本地端口鏡像配置舉例
配置Switch:
<Sysname> system-view [Sysname] mirroring-group 1 local # 創建本地鏡像組 [Sysname] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both #G1/0/1接口為被鏡像端口
[Sysname] mirroring-group 1 monitor-port GigabitEthernet 1/0/3 #G1/0/3接口為監測端口
[Sysname] display mirroring-group 1 mirroring-group 1: type: local status: active mirroring port: GigabitEthernet1/0/1 both monitor port: GigabitEthernet1/0/3
遠程端口鏡像配置舉例
需求:
網絡管理員希望通過數據監測設備對部門 1 和部門2 發送的報文進行監控
1. Switch A 充當源交換機,Switch B 充當中間交換機,Switch C 充當目的交換 機 2. 在 Switch A 上配置遠程源鏡像組,定義VLAN 10 為遠程鏡像VLAN,端口GigabitEthernet 1/0/1 和GigabitEthernet 1/0/2 為鏡像源端口, 端口GigabitEthernet 1/0/4 為反射端口 3. 在 Switch B 上配置VLAN 10 為遠程鏡像VLAN 4. 配置 Switch A 的端口GigabitEthernet 1/0/3、Switch B 的端口GigabitEthernet1/0/1 和GigabitEthernet 1/0/2、Switch C 的端口GigabitEthernet 1/0/1 的端口類型為Trunk,並且都允許VLAN 10 的報文通過 5. 在 Switch C 上配置遠程目的鏡像組,定義VLAN 10 為遠程鏡像VLAN,連接數據監測設備的端口GigabitEthernet 1/0/2 為鏡像目的端口
配置步驟:
(1) 配置源交換機(Switch A)
<Sysname> system-view [Sysname] mirroring-group 1 remote-source # 創建遠程源鏡像組 [Sysname] vlan 10 [Sysname-vlan10] remote-probe vlan enable # 配置遠程鏡像VLAN [Sysname-vlan10] quit
# 為遠程源鏡像組配置源端口、反射口和遠程鏡像VLAN
[Sysname] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 GigabitEthernet 1/0/2 inbound [Sysname] mirroring-group 1 reflector-port GigabitEthernet 1/0/4 [Sysname] mirroring-group 1 remote-probe vlan 10
# 配置端口GigabitEthernet 1/0/3 的鏈路類型為Trunk 端口,允許VLAN 10 的報
文通過
[Sysname] interface GigabitEthernet 1/0/3 [Sysname-GigabitEthernet1/0/3] port link-type trunk [Sysname-GigabitEthernet1/0/3] port trunk permit vlan 10 [Sysname-GigabitEthernet1/0/3] quit
# 顯示遠程源鏡像組 1 的配置信息
[Sysname] display mirroring-group 1 mirroring-group 1: type: remote-source status: active mirroring port: GigabitEthernet1/0/1 inbound GigabitEthernet1/0/2 inbound reflector port: GigabitEthernet1/0/4 remote-probe vlan: 10
(2) 配置中間交換機(Switch B)
<Sysname> system-view [Sysname] vlan 10 [Sysname-vlan10] remote-probe vlan enable # 創建遠程鏡像VLAN [Sysname-vlan10] quit
# 配置端口GigabitEthernet 1/0/1 的鏈路類型為Trunk 端口,允許VLAN 10 的報
文通過
[Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk permit vlan 10 [Sysname-GigabitEthernet1/0/1] quit
# 配置端口GigabitEthernet 1/0/2 的鏈路類型為Trunk 端口,允許VLAN 10 的報
文通過
[Sysname] interface GigabitEthernet 1/0/2 [Sysname-GigabitEthernet1/0/2] port link-type trunk [Sysname-GigabitEthernet1/0/2] port trunk permit vlan 10
(3) 配置目的交換機(Switch C)
<Sysname> system-view [Sysname] mirroring-group 1 remote-destination # 創建遠程目的鏡像組 [Sysname] vlan 10 [Sysname-vlan10] remote-probe vlan enable # 配置遠程鏡像VLAN [Sysname-vlan10] quit
# 為遠程目的鏡像組配置目的端口和遠程鏡像VLAN
[Sysname] mirroring-group 1 monitor-port GigabitEthernet 1/0/2
[Sysname] mirroring-group 1 remote-probe vlan 10
# 配置端口GigabitEthernet 1/0/1 的鏈路類型為Trunk 端口,允許VLAN 10 的報
文通過
[Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk permit vlan 10 [Sysname-GigabitEthernet1/0/1] quit
# 顯示遠程目的鏡像組 1 的配置信息
[Sysname] display mirroring-group 1 mirroring-group 1: type: remote-destination status: active monitor port: GigabitEthernet1/0/2 remote-probe vlan: 10