n
1 Network requirements:
2 Configuration procedure:
Configuring Remote
Traffic Mirroring
Table 560 Combined application of ACLs on I/O Module other than A type.
Combination mode
Apply one rule in a link type separately
Apply all rules in a user-defined ACL
separately
Apply one rule in a user-defined ACL
separately
Apply one rule in an IP type ACL and one rule
in a Link type ACL simultaneously
Only non-type-A I/O Modules support the traffic mirroring configuration.
■
To define a destination port for mirroring, you can also enter the port view of
■
the specified port directly to execute the mirroring-group group-id
monitor-port command. Refer to corresponding command manual for detail.
Configuration example
GigabitEthernet 2/0/1 on the switch is connected to the 10.1.1.1/24 network
■
segment.
Mirror the packets from the 10.1.1.1/24 network segment to GigabitEthernet
■
2/0/4, the destination port.
<SW7750> system-view
[SW7750] acl number 2000
[SW7750-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[SW7750-acl-basic-2000] quit
[SW7750] mirroring-group 3 local
[SW7750] mirroring-group 3 monitor-port GigabitEthernet 2/0/4
[SW7750] interface GigabitEthernet 2/0/1
[SW7750-GigabitEthernet2/0/1] qos
[SW7750-qosb-GigabitEthernet2/0/1] mirrored-to inbound ip-group 2000
interface GigabitEthernet 2/0/4
Configuration prerequisites
ACLs for identifying traffics have been defined. For defining ACLs, refer to
■
"ACL Configuration" on page 637.
The source switch, intermediate switch and the destination switch have been
■
specified.
The reflector port, destination port for mirroring, and remote-probe VLAN have
■
been specified.
Required configurations are performed to ensure Layer 2 connectivity between
■
the source and destination switches over the remote-probe VLAN.
The direction of traffic packets to be monitored has been determined.
■
The remote-probe VLAN has been enabled.
■
Mirroring Configuration
Form of acl-rule
link-group { acl-number | acl-name } rule
rule-id
user-group { acl-number | acl-name }
user-group { acl-number | acl-name } rule
rule-id
ip-group { acl-number | acl-name } rule
rule-id link-group { acl-number | acl-name }
rule rule-id
697