No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Network Management and Monitoring

CloudEngine 8800, 7800, 6800, and 5800 V200R005C10

This document describes the configurations of Network Management and Monitoring, including SNMP, RMON, NETCONF, OpenFlow, LLDP, NQA, Mirroring, Packet Capture, Packet Trace, Path and Connectivity Detection Configuration, NetStream, sFlow, and iPCA.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Local Traffic Mirroring

Configuring Local Traffic Mirroring

Context

In local traffic mirroring, packets of a specified service flow that passes through a port are copied to observing ports, which then send the packets to their directly connected monitoring devices.

The CE6870EI/CE6875EI also supports observing port groups. An observing port group contains multiple member ports. When an observing port group is configured for packet mirroring, packets mirrored to the observing port group are copied to all its member ports.

NOTE:
  • Only the CE6870EI/CE6875EI supports observing port groups.

  • When packet monitoring is not required, you are advised to cancel the mirroring configuration to reduce the system cost.

  • To prevent other services from conflicting with mirroring services, you are advertised not to configure other services on observing ports. To configure other services on observing ports, run the observe-port filter enable command in the system view to enable the observing port filter.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure a local observing port or an observing port group.

    • Configuring a local observing port

      1. Run observe-port [ observe-port-index ] interface interface-type interface-number [ cir cir-value [ kbps | mbps | gbps ] ]

        A local observing port is configured.

        By default, no local observing port is configured.

        NOTE:

        Only the CE6880EI and CE5880EI support the cir cir-value [ kbps | mbps | gbps ] parameter.

    • Configuring an observing port group

      1. Run observe-port group group-id

        The observing port group is configured and the observing port group view is displayed.

        By default, no observing port group is configured.

      2. Run group-member { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-8>

        The member ports are added to the observing port group.

      3. Run quit

        Exit from the observing port group view.

  3. (Optional) Run observe-port filter enable

    The observing port filter is enabled.

    By default, after a port is configured as an observing port, the port filter is disabled.

    NOTE:

    Only the CE6870EI and CE6875EI support this function.

  4. Configure a mirrored port and packet matching rules.

    Two methods are available: simplified traffic mirroring and MQC-based traffic mirroring. Simplified traffic mirroring is easy to configure and applies to configuration delivery and management in FabricInsight. MQC-based traffic mirroring is complex to configure but has rich and detailed packet matching rules.

    Simplified traffic mirroring

    • Configure simplified traffic mirroring globally.
      1. Run traffic-mirroring [ vxlan [ tag-format { none | single } ] ] { tcp-flag { ack | fin | psh | rst | syn | urg } * } observe-port observe-port-index &<1-8> inbound [ slot slot-id ]

        Simplified traffic mirroring is configured globally.

        By default, simplified traffic mirroring is not configured globally.

        NOTE:

        You can specify 1 to 8 observe-port-index parameters simultaneously only on the CE6870EI and CE6875EI.

      2. Run commit

        The configuration is committed.

    • Configure simplified traffic mirroring on an interface.
      1. Run interface interface-type interface-number

        The interface view is displayed.

      2. Run traffic-mirroring [ vxlan [ tag-format { none | single } ] ] { tcp-flag { ack | fin | psh | rst | syn | urg } * } observe-port observe-port-index &<1-8> inbound

        Simplified traffic mirroring is configured on the specified interface.

        By default, simplified traffic mirroring is not configured on an interface.

        NOTE:

        You can specify 1 to 8 observe-port-index parameters simultaneously only on the CE6870EI and CE6875EI.

        Simplified traffic mirroring cannot be configured in the port group view.

        If simplified traffic mirroring is configured in both the system view and interface view, the configuration in the interface view takes effect.

      3. Run commit

        The configuration is committed.

    MQC-based traffic mirroring

    1. Configure a traffic classifier.
      1. Run traffic classifier classifier-name [ type { and | or } ]

        A traffic classifier is created and the traffic classifier view is displayed, or the view of an existing traffic classifier is displayed.

        and is the logical operator between the rules in a traffic classifier, which means that:
        • If a traffic classifier contains ACL rules, packets match the traffic classifier only if they match one ACL rule and all the non-ACL rules.

        • If a traffic classifier does not contain any ACL rules, packets match the traffic classifier only if they match all the rules in the classifier.

        The logical operator or means that packets match a traffic classifier if they match one or more rules in the classifier.

        By default, the relationship between rules in a traffic classifier is or.

      2. Run if-match

        Matching rules are defined for the traffic classifier.

        For details about matching rules in a traffic classifier, see "Configuring a Traffic Classifier" in "MQC Configuration" of the CloudEngine 8800, 7800, 6800, and 5800 Series Switches Configuration Guide - QoS Configuration Guide.

      3. Run commit

        The configuration is committed.

      4. Run quit

        Exit from the traffic classifier view.

    2. Configure a traffic behavior.
      1. Run traffic behavior behavior-name

        A traffic behavior is created and the traffic behavior view is displayed, or the view of an existing traffic behavior is displayed.

      2. (On switches except the CE6870EI/CE6875EI) Run mirroring observe-port observe-port-index

        The traffic matching the rules is mirrored to the specified observing port.

      3. (On the CE6870EI/CE6875EI) Run mirroring observe-port observe-port-index &<1-8> [ random-packets random-packets ]

        Or run mirroring observe-port group group-id

        The traffic matching the rules is mirrored to the specified observing port or observing port group.

      4. Run commit

        The configuration is committed.

      5. Run quit

        Exit from the traffic behavior view.

    3. Configure a traffic policy.
      1. Run traffic policy policy-name

        A traffic policy is created and the traffic policy view is displayed, or the view of an existing traffic policy is displayed.

      2. Run classifier classifier-name behavior behavior-name [ precedence precedence-value ]

        A traffic behavior is bound to a traffic classifier in the traffic policy.

      3. Run commit

        The configuration is committed.

      4. Run quit

        Exit from the traffic policy view.

      5. Run quit

        Exit from the system view.

    4. (On switches except the CE6870EI/CE6875EI) Apply the traffic policy.
      NOTE:
      • A traffic policy containing the mirroring action can be applied to the outbound direction only on the CE6880EI and CE5880EI.

      • Mirroring is not supported when a traffic policy is applied to a VLANIF interface, VBDIF interface, or Layer 2 sub-interface.

      • IPv6 packets cannot be mirrored when a traffic policy is applied to a Layer 3 sub-interface.

      • For details about the configuration guidelines of applying traffic policies in different views on the CE switches excluding CE6870EI and CE6875EI, see Licensing Requirements and Limitations for MQC (CE Switches Excluding CE6870EI and CE6875EI).

      • Applying a traffic policy to an interface
        1. Run system-view

          The system view is displayed.

        2. Run interface interface-type interface-number

          The interface view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the interface.

        4. Run commit

          The configuration is committed.

      • Applying a traffic policy to a VLAN
        1. Run system-view

          The system view is displayed.

        2. Run vlan vlan-id

          The VLAN view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the VLAN.

          The system applies traffic policing to the packets that belong to the VLAN and match traffic classification rules in the inbound or outbound direction.

        4. Run commit

          The configuration is committed.

      • Applying a traffic policy to the system
        1. Run system-view

          The system view is displayed.

        2. Run traffic-policy policy-name global [ slot slot-id ] { inbound | outbound }

          A traffic policy is applied to the system.

        3. Run commit

          The configuration is committed.

      • Applying a traffic policy to a QoS group
        1. Run system-view

          The system view is displayed.

        2. Run qos group group-name

          The QoS group view is displayed.

        3. Run the following commands as required:
          • Run the group-member interface { interface-type interface-number1 [ to interface-type interface-number2 ] } &<1-8> command to add interfaces to the QoS group.

          • Run the group-member vlan { vlan-id1 [ to vlan-id2 ] } &<1-8> command to add VLANs to the QoS group.

          • (For CE switches excluding the CE6870EI) Run the group-member ip source ip-address { mask | mask-length } command to add source IP addresses to the QoS group.

        4. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the QoS group.

        5. Run commit

          The configuration is committed.

      • Applying a traffic policy to a BD
        1. Run system-view

          The system view is displayed.

        2. Run bridge-domain bd-id

          The BD view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the BD.

        4. Run commit

          The configuration is committed.

    5. (On the CE6870EI/CE6875EI) Apply the traffic policy.
      NOTE:
      • Mirroring is supported only in the outbound direction when a traffic policy is applied to a VLANIF interface.

      • Mirroring is not supported when a traffic policy is applied to a VBDIF interface or Layer 2 sub-interface.

      • IPv6 packets can not be mirrored when a traffic policy is applied to a Layer 3 sub-interface.

      • For details about the configuration guidelines of applying traffic policies in different views on the CE6870EI and CE6875EI, see Licensing Requirements and Limitations for MQC (CE6870EI and CE6875EI).

      • Applying a traffic policy to an interface
        1. Run system-view

          The system view is displayed.

        2. Run interface interface-type interface-number

          The interface view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the interface.

        4. Run commit

          The configuration is committed.

      • Applying a traffic policy to a VLAN
        1. Run system-view

          The system view is displayed.

        2. Run vlan vlan-id

          The VLAN view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the VLAN.

          The system applies traffic policing to the packets that belong to the VLAN and match traffic classification rules in the inbound or outbound direction.

        4. Run commit

          The configuration is committed.

      • Applying a traffic policy to the system
        1. Run system-view

          The system view is displayed.

        2. Run traffic-policy policy-name global [ slot slot-id ] { inbound | outbound }

          A traffic policy is applied to the system.

        3. Run commit

          The configuration is committed.

      • Applying a traffic policy to a BD
        1. Run system-view

          The system view is displayed.

        2. Run bridge-domain bd-id

          The BD view is displayed.

        3. Run traffic-policy policy-name { inbound | outbound }

          A traffic policy is applied to the BD.

        4. Run commit

          The configuration is committed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100075365

Views: 40066

Downloads: 127

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next