No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, RMON2, LLDP, Performance Management, iPCA, NQA, Service Diagnosis, Mirroring, Packet Capture, NetStream, sFlow, TWAMP Light, NETCONF, ECA, Intelligent Video O&M, eMDI, and Network Deception.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring MQC-based Layer 2 Remote Traffic Mirroring

Example for Configuring MQC-based Layer 2 Remote Traffic Mirroring

Networking Requirements

In Figure 8-20, external users on the Internet access the servers of a company through SwitchA. The antivirus monitoring device (Server) connects to SwitchA through SwitchB.

The official website of the company is paralyzed because of malicious attacks. The Server needs to remotely analyze traffic with TCP port number WWW to locate the attack source.

Figure 8-20  MQC-based Layer 2 remote traffic mirroring networking

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure GE0/0/2 of SwitchA as a Layer 2 remote observing port to forward mirrored packets to the specified VLAN.
  2. Configure a traffic classifier on SwitchA to match traffic with TCP port number WWW, and configure a traffic behavior to mirror packets to the observing port.
  3. Configure a traffic policy on SwitchA, bind the traffic classifier and traffic behavior to the traffic policy, and apply the traffic policy to GE0/0/1.
  4. Create a VLAN on SwitchB, disable MAC address learning in this VLAN, and add ports to the VLAN to forward the mirrored packets sent from the observing port to the Server.

Procedure

  1. Configure an observing port on SwitchA.

    # Configure GE0/0/2 of SwitchA as a Layer 2 remote observing port and bind the observing port to VLAN 10.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchA
    [SwitchA] observe-port 1 interface gigabitethernet 0/0/2 vlan 10

  2. Configure a traffic classifier on SwitchA.

    # Create a traffic classifier c1 on SwitchA to match traffic with TCP port number WWW.

    [SwitchA] acl number 3000
    [SwitchA-acl-adv-3000] rule permit tcp destination-port eq www
    [SwitchA-acl-adv-3000] quit
    [SwitchA] traffic classifier c1
    [SwitchA-classifier-c1] if-match acl 3000
    [SwitchA-classifier-c1] quit

  3. Configure a traffic behavior on SwitchA.

    # Create a traffic behavior b1 on SwitchA, and define traffic mirroring in the traffic behavior to copy specified traffic to observing port GE0/0/2.

    [SwitchA] traffic behavior b1
    [SwitchA-behavior-b1] mirroring to observe-port 1
    [SwitchA-behavior-b1] quit
    NOTE:

    When configuring outbound traffic mirroring on the S6720EI and S6720S-EI, do not configure other traffic behaviors; otherwise, outbound traffic mirroring is ineffective.

  4. Configure a traffic policy on SwitchA to apply it to an interface.

    # Create a traffic policy p1 on SwitchA, bind the traffic behavior and traffic classifier to the traffic policy, and apply the traffic policy to the inbound direction of GE0/0/1 to monitor traffic with a specified TCP port number.

    [SwitchA] traffic policy p1
    [SwitchA-trafficpolicy-p1] classifier c1 behavior b1
    [SwitchA-trafficpolicy-p1] quit
    [SwitchA] interface gigabitethernet 0/0/1
    [SwitchA-GigabitEthernet0/0/1] traffic-policy p1 inbound
    [SwitchA-GigabitEthernet0/0/1] return

  5. Create a VLAN on SwitchB and add ports to the VLAN.

    # Create VLAN 10 on SwitchB, disable MAC address learning in VLAN 10, and add GE0/0/1 and GE0/0/2 to VLAN 10.

    NOTE:

    VLAN 10 is used for forwarding only mirrored packets. If VLAN 10 already exists and has learned MAC address entries, run the undo mac-address vlan vlan-id command in the system view to delete all MAC address entries in VLAN 10.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchB
    [SwitchB] vlan 10
    [SwitchB-vlan10] mac-address learning disable
    [SwitchB-vlan10] quit
    [SwitchB] interface gigabitethernet 0/0/1
    [SwitchB-GigabitEthernet0/0/1] port link-type access
    [SwitchB-GigabitEthernet0/0/1] port default vlan 10
    [SwitchB-GigabitEthernet0/0/1] quit
    [SwitchB] interface gigabitethernet 0/0/2
    [SwitchB-GigabitEthernet0/0/2] port link-type trunk
    [SwitchB-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
    [SwitchB-GigabitEthernet0/0/2] return

  6. Verify the configuration.

    # Check the traffic classifier configuration.

    <SwitchA> display traffic classifier user-defined c1
      User Defined Classifier Information:
       Classifier: c1
        Operator: OR
        Rule(s) : if-match acl 3000

    # Check the traffic policy configuration.

    <SwitchA> display traffic policy user-defined p1
      User Defined Traffic Policy Information:
      Policy: p1
       Classifier: c1
        Operator: OR
         Behavior: b1
          Mirroring  to observe-port 1

    # Check the observing port configuration.

    <SwitchA> display observe-port
      ----------------------------------------------------------------------
      Index          : 1
      Untag-packet   : No
      Interface      : GigabitEthernet0/0/2
      Vlan           : 10
      ----------------------------------------------------------------------

    # Check the mirrored port configuration.

    <SwitchA> display port-mirroring
      ----------------------------------------------------------------------
      Observe-port 1 : GigabitEthernet0/0/2
      ----------------------------------------------------------------------
      Stream-mirror:
      ----------------------------------------------------------------------
           Behavior               Direction  Observe-port
      ----------------------------------------------------------------------
      1    b1                     -          Observe-port 1
      ----------------------------------------------------------------------  

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065680

Views: 51507

Downloads: 491

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next