把G6/0/0的数据镜像到G1/1/0端口双方向
interface G1/1/0
Port-observing observe-index 1
slot 6
mirror to observe-index 1
interface G6/0/0
port-mirroring inbound
port-mirroring outbound
配置本地端口镜像示例
组网需求
研发部和市场部通过接口GE1/0/1、GE1/0/2接入S9300。一台数据检测设备Server接在S9300的接口GE1/0/3上。 要求借助本地端口镜像功能来实现Server对研发部和市场部收发报文的监控。组网如图1所示。
图1 本地端口镜像配置组网图
配置
采用如下的思路配置本地端口镜像功能:
1. 将接口GE1/0/3配置为观察接口。
2. 在接口GE1/0/1和GE1/0/2配置为镜像接口。
数据准备
为完成此配置例,需准备如下的数据:
l 观察接口的接口类型和编号。
l 镜像接口的接口类型和编号。
l 观察接口的索引号为1
操作步骤
1. 配置各接口,使各主机间路由可达。
# 创建VLAN1、2、3,并将接口GE1/0/1、GE1/0/2、GE1/0/3分别加入VLAN 1、2、3。
system-view
[Quidway] sysname S9300
[S9300] vlan batch 1 to 3
[S9300] interface GigabitEthernet 1/0/1
[S9300-GigabitEthernet1/0/1] port link-type trunk
[S9300-GigabitEthernet1/0/1] port trunk pvid vlan 1
[S9300-GigabitEthernet1/0/1] port trunk allow-pass vlan 1
[S9300-GigabitEthernet1/0/1] quit
[S9300] interface GigabitEthernet 1/0/2
[S9300-GigabitEthernet1/0/2] Port link-type trunk
[S9300-GigabitEthernet1/0/1] port trunk pvid vlan 2
[S9300-GigabitEthernet1/0/1] port trunk allow-pass vlan 2
[S9300-GigabitEthernet1/0/2] quit
[S9300] interface GigabitEthernet 1/0/3
[S9300-GigabitEthernet1/0/3] port link-type trunk
[S9300-GigabitEthernet1/0/3] port trunk allow-pass vlan 1 2 3
[S9300-GigabitEthernet1/0/3] quit
[S9300] interface vlanif 3
[S9300-Vlanif3] ip address 192.168.1.1 24
[S9300-Vlanif3] quit
2. 配置本地观察接口
# 在S9300上配置端口GE1/0/3为本地观察接口。
[S9300] observe-port 1 interface gigabitethernet1/0/3
3. 配置本地镜像接口
# 在S9300上配置GE1/0/1为本地镜像接口,以监控财经部收发的报文。
[S9300] interface GigabitEthernet 1/0/1
[S9300-GigabitEthernet1/0/1] port-mirroring observe-port 1 both
[S9300-GigabitEthernet1/0/1] quit
# 在S9300上配置GE1/0/2为本地镜像接口,以监控采购部收发的报文。
[S9300] interface GigabitEthernet 1/0/2
[S9300-GigabitEthernet1/0/2] Port-mirroring observe-port 1 both
[S9300-GigabitEthernet1/0/2] quit
[S9300] quit
4. 验证配置结果
# 查看观察接口的配置情况。
display observe-port
---------------------------------------------------------------------------
Index : 1
Interface: GigabitEthernet1/0/3
Used : 4
---------------------------------------------------------------------------
# 查看镜像接口的配置情况。
display mirror-port
----------------------------------------------------------------------
Index Interface Bound Observe
----------------------------------------------------------------------
1 GigabitEthernet1/0/1 Both GigabitEthernet1/0/3
2 GigabitEthernet1/0/2 Both GigabitEthernet1/0/3
----------------------------------------------------------------------
# 查看接口GE1/0/1、GE1/0/2和GE1/0/3的报文计数,可以看到接口GE1/0/3的报文计数为接口GE1/0/1与接口GE1/0/2的报文计数之和,或者通过Server可以看到接口GE1/0/1和GE1/0/2收发的所有报文,说明接口GE1/0/1和GE1/0/2上的报文已经被S9300镜像过来。
display interface GigabitEthernet 1/0/1
GigabitEthernet1/0/1 current state : Up
Description:HUAWEI, Quidway Series, GigabitEthernet1/0/1 Interface
Switch Port,PVID : 1,The Maximum Frame Length is 1526
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc00-1704
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Vlan Shaping: Not supported
Input: 342496 bytes
Unicast: 0, NUnicast: 0
Discard: 0, Error : 0
Output: 0 bytes
Unicast: 0, NUnicast: 0
Discard: 0, Error : 0
display interface GigabitEthernet 1/0/2
GigabitEthernet1/0/1 current state : Up
Description:HUAWEI, Quidway Series, GigabitEthernet1/0/1 interface
Switch Port,PVID : 2,The Maximum Frame Length is 1526
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc00-1704
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Vlan Shaping: Not supported
Input: 171248 bytes
Unicast: 0, NUnicast: 0
Discard: 0, Error : 0
Output: 0 bytes
Unicast: 0, NUnicast: 0
Discard: 0, Error : 0
display interface GigabitEthernet 1/0/3
GigabitEthernet1/0/1 current state : Up
Description:HUAWEI, Quidway Series, GigabitEthernet1/0/1 Interface
Switch Port,PVID : 3,The Maximum Frame Length is 1526
Internet protocol processing : disabled