  ----------------------------------------------------------------------
  Index          : 3
  Untag-packet   : No
  Interface-range: GigabitEthernet1/0/3 to GigabitEthernet1/0/5
  ----------------------------------------------------------------------
Table 16-81  Description of the display observe-port command output
Item Description
Index

Index of an observing port.

Untag-packet

Whether to remove VLAN tags of original traffic.

Interface

An single observing port.

Interface-range

The observing ports in an observing port group.

Vlan

Layer 2 remote mirroring VLAN.

display port-mirroring

Function

The display port-mirroring command displays the mirroring configuration.

Format

display port-mirroring

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After observing ports and mirrored ports are configured on the switch, you can run the display port-mirroring command to check detailed mirroring configuration on the switch.

Example

# Display the mirroring configuration.

<HUAWEI> display port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet1/0/1
  Observe-port 2 : GigabitEthernet1/0/2
  ----------------------------------------------------------------------
  Port-mirror:
  ----------------------------------------------------------------------
       Mirror-port               Direction  Observe-port
  ----------------------------------------------------------------------
  1    GigabitEthernet1/0/10     Inbound    Observe-port 1
  ----------------------------------------------------------------------
  Stream-mirror:
  ----------------------------------------------------------------------
       Behavior                  Direction  Observe-port
  ----------------------------------------------------------------------
  1    b1                        -          Observe-port 2
  ----------------------------------------------------------------------
Table 16-82  Description of the display port-mirroring command output

Item

Description

Port-mirror

Port mirroring configuration.

Mirror-port

Mirrored port. This parameter is configured using the port-mirroring to observe-port command.

Direction

Direction of mirrored packets:
  • Inbound

  • Outbound

This parameter is configured using the port-mirroring to observe-port command.

Observe-port

Observing port to which mirrored packets are sent. This parameter is configured using the observe-port (local observing port) or observe-port (Layer 2 remote observing port) command.

Stream-mirror

Traffic mirroring configuration.

Behavior

Traffic behavior of traffic mirroring.

mirroring to cpu

Function

The mirroring to cpu command copies traffic matching rules to the CPU.

The undo mirroring command cancels copying traffic matching rules to the CPU.

By default, traffic matching rules is not copied to the CPU.

Format

mirroring to cpu

undo mirroring

Parameters

None

Views

Traffic behavior view

Default Level

3: Management level

Usage Guidelines

When configuring MQC-based traffic mirroring, you can run the mirroring to cpu command to copy traffic matching rules to the CPU of an LPU for analysis.

Running this command will affect the CPU of an LPU. Therefore, use this command with caution.

Example

# Copy traffic matching rules to the CPU.

<HUAWEI> system-view
[HUAWEI] traffic behavior tb1
[HUAWEI-behavior-tb1] mirroring to cpu

mirroring to observe-port

Function

The mirroring to observe-port command copies traffic matching rules to observing ports.

The undo mirroring command cancels copying traffic matching rules to observing ports.

By default, traffic matching rules is not copied to observing ports.

Format

mirroring to observe-port observe-port-index

undo mirroring

Parameters

Parameter Description Value
observe-port-index

Specifies the index of observing ports.

The value is an integer that ranges from 1 to 8.

Views

Traffic behavior view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When configuring MQC-based traffic mirroring, you can run the mirroring to observe-port command to copy traffic matching rules to a specified observing port.

Prerequisites

Observing ports have been configured using the observe-port (local observing port) or observe-port (Layer 2 remote observing port) command in the system view.

Example

# Copy traffic matching rules to observing ports with index 1.

<HUAWEI> system-view
[HUAWEI] observe-port 1 interface gigabitethernet 1/0/1
[HUAWEI] traffic behavior tb1
[HUAWEI-behavior-tb1] mirroring to observe-port 1

observe-port (local observing port)

Function

The observe-port command configures local observing ports.

The undo observe-port command deletes local observing ports.

By default, no local observing ports are configured.

Format

Configure a single local observing port

observe-port [ observe-port-index ] interface interface-type interface-number [ untag-packet ]

Configure a local observing port group

observe-port [ observe-port-index ] interface-range { interface-type interface-number [ to interface-type interface-number ] } &<1-8> [ untag-packet ]

observe-port observe-port-index interface-range { add | delete } interface-type interface-number

undo observe-port observe-port-index

Parameters

Parameter Description Value
observe-port-index

Specifies the index of an observing port.

The value is an integer that ranges from 1 to 8.

interface-type interface-number

Specifies the type and number of an interface.

-
add

Adds observing ports to the observing port group.

-
delete

Deletes observing ports from the observing port group.

-
untag-packet

Removes VLAN tags of original traffic.

NOTE:

The function of removing VLAN tags of original traffic takes effect only when the mirrored port belongs to X series cards.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When an observing port is directly connected to a monitoring host, you can run the observe-port command to configure a local observing port. There are two modes for configuring observing ports: configure a single observing port and configure an observing port group. Observing port group is often used in 1:N mirroring to simplify the configuration and save observing port indexes. This is because an observing port group occupies only one observing port index regardless of how many ports are configured in the group.

Precautions

  • The management interface cannot be configured as an observing port.

  • If you configure observing ports without specifying observe-port-index, the system selects the smallest unused indexes and assigns the indexes to the observing ports in sequence.
  • In 1:N mirroring, if you configure packets (in the inbound or outbound direction) on a mirrored port to be copied to an observing port group, the packets cannot be copied to other observing ports.
  • Both Ethernet ports and Eth-Trunks can be configured as observing ports.
  • An observing port in blocked state can still forward mirrored traffic.
  • You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.

Example

# Configure GigabitEthernet1/0/1 as a local observing port.

<HUAWEI> system-view
[HUAWEI] observe-port 1 interface gigabitethernet 1/0/1
# Configure GigabitEthernet1/0/1 through GigabitEthernet1/0/3 as a local observing port group.
<HUAWEI> system-view
[HUAWEI] observe-port 1 interface-range gigabitethernet 1/0/1 to gigabitethernet 1/0/3

observe-port (Layer 2 remote observing port)

Function

The observe-port command configures Layer 2 remote observing ports.

The undo observe-port command deletes Layer 2 remote observing ports.

By default, no Layer 2 remote observing ports are configured.

Format

Configure a single Layer 2 remote observing port

observe-port [ observe-port-index ] interface interface-type interface-number vlan vlan-id

Configure a Layer 2 remote observing port group

observe-port [ observe-port-index ] interface-range { interface-type interface-number [ to interface-type interface-number ] } &<1-8> vlan vlan-id

observe-port observe-port-index interface-range { add | delete } interface-type interface-number

undo observe-port observe-port-index

Parameters

Parameter Description Value
observe-port-index

Specifies the index of an observing port.

The value is an integer that ranges from 1 to 8.

interface-type interface-number

Specifies the type and number of an interface.

-
add

Adds observing ports to the observing port group.

-
delete

Deletes observing ports from the observing port group.

-
vlan vlan-id

Specifies the Layer 2 remote mirroring VLAN.

The value is an integer that ranges from 1 to 4094.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In Layer 2 remote mirroring, a monitoring device and monitored device where an observing port resides are connected through a Layer 2 network. The monitored device adds a specified VLAN tag to mirrored traffic, and then the observing port broadcasts the mirrored traffic in the Layer 2 remote mirroring VLAN so that the mirrored traffic can be flooded to the monitoring device. There are two modes for configuring observing ports: configure a single observing port and configure an observing port group. Observing port group is often used in 1:N mirroring to simplify the configuration and save observing port indexes. This is because an observing port group occupies only one observing port index regardless of how many ports are configured in the group.

Precautions

  • The management interface cannot be configured as an observing port.

  • If you configure observing ports without specifying observe-port-index, the system selects the smallest unused indexes and assigns the indexes to the observing ports in sequence.
  • In 1:N mirroring, if you configure packets (in the inbound or outbound direction) on a mirrored port to be copied to an observing port group, the packets cannot be copied to other observing ports.
  • Both Ethernet ports and Eth-Trunks can be configured as observing ports.
  • An observing port in blocked state can still forward mirrored traffic.
  • You must dedicate observing ports for mirroring use and do not configure other services on them to prevent mirrored traffic and other service traffic from affecting each other. Do not configure any member port of an Eth-Trunk as an observing port. If you must do so, ensure that the bandwidth of service traffic on this port and the bandwidth occupied by the mirrored traffic do not exceed the bandwidth limit of the port.
  • An Eth-Trunk can meet at most four of the following items:
    • The Eth-Trunk is a Layer 2 interface, or the working mode of the Eth-Trunk is changed from Layer 3 to Layer 2 using the portswitch or portswitch batch command.
    • Interfaces on the cards except the X series cards are configured as Eth-Trunk member interfaces using the trunkport or eth-trunk command.
    • The Eth-Trunk or an Eth-Trunk member interface that does not reside on the X series cards is configured as a Layer 2 remote observing port using the observe-port (Layer 2 remote observing port) command.
    • The operating mode of the spanning tree protocol is set to VBST on the switch using the stp mode (system view) command.
    • VBST is enabled on the Eth-Trunk using the stp enable command.

Example

# Configure GigabitEthernet1/0/1 as a Layer 2 remote observing port.

<HUAWEI> system-view
[HUAWEI] observe-port 1 interface gigabitethernet 1/0/1 vlan 10
# Configure GigabitEthernet1/0/1 through GigabitEthernet1/0/3 as a Layer 2 remote observing port group.
<HUAWEI> system-view
[HUAWEI] observe-port 2 interface-range gigabitethernet 1/0/1 to gigabitethernet 1/0/3 vlan 10

port-mirroring to observe-port

Function

The port-mirroring to observe-port command configures a mirrored port and bind it to an observing port. That is, copy packets on the mirrored port to a specified observing port..

The undo port-mirroring command restores the default configuration.

By default, there are no mirrored ports on the device.

Format

port-mirroring to observe-port observe-port-index { both | inbound | outbound }

undo port-mirroring [ to observe-port observe-port-index ] { both | inbound | outbound }

Parameters

Parameter Description Value
observe-port-index

Specifies the index of observing ports.

The value is an integer that ranges from 1 to 8.

both

Copies inbound and outbound packets on a mirrored port to observing ports.

-

inbound

Copies inbound packets on a mirrored port to observing ports.

-

outbound

Copies outbound packets on a mirrored port to observing ports.

-

Views

GE interface view, XGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In port mirroring, you can run the port-mirroring to observe-port command to copy packets that pass through a mirrored port to specified observing ports.

Prerequisites

Observing ports have been configured using the observe-port (local observing port) or observe-port (Layer 2 remote observing port) command in the system view.

Precautions

To prevent mirrored packets from being lost, ensure that mirrored and monitoring ports have the same port type and bandwidth.

Both physical interfaces and Eth-Trunks can be configured as mirrored ports. If an Eth-Trunk is configured as a mirrored port, its member ports cannot be configured as observing ports.

Example

# Configure port mirroring for inbound packets on GigabitEthernet1/0/1.

<HUAWEI> system-view
[HUAWEI] observe-port 1 interface gigabitethernet 1/0/2
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port-mirroring to observe-port 1 inbound
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 115243

Downloads: 83

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next