流镜像与端口镜像

流镜像与端口镜像 Stream image and port image "Data flow for port mirroring" A port based image is a full copy of the incoming and exit data entry of the mirror port to the mirror port so that the traffic observation or fault location is made. [3026 et] The s200/s201/s2026 / S2403H/S3026 and other switches support ports based mirroring, with two methods: Methods a Configure the image (observation) port [SwitchA] monitor - port e0/8 Configure the image port [SwitchA] port mirror Ethernet 0/1 to Ethernet 0/2 Method 2 You can define the mirror image and the image port at once [SwitchA] port mirror Ethernet 0/1 to Ethernet 0/2 - port Ethernet 0/8 [8016 switch port image configuration] Assuming the 8016 switch image port is e1/0/15, the image port is E1/0/0, and set port 1/0/15 for port mirroring. [SwitchA] port monitor Ethernet 1/0/15 Set the port 1/0/0 to be the mirror port, mirroring its input and output data. [SwitchA] port mirroring Ethernet 1/0/0 both Ethernet 1/0/15 You can also mirror the input and output data by two different ports Set E1/0/15 and E2/0/0 as the mirror image port [SwitchA] port monitor Ethernet 1/0/15 Set port 1/0/0 to be mirrored, mirroring the input and output data using E1/0/15 and E2/0/0. [SwitchA] port mirroring gigabitethernet 1/0/0 ingress Ethernet 1/0/15 [SwitchA] port mirroring gigabitethernet 1/0/0 egress Ethernet 2/0/0 "Flow based data flow" Mirror image based on flow switches for certain flow, each connection has two directions of data stream, for switches the two data flow is to separate the mirror. 【 3500/3026/3026 f / 3050 e 】 The mirror image of a three-layer flow Define an extended access control list SwitchA acl num is 100 Define a rule reporting source address of 1.1.1.1/32 for all destination addresses The switch-acacl - -1.010] rule 0 permit IP source 1.1.1.1 0 destination any Define a rule that the source address for all source addresses is 1.1.1.1/32 [SwitchA - acls - -101] rule 1 permit IP source any destination 1.1.1.1 0 Mirror the message that matches the above ACL rule to the E0/8 port [SwitchA] mirrored - to IP - 100 interface group e0/8 The mirror image of a two-layer flow Define an ACL SwitchA acl num is 200 Define a rule that sends a packet from e0/1 to all other ports [SwitchA] rule 0 permit ingress interface ethernet0/1 egress interface ethernet0/2 Define a rule that packets from all other ports to the E0/1 port [SwitchA] rule 1 permit ingress interface Ethernet0/2 egress interface ethernet0/1 The packet image that matches the above ACL is mirrored to E0/8 [SwitchA] mirrored - to link - group 200 interface e0/8 "5516/6506 5516/6506 / r" Currently, the three products support the mirroring of incoming port traffic Define the mirror port [SwitchA] monitor - port Ethernet 3/0/2 Define the image port [SwitchA] mirroring - port Ethernet 3/0/1 inbound [supplementary note] A mirror image can normally achieve a high rate port image low rate port, such as a 1000M port that can mirror a 100M port, whereas the reverse cannot be achieved 8016 supports cross-single port images Commonly used port: Send mail port (SMTP) TCP 25 Receive the mail port (pop3) TCP 110 Browse the web port (HTTP) TCP 80 FTP file upload (FTP) TCP 21 Remote terminal landing (Telnet) TCP 23 Tencent QQ UDP 8000 6000 TCP 80443 The Chinese game center, TCP 8000 United world TCP 2000 Netease bubble TCP 443 MSN TCP 1863 Icq TCP 5190 YAHOO TCP 5050 23 Wingman network game world TCP 4000 China weiqi network TCP 9696 Stupid apple game interactive UDP 5000 TCP 8000, the Shanghai hotline game channel Kass empire games online TCP 2050 Online winner TCP 8001 Security star Tcp 8888 Cisco switch port image configuration Catalyst 2900XL / 3500XL / 2950 series switch port image configuration The following commands configure port monitoring: The port monitor For example, F0/1 and F0/2, f0/5 are the same as VLAN1, F0/1 listens for F0/2, F0/5 ports: Interface FastEthernet0/1 The port monitor FastEthernet0/2 The port monitor FastEthernet0/5 The port monitor VLAN1 Catalyst 40005,000, and 6000 series switch port image configuration The following commands configure port monitoring: The set span For example, port 1 and port 2 in module 6 are VLAN1, port 3 in VLAN2, port 4 and 5 in VLAN2, port 2 listens on port 1 and 3, 4, 5, Set span 6 over 1, 6/3 minus 5, 6 over 2 The following command prohibits port listening: Set span disable [dest_mod/dest_port | all] 3 cisco 3550 emi port image configuration: Configure the configuration pattern Monitor session 1 source interface fa0/15 Monitor session 1 destination interface fa0/14 Note: port 15 is the source port (port of the external network) and port 14 is the monitor port (the computer that installs the Internet management system is connected to the port Huawei switch port image configuration Data flow for port mirroring A port based image is a full copy of the incoming and exit data entry of the mirror port to the mirror port so that the traffic observation or fault location is made. [3026 et] The s200/s201/s2026 / S2403H/S3026 and other switches support ports based mirroring, with two methods: Methods a Configure the image (observation) port [SwitchA] monitor - port e0/8 Configure the image port [SwitchA] port mirror Ethernet 0/1 to Ethernet 0/2 Method 2 You can define the mirror image and the image port at once [SwitchA] port mirror Ethernet 0/1 to Ethernet 0/2 - port Ethernet 0/8 [8016 switch port image configuration] Assuming the 8016 switch image port is e1/0/15, the image port is E1/0/0, and set port 1/0/15 for port mirroring. [SwitchA] port monitor Ethernet 1/0/15 Set the port 1/0/0 to be the mirror port, mirroring its input and output data. [SwitchA] port mirroring Ethernet 1/0/0 both Ethernet 1/0/15 You can also mirror the input and output data by two different ports Set E1/0/15 and E2/0/0 as the mirror image port [SwitchA] port monitor Ethernet 1/0/15 Set port 1/0/0 to be mirrored, mirroring the input and output data using E1/0/15 and E2/0/0. [SwitchA] port mirroring gigabitethernet 1/0/0 ingress Ethernet 1/0/15 [SwitchA] port mirroring gigabitethernet 1/0/0 egress Ethernet 2/0/0 "Flow based data flow" Mirror image based on flow switches for certain flow, each connection has two directions of data stream, for switches the two data flow is to separate the mirror. 【 3500/3026/3026 f / 3050 e 】 The mirror image of a three-layer flow Define an extended access control list SwitchA acl num is 101 Define a rule reporting source address of 1.1.1.1/32 for all destination addresses The switch-acacl - -1.010] rule 0 permit IP source 1.1.1.1 0 destination any Define a rule that the source address for all source addresses is 1.1.1.1/32 [SwitchA - acls - -101] rule 1 permit IP source any destination 1.1.1.1 0 Mirror the message that matches the above ACL rule to the E0/8 port [SwitchA] mirrored - to IP - 101 interface group e0/8 The mirror image of a two-layer flow Define an ACL SwitchA acl num is 200 Define a rule that sends a packet from e0/1 to all other ports [SwitchA] rule 0 permit ingress interface ethernet0/1 (egress interface any) Define a rule that packets from all other ports to the E0/1 port [SwitchA] rule 1: the egress interface ethernet0/1 The packet image that matches the above ACL is mirrored to E0/8 [SwitchA] mirrored - to link - group 200 interface e0/8 [5516] supports mirroring port traffic Configure port Ethernet 3/0/1 for the monitoring port and the incoming traffic image for the Ethernet 3/0/2 port. [SwitchA] mirror Ethernet 3/0/2 ingress - to Ethernet 3/0/1 】 【 6506/6503/6506 r Currently, the three products support only mirroring port traffic, although there are outbount parameters, but cannot be configured. The image group is named 1, the monitoring port is ethernet4/0/2, and the incoming traffic of port ethernet4/0/1 is mirrored. [SwitchA] mirroring - group 1 the inbound Ethernet4/0/1 mirrored - to Ethernet4 /.two survivors [supplementary note] A mirror image can normally achieve a high rate port image low rate port, such as a 1000M port that can mirror a 100M port, whereas the reverse cannot be achieved 8016 supports cross-single port images 3 test validation Using the tool software on the observing port, you can see the corresponding message of the mirror port, which can be used for traffic observation or fault localization. 3COM switch port listening configuration In the 3COM switch user manual, port monitoring is called "Roving Analysis". The Port on which the network traffic is monitored is called the Monitor Port, and the Port that connects the listening device is called the Analyzer Port. The following commands configure port monitoring: Specify the analysis port Feature rovingAnalysis add, or f r a, Such as: Select menu option: feature rovingAnalysis add The select analysis slot: 1 The select analysis port: 2 Specify the listener port and start the port monitoring Feature rovingAnalysis start, or f r sta, Such as: Select menu option: feature rovingAnalysis start Select slot to monitor (1-12) : 1 Select port to monitor (1-8) : 3 Stop the port listening Feature rovingAnalysis stop, or f r sto, Delete the analysis and restore its status Feature rovingAnalysis remove, Or using the abbreviation f r r, The stop port listener command is required before using this command. View analysis and monitoring Settings: Feature rovingAnalysis summary, or use the acronym f r su, Such as: Select menu option: feature rovingAnalysis summary The Monitor port Analysis port State -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Slot 3 Port 5 Slot1 Port2 Enabled Intel switch port listening configuration Intel called the port monitor "Mirror Ports". The Port on which the network traffic is monitored is called the Source Port, and the Port that connects the listening device is called the Mirror Port. The following steps configure port monitoring: In the navigation menu, click on Mirror Ports under Statistics, and pop the Mirror Ports information. Click on the port in the Configure Source column to select the Source port and pop-up Mirror Ports Configuration. Do the source port Settings: The source port is the source port of the mirror traffic, which is the port that receives the traffic from the source port. Click Apply to determine There are three ways to monitor: Continuously (Always) : mirror all traffic. Cycles (cycles) : mirror all traffic over a certain period of time. The mirror cycle is set in the Sampling Interval configuration. Disable (Disabled) : turn off the traffic image.