No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Network Management and Monitoring

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Local Traffic Mirroring

Example for Configuring Local Traffic Mirroring

Networking Requirements

As shown in Figure 10-6, an enterprise's R&D department connects to the router through Eth2/0/0. The monitoring device (Server) having monitoring software installed is connected to Eth2/0/1 on the router to analyze the captured packets. Users want to monitor all the IPv4 packets sent from host 192.168.1.10/24 in the R&D department.

Figure 10-6  Networking diagram of local traffic mirroring

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configure Eth2/0/1 as the local observing port.
  2. Configure a traffic policy, and apply the traffic policy on Eth2/0/0 to copy IPv4 packets with the source IP address of 192.168.1.10/24 to the observing port.

Procedure

  1. Configure a local observing port.

    # Configure Eth2/0/1 on router as the observing port.

    <Huawei> system-view
    [Huawei] sysname Router
    [Router] observe-port interface ethernet 2/0/1
    

  2. Configure the traffic classifier c1.

    # Create IPv4 ACL 2000 on the router to match the IPv4 packets with the source IP address of 192.168.1.10.

    [Router] acl number 2000
    [Router-acl-basic-2000] rule permit source 192.168.1.10 0
    [Router-acl-basic-2000] quit

    # Create a traffic classifier named c1 and bind it to ACL 2000.

    [Router] traffic classifier c1 
    [Router-classifier-c1] if-match acl 2000
    [Router-classifier-c1] quit

  3. Create a traffic behavior named b1 and configure the local traffic mirroring action in the traffic behavior.

    [Router] traffic behavior b1
    [Router-behavior-b1] mirror to observe-port
    [Router-behavior-b1] quit

  4. Configure a traffic policy.

    # Create a traffic policy named p1 on router, bind the traffic classifier and traffic behavior to the traffic policy, and apply the traffic policy to the inbound direction of Eth2/0/0.

    [Router] traffic policy p1
    [Router-trafficpolicy-p1] classifier c1 behavior b1 
    [Router-trafficpolicy-p1] quit
    [Router] interface ethernet 2/0/0
    [Router-Ethernet2/0/0] traffic-policy p1 inbound
    [Router-Ethernet2/0/0] quit
    [Router] quit
    

  5. Verify the configuration.

    # View the traffic classifier configuration.

    <Router> display traffic classifier user-defined c1 
      User Defined Classifier Information:
       Classifier: c1
        Operator: OR
        Rule(s) : 
         if-match acl 2000                                           

    # View the traffic policy configuration.

    <Router> display traffic policy user-defined p1
      User Defined Traffic Policy Information:
      Policy: p1
       Classifier: c1
        Operator: OR
         Behavior: b1
          mirror to observe-port                                                                                

Configuration Files

  • Configuration file of the router
    #
     sysname Router
    #
     observe-port interface Ethernet2/0/1
    #
    acl number 2000
     rule 5 permit source 192.168.1.10 0
    #
    traffic classifier c1 operator or
     if-match acl 2000
    #
    traffic behavior b1
     mirror to observe-port
    #
    traffic policy p1
     classifier c1 behavior b1
    #
    interface Ethernet2/0/0
     traffic-policy p1 inbound
    #
    return 
Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069336

Views: 29515

Downloads: 172

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next