本地端口镜像配置举例
配置Switch:
<Sysname> system-view [Sysname] mirroring-group 1 local # 创建本地镜像组 [Sysname] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both #G1/0/1接口为被镜像端口
[Sysname] mirroring-group 1 monitor-port GigabitEthernet 1/0/3 #G1/0/3接口为监测端口
[Sysname] display mirroring-group 1 mirroring-group 1: type: local status: active mirroring port: GigabitEthernet1/0/1 both monitor port: GigabitEthernet1/0/3
远程端口镜像配置举例
需求:
网络管理员希望通过数据监测设备对部门 1 和部门2 发送的报文进行监控
1. Switch A 充当源交换机,Switch B 充当中间交换机,Switch C 充当目的交换 机 2. 在 Switch A 上配置远程源镜像组,定义VLAN 10 为远程镜像VLAN,端口GigabitEthernet 1/0/1 和GigabitEthernet 1/0/2 为镜像源端口, 端口GigabitEthernet 1/0/4 为反射端口 3. 在 Switch B 上配置VLAN 10 为远程镜像VLAN 4. 配置 Switch A 的端口GigabitEthernet 1/0/3、Switch B 的端口GigabitEthernet1/0/1 和GigabitEthernet 1/0/2、Switch C 的端口GigabitEthernet 1/0/1 的端口类型为Trunk,并且都允许VLAN 10 的报文通过 5. 在 Switch C 上配置远程目的镜像组,定义VLAN 10 为远程镜像VLAN,连接数据监测设备的端口GigabitEthernet 1/0/2 为镜像目的端口
配置步骤:
(1) 配置源交换机(Switch A)
<Sysname> system-view [Sysname] mirroring-group 1 remote-source # 创建远程源镜像组 [Sysname] vlan 10 [Sysname-vlan10] remote-probe vlan enable # 配置远程镜像VLAN [Sysname-vlan10] quit
# 为远程源镜像组配置源端口、反射口和远程镜像VLAN
[Sysname] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 inbound [Sysname] mirroring-group 1 reflector-port GigabitEthernet 1/0/4 [Sysname] mirroring-group 1 remote-probe vlan 10
# 配置端口GigabitEthernet 1/0/3 的链路类型为Trunk 端口,允许VLAN 10 的报
文通过
[Sysname] interface GigabitEthernet 1/0/3 [Sysname-GigabitEthernet1/0/3] port link-type trunk [Sysname-GigabitEthernet1/0/3] port trunk permit vlan 10 [Sysname-GigabitEthernet1/0/3] quit
# 显示远程源镜像组 1 的配置信息
[Sysname] display mirroring-group 1 mirroring-group 1: type: remote-source status: active mirroring port: GigabitEthernet1/0/1 inbound GigabitEthernet1/0/2 inbound reflector port: GigabitEthernet1/0/4 remote-probe vlan: 10
(2) 配置中间交换机(Switch B)
<Sysname> system-view [Sysname] vlan 10 [Sysname-vlan10] remote-probe vlan enable # 创建远程镜像VLAN [Sysname-vlan10] quit
# 配置端口GigabitEthernet 1/0/1 的链路类型为Trunk 端口,允许VLAN 10 的报
文通过
[Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk permit vlan 10 [Sysname-GigabitEthernet1/0/1] quit
# 配置端口GigabitEthernet 1/0/2 的链路类型为Trunk 端口,允许VLAN 10 的报
文通过
[Sysname] interface GigabitEthernet 1/0/2 [Sysname-GigabitEthernet1/0/2] port link-type trunk [Sysname-GigabitEthernet1/0/2] port trunk permit vlan 10
(3) 配置目的交换机(Switch C)
<Sysname> system-view [Sysname] mirroring-group 1 remote-destination # 创建远程目的镜像组 [Sysname] vlan 10 [Sysname-vlan10] remote-probe vlan enable # 配置远程镜像VLAN [Sysname-vlan10] quit
# 为远程目的镜像组配置目的端口和远程镜像VLAN
[Sysname] mirroring-group 1 monitor-port GigabitEthernet 1/0/2
[Sysname] mirroring-group 1 remote-probe vlan 10
# 配置端口GigabitEthernet 1/0/1 的链路类型为Trunk 端口,允许VLAN 10 的报
文通过
[Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk permit vlan 10 [Sysname-GigabitEthernet1/0/1] quit
# 显示远程目的镜像组 1 的配置信息
[Sysname] display mirroring-group 1 mirroring-group 1: type: remote-destination status: active monitor port: GigabitEthernet1/0/2 remote-probe vlan: 10