S5510 Series

H3C S5510 Series, S3610 Series Operating instructions

  • Hello! I am an AI chatbot trained to assist you with the H3C S5510 Series Operating instructions. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
  • What is port mirroring?
    What are the two types of port mirroring?
    What is local port mirroring?
    What is remote port mirroring?
    How do I configure a local port mirroring group?
    How do I configure a remote source port mirroring group?
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Table of Contents
i
Table of Contents
Chapter 1 Port Mirroring Configuration......................................................................................1-1
1.1 Introduction to Port Mirroring.............................................................................................1-1
1.1.1 Classification of Port Mirroring................................................................................1-1
1.1.2 Implementing Port Mirroring....................................................................................1-2
1.1.3 Other Functions Supported by Port Mirroring.........................................................1-3
1.2 Configuring Local Port Mirroring........................................................................................1-3
1.3 Configuring Remote Port Mirroring....................................................................................1-5
1.3.1 Configuring a Remote Source Mirroring Group ......................................................1-5
1.3.2 Configuring a Remote Destination Port Mirroring Group........................................1-6
1.4 Displaying Port Mirroring ...................................................................................................1-7
1.5 Port Mirroring Configuration Examples..............................................................................1-8
1.5.1 Local Port Mirroring Configuration Example...........................................................1-8
1.5.2 Remote Port Mirroring Configuration Example.......................................................1-9
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-1
Chapter 1 Port Mirroring Configuration
When configuring port mirroring, go to these sections for information you are interested
in:
z Introduction to Port Mirroring
z Configuring Local Port Mirroring
z Configuring Remote Port Mirroring
z Displaying Port Mirroring
z Port Mirroring Configuration Examples
1.1 Introduction to Port Mirroring
Port mirroring allows you to duplicate the packets passing specified ports to the
destination mirroring port. As destination mirroring ports usually have data monitoring
devices connected to them, you can analyze the packets duplicated to the destination
mirroring port on these devices so as to monitor and troubleshoot the network.
Host
Data monitoring device
Network
Source
mirroring port
Destination
mirroring port
Figure 1-1 A port mirroring implementation
1.1.1 Classification of Port Mirroring
There are two kinds of port mirroring: local port mirroring and remote port mirroring.
z Local port mirroring copies packets passing through one or more ports (known as
source ports) of a device to the monitor port (also destination port) for analysis and
monitoring purpose. In this case, the source ports and the destination port are
located on the same device.
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-2
z Remote port mirroring implements port mirroring between multiple devices. That is,
the source ports and the destination port can be located on different devices in a
network. Currently, remote port mirroring can only be implemented on Layer 2.
1.1.2 Implementing Port Mirroring
Port mirroring is implemented through port mirroring groups, which fall into these three
categories: local port mirroring group, remote source port mirroring group, and remote
destination port mirroring group. Two port mirroring implementation modes are
introduced in the following section.
I. Local port mirroring
Local port mirroring is implemented by local port mirroring group.
In this mode, the source ports and the destination port are in the same local port
mirroring group. Packets passing through the source ports are duplicated and then are
forwarded to the destination port.
II. Remote port mirroring
Remote port mirroring is achieved through the cooperation of remote source port
mirroring group and remote destination port mirroring group.
Figure 1-2 illustrates a remote port mirroring implementation.
Source
decive
Intermediate
device
Destination
device
Source
port
Destination
port
Reflector
port
Remote
mirroring
VLAN
Remote
mirroring
VLAN
Figure 1-2 A remote mirroring implementation
The devices in
Figure 1-2 function as follows:
z Source device
Source device contains source mirroring ports, and remote source port mirroring
groups are created on source devices. A source device duplicates the packets passing
the source ports on it and sends them to the reflector port. The packets are then
broadcast in the remote mirroring VLAN and are received by the intermediate device or
destination device.
z Intermediate device
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-3
Intermediate devices are used to connect source devices and destination devices. An
intermediate device forwards the mirrored packets to the next intermediate device or
the destination device. If the source device is directly connected to the destination
device, no intermediate device is needed. In a remote mirroring VLAN, the source
devices and the destination device need to be able to communicate with one another
on Layer 2.
z Destination device
Destination device contains destination mirroring port, and remote destination port
mirroring groups are created on destination devices. Upon receiving a mirrored packet,
the destination device checks to see if the VLAN ID of the received packet is the same
as that of the remote mirroring VLAN of the remote destination port mirroring group. If
yes, the destination device forwards the packet to the monitoring device through the
destination mirroring port.
Note:
z With the S3610 and S5510 series, you can configure either one local mirroring
group or one remote source mirroring group, but not both, at a time.
z If the destination port of traffic mirroring and that of the local port mirroring group are
different, you cannot configure traffic mirroring and local port mirroring at the same
time. For details about traffic mirroring, refer to the QoS part in this manual.
1.1.3 Other Functions Supported by Port Mirroring
In addition, in a port mirroring group, a destination port can monitor multiple source
ports simultaneously in the mirroring group.
1.2 Configuring Local Port Mirroring
Follow these steps to configure local port mirroring:
To do… Use the command… Remarks
Enter system view
system-view
Create a local mirroring
group
mirroring-group group-id
local
Required
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-4
To do… Use the command… Remarks
In system
view
mirroring-group group-id
mirroring-port
mirroring-port-list { both |
inbound | outbound }
interface interface-type
interface-number
[ mirroring-group group-id ]
mirroring-port { both |
inbound | outbound }
Add ports
to the port
mirroring
group as
source
ports
In interface
view
quit
You can add ports to
a port mirroring group
as source ports in
either system view or
interface view.
In system view, you
can add multiple
ports to a port
mirroring group at
one time. While in
interface view, you
can only add the
current port to a port
mirroring group.
In system
view
mirroring-group group-id
monitor-port monitor-port-id
interface interface-type
interface-number
Add a port
to the
mirroring
group as
the
destination
port
In interface
view
[ mirroring-group group-id ]
monitor-port
You can add a
destination port to a
port mirroring group
in either system view
or interface view.
They achieve the
same purpose.
Note:
z A local mirroring group is effective only when it has both source ports and the
destination port configured.
z You must create a mirroring group before you can specify it.
z It is not recommended to enable STP, RSTP or MSTP on the destination port;
otherwise, the mirroring function may be affected.
z An aggregation port cannot be specified as a destination port.
z A source port or a destination port cannot be a member port of the current mirroring
group.
z You can configure multiple source ports for a mirroring group, but only one
destination port.
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-5
1.3 Configuring Remote Port Mirroring
1.3.1 Configuring a Remote Source Mirroring Group
Follow these steps to configure a remote port mirroring group
To do… Use the command… Remarks
Enter system view
system-view
Create a remote
source mirroring group
mirroring-group group-id
remote-source
Required
In system
view
mirroring-group group-id
mirroring-port mirroring-port-list
{ both | inbound | outbound }
interface interface-type
interface-number
[ mirroring-group group-id ]
mirroring-port { both | inbound
| outbound }
Add ports
to the
mirroring
group as
source
ports
In
interface
view
quit
You can add ports to
a source port
mirroring group in
either system view or
interface view. They
achieve the same
purpose.
In system
view
mirroring-group group-id
reflector-port reflector-port-id
interface interface-type
interface-number
mirroring-group group-id
reflector-port
Add a
port to
the
mirroring
group as
the
reflector
mirroring
port
In
interface
view
quit
You can add ports to
a source mirroring
group in either system
view or interface view.
They achieve the
same purpose.
Configure the remote
port mirroring VLAN for
the mirroring group
mirroring-group group-id
remote-probe vlan
rprobe-vlan-id
Required
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-6
Note:
z All the ports of a remote source mirroring group belong to a single device. A remote
source mirroring group can contain only one reflector mirroring port.
z A reflector port cannot be a member port of the current mirroring group, an
aggregation port and cannot be configured with the QinQ function. It is required to
be an access port and belong to the default VLAN.
z It is not recommended to add the source ports to a remote VLAN, which can be used
for remote mirroring only.
z It is not recommended to connect network cable to the reflector port and to configure
the following functions on this port: STP, RSTP, MSTP, 802.1x, IGMP Snooping,
static ARP and MAC address learning, otherwise, the mirroring function may be
affected.
z A port can be configured as a reflector port only when it operates with the following
settings being the defaults: operation mode (half duplex/full duplex), port speed,
MDI setting. Conversely, these settings cannot be modified once a port is
configured as a reflector port.
z Only existing static VLANs can be configured as remote port mirroring VLANs. To
remove a VLAN operating as a remote port mirroring VLAN, you need to restore it to
a normal VLAN first. A remote port mirroring group gets invalid if the corresponding
remote port mirroring VLAN is removed.
z A port can belong to only one port mirroring group. A VLAN can be the remote port
mirroring VLAN of only one port mirroring group.
1.3.2 Configuring a Remote Destination Port Mirroring Group
Follow these steps to configure a remote destination port mirroring group:
To do… Use the command… Remarks
Enter system view
system-view
Create a remote
destination port mirroring
group
mirroring-group group-id
remote-destination
Required
Configure the remote port
mirroring VLAN for the port
mirroring group
mirroring-group group-id
remote-probe vlan rprobe-vlan-id
Required
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-7
To do… Use the command… Remarks
In system
view
mirroring-group group-id
monitor-port monitor-port-id
interface interface-type
interface-number
[ mirroring-group group-id ]
monitor-port
Add a port
to the port
mirroring
group as
the
destination
port
In interface
view
quit
You can add a
port to a
remote port
mirroring group
as the
destination
port in either
system view or
interface view.
They achieve
the same
purpose.
Enter destination interface
view
interface interface-type
interface-number
The port is
an access
port
port access vlan rprobe-vlan-id
The port is a
trunk port
port trunk permit vlan
rprobe-vlan-id
Add the
port to the
remote
port
mirroring
VLAN
The port is a
hybrid port
port hybrid vlan rprobe-vlan-id
{ tagged | untagged }
Perform one of
these three
operations
according to
the port type.
Note:
z A destination port cannot be a member port of the current mirroring group.
z A port can be configured in only one mirroring group, and a VLAN can be used by
only one mirroring group.
z It is not recommended to enable STP, RSTP or MSTP on the destination port;
otherwise, the mirroring function may be affected.
z Only existing static VLANs can be configured as remote port mirroring VLANs. To
remove a VLAN operating as a remote port mirroring VLAN, you need to restore it to
a normal VLAN first. A remote port mirroring group gets invalid if the corresponding
remote port mirroring VLAN is removed.
1.4 Displaying Port Mirroring
Follow these steps to display port mirroring:
To do… Use the command… Remarks
Display the configuration
of a port mirroring group
display mirroring-group { groupid |
all | local | remote-destination |
remote-source }
Available in
any view
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-8
1.5 Port Mirroring Configuration Examples
1.5.1 Local Port Mirroring Configuration Example
I. Network requirements
The departments of a company connect to each other through Ethernet switches:
z Research and Development (R&D) department is connected to Switch C through
Ethernet 1/0/1.
z Marketing department is connected to Switch C through Ethernet 1/0/2.
z Data monitoring device is connected to Switch C through Ethernet 1/0/3
The administrator wants to monitor the packets received on and sent from the R&D
department and the marketing department through the data monitoring device.
Use the local port mirroring function to meet the requirement. Perform the following
configurations on Switch C.
z Configure Ethernet 1/0/1 and Ethernet 1/0/2 as mirroring source ports.
z Configure Ethernet 1/0/3 as the mirroring destination port.
II. Network diagram
Switch C
Data monitoring
device
R&D
department
Switch A
Switch B
Eth1/0/2
Eth1/0/1
Eth1/0/3
Marketing
department
Figure 1-3 Network diagram for local port mirroring configuration
III. Configuration procedure
Configure Switch C.
# Create a local port mirroring group.
<SwitchC> system-view
[SwitchC] mirroring-group 1 local
# Add port Ethernet 1/0/1 and Ethernet 1/0/2 to the port mirroring group as source ports.
Add port Ethernet 1/0/3 to the port mirroring group as the destination port.
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-9
[SwitchC] mirroring-group 1 mirroring-port Ethernet 1/0/1 Ethernet 1/0/2 both
[SwitchC] mirroring-group 1 monitor-port Ethernet 1/0/3
# Display the configuration of all the port mirroring groups.
[SwitchC] display mirroring-group all
mirroring-group 1:
type: local
status: active
mirroring port:
Ethernet1/0/1 both
Ethernet1/0/2 both
monitor port: Ethernet1/0/3
After finishing the configuration, you can monitor all the packets received and sent by
R&D department and Marketing department on the Data monitoring device.
1.5.2 Remote Port Mirroring Configuration Example
I. Network requirements
The departments of a company connect to each other through Ethernet switches:
z Department 1 is connected to Ethernet 1/0/1 of Switch A.
z Department 2 is connected to Ethernet 1/0/2 of Switch A.
z Ethernet 1/0/3 of Switch A connects to Ethernet 1/0/1 of Switch B.
z Ethernet 1/0/2 of Switch B connects to Ethernet 1/0/1 of Switch C.
z The data monitoring device is connected to Ethernet 1/0/2 of Switch C.
The administrator wants to monitor the packets sent from Department 1 and 2 through
the data monitoring device.
Use the remote port mirroring function to meet the requirement. Perform the following
configurations:
z Use Switch A as the source device, Switch B as the intermediate device, and
Switch C as the destination device.
z On Switch A, create a remote source mirroring group; create VLAN 2 and
configure it as the remote port mirroring VLAN; add port Ethernet 1/0/1 and
Ethernet 1/0/2 to the port mirroring group as two source ports. Configure port
Ethernet 1/0/4 as the reflector port.
z Configure port Ethernet 1/0/3 of Switch A, port Ethernet 1/0/1 and Ethernet 1/0/2
of Switch B, and port Ethernet 1/0/1 of Switch C as trunk ports and configure them
to permit packets of VLAN 2.
z Create a remote destination mirroring group on Switch C. Configure VLAN 2 as
the remote port mirroring VLAN and port Ethernet 1/0/2, to which the data
monitoring device is connected, as the destination port.
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-10
II. Network diagram
Switch A
Eth1/0/3
Data monitoring
device
Department 1
Department 2
Eth1/0/1
Switch B Switch C
Eth1/0/1 Eth1/0/2
Eth1/0/1
Eth1/0/2
Reflector
port
Eth1/0/4
Eth1/0/2
Figure 1-4 Network diagram for remote port mirroring configuration
III. Configuration procedure
1) Configure Switch A.
# Create a remote source port mirroring group.
<SwitchA> system-view
[SwitchA] mirroring-group 1 remote-source
# Create VLAN 2.
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# Configure VLAN 2 as the remote port mirroring VLAN of the remote port mirroring
group. Add port Ethernet 1/0/1 and Ethernet1/0/2 to the remote port mirroring group as
source ports. Configure port Ethernet 1/0/4 as the reflector port.
[SwitchA] mirroring-group 1 remote-probe vlan 2
[SwitchA] mirroring-group 1 mirroring-port Ethernet 1/0/1 Ethernet 1/0/2
inbound
[SwitchA] mirroring-group 1 reflector-port Ethernet 1/0/4
# Configure port Ethernet 1/0/3 as a trunk port and configure the port to permit the
packets of VLAN 2.
[SwitchA] interface Ethernet 1/0/3
[SwitchA-Ethernet1/0/3] port link-type trunk
[SwitchA-Ethernet1/0/3] port trunk permit vlan 2
2) Configure Switch B.
# Configure port Ethernet 1/0/1 as a trunk port and configure the port to permit the
packets of VLAN 2.
<SwitchB> system-view
Operation Manual – Port Mirroring
H3C S3610&S5510 Series Ethernet Switches Chapter 1 Port Mirroring Configuration
1-11
[SwitchB] interface Ethernet 1/0/1
[SwitchB-Ethernet1/0/1] port link-type trunk
[SwitchB-Ethernet1/0/1] port trunk permit vlan 2
[SwitchB-Ethernet1/0/1] quit
# Configure port Ethernet 1/0/2 as a trunk port and configure the port to permit the
packets of VLAN 2.
[SwitchB] interface Ethernet 1/0/2
[SwitchB-Ethernet1/0/2] port link-type trunk
[SwitchB-Ethernet1/0/2] port trunk permit vlan 2
3) Configure Switch C.
# Configure port Ethernet 1/0/1 as a trunk port and configure the port to permit the
packets of VLAN 2.
<SwitchC> system-view
[SwitchC] interface Ethernet 1/0/1
[SwitchC-Ethernet1/0/1] port link-type trunk
[SwitchC-Ethernet1/0/1] port trunk permit vlan 2
[SwitchC-Ethernet1/0/1] quit
# Create a remote destination port mirroring group.
[SwitchC] mirroring-group 1 remote-destination
# Create VLAN 2.
[SwitchC] vlan 2
[SwitchC-vlan2] quit
# Configure VLAN 2 as the remote port mirroring VLAN of the remote destination port
mirroring group. Add port Ethernet 1/0/2 to the remote destination port mirroring group
as the destination port.
[SwitchC] mirroring-group 1 remote-probe vlan 2
[SwitchC] mirroring-group 1 monitor-port Ethernet 1/0/2
After finishing the configuration, you can monitor all the packets sent by Department 1
and Department 2 on the Data monitoring device.
/