H3C S5590-HI Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S5590-HI Series
  6. Configuration manual

H3C S5590-HI Configuration Manual

Hide thumbs Also See for S5590-HI:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C S5590-HI[S5590-EI][S5500V3-HI]
Switch Series
TAP Configuration Guide
New H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 8307Pxx
Document version: 6W101-20241015

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5590-HI and is the answer not in the manual?

Questions and answers

Related Manuals for H3C S5590-HI

Summary of Contents for H3C S5590-HI

  • Page 1 H3C S5590-HI[S5590-EI][S5500V3-HI] Switch Series TAP Configuration Guide New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 8307Pxx Document version: 6W101-20241015...
  • Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Command Conventions

    Preface This configuration guide describes the TAP fundamentals and configuration procedures. This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback. Audience This documentation is intended for: • Network planners. • Field technical support and servicing engineers. •...

  • Page 4: Network Topology Icons

    Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.

  • Page 5: Documentation Feedback

    Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 6: Table Of Contents

    Contents Configuring TAP ···························································································· 1 About TAP ·························································································································································· 1 How TAP works ·········································································································································· 1 TAP deployment mode ······························································································································· 2 Restrictions and guidelines: TAP configuration·································································································· 3 TAP tasks at a glance ········································································································································ 3 Prerequisites for TAP configuration ··················································································································· 4 Enabling TAP globally ········································································································································ 4 Configuring a traffic class ···································································································································...

  • Page 7: Configuring Tap

    Configuring TAP About TAP The growing scale of data center networks places more and more stringent requirements on security and performance. Monitoring network traffic and extracting data from the traffic is an important aspect to be addressed. The test access point (TAP) feature can copy and forward traffic in real time without interrupting the traffic.

  • Page 8: Tap Deployment Mode

    Figure 1 TAP workflow A packet enters TAP device Matches the criteria? No TAP Editing actions exist? processing Execute editing actions Execute redirecting action Copy the packet Send a copy to each monitoring device TAP deployment mode A TAP device can be deployed in the following modes: •...

  • Page 9: Restrictions And Guidelines: Tap Configuration

    Figure 2 Deployment modes IP network IP network Monitoring device Monitoring device Direct mode Indirect mode Restrictions and guidelines: TAP configuration In a TAP policy, you must configure the action of redirecting packets to a monitoring group, and you can configure packet editing actions as needed. If both the redirecting action and a packet editing action are configured, the packet editing action is executed before the redirecting action.

  • Page 10: Prerequisites For Tap Configuration

    Applying a TAP policy to the inbound direction of an interface Prerequisites for TAP configuration Before configuring the redirecting action, configure a monitoring group (see flow monitoring configuration in Network Management and Monitoring Configuration Guide. Enabling TAP globally About this task Perform this task if the device acts as a pure TAP device between a production network and a monitoring device.

  • Page 11: Configuring A Vlan Id Marking Action

    Figure 3 Network diagram Port 4 Port 1 Server A Port 2 Device Port 3 Port 5 Server B Restrictions and guidelines You can implement this feature by performing the following steps: Configure a monitoring group with N member interfaces. Create M TAP policies, and configure an action of redirecting packets to the monitoring group with N member interfaces for each QoS policy.

  • Page 12: Configuring An Outer Vlan Tag Deleting Action

    Configure a CVLAN ID marking action.  remark customer-vlan-id vlan-id By default, no CVLAN ID marking action is configured. Configure an SVLAN ID marking action.  remark service-vlan-id vlan-id By default, no SVLAN ID marking action is configured. Configure an action of redirecting packets to a monitoring group. redirect monitoring-group group-id By default, no action of redirecting packets to a monitoring group is configured.

  • Page 13: Configuring An Ip Or Mac Address Marking Action

    Figure 6 Network diagram Port 1 Port 3 Device Server Port 2 Procedure Enter system view. system-view Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name Configure an outer VLAN tag adding action. nest top-most vlan vlan-id [ dot1p 802.1p ] By default, no outer VLAN tag adding action is configured.

  • Page 14: Configuring A Timestamp And Ethernet Header Adding Action

    Configure a destination IPv6 address marking action.  remark destination-ipv6 ipv6-address By default, no destination IPv6 address marking action is configured. Configure a source IPv6 address marking action.  remark source-ipv6 ipv6-address By default, no source IPv6 address marking action is configured. Configure a destination MAC address marking action.

  • Page 15: Configuring A Packet Truncation Action

    timestamp-over-ether destination-mac mac-address source-mac mac-address ethtype-id ethtype-id By default, no timestamp and Ethernet header adding action is configured. Configure an action of redirecting packets to a monitoring group. redirect monitoring-group group-id By default, no action of redirecting packets to a monitoring group is configured. Configuring a packet truncation action About this task This feature reduces the packet processing pressure on the data monitoring device (the server) or...
  • Page 16 Figure 10 GRE packet header stripping Outer L4 Outer L2 Outer L3 Original L3 Original L4 Payload (GRE header) L4 + offset Figure 11 NVGRE packet header stripping Outer L4 Outer L2 Outer L3 Original L2 frame (GRE header) L4 + offset Figure 12 VXLAN packet header stripping Outer L4 Outer L2...

  • Page 17: Configuring A Tap Policy

    Configuring a TAP policy Enter system view. system-view Create a TAP policy and enter TAP policy view. qos tap policy policy-name Associate a traffic class with a traffic behavior in the TAP policy. classifier classifier-name behavior behavior-name By default, no traffic behavior is associated with a traffic class. Applying a TAP policy to the inbound direction of an interface Enter system view.

  • Page 18: Tap Configuration Examples

    TAP configuration examples Example: Configuring basic M:N copying Network configuration As shown in Figure 14, Device D is a TAP device. Configure M:N copying on Device D to forward all packets received on GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 to Server A and Server B through GigabitEthernet 1/0/4 and GigabitEthernet 1/0/5.

  • Page 19: Example: Configuring M:n Copying For Aggregate Interfaces

    [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] qos apply tap policy policy_tap inbound [DeviceD-GigabitEthernet1/0/1] quit # Applying the TAP policy to the inbound direction of GigabitEthernet 1/0/2. [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] qos apply tap policy policy_tap inbound [DeviceD-GigabitEthernet1/0/2] quit # Applying the TAP policy to the inbound direction of GigabitEthernet 1/0/3. [DeviceD] interface gigabitethernet 1/0/3 [DeviceD-GigabitEthernet1/0/3] qos apply tap policy policy_tap inbound [DeviceD-GigabitEthernet1/0/3] quit...
  • Page 20 [DeviceB] interface bridge-aggregation 1 [DeviceB-Bridge-Aggregation1] quit # Assign GigabitEthernet 1/0/3, GigabitEthernet 1/0/4, and GigabitEthernet 1/0/5 to the aggregation group. [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port link-aggregation group 1 [DeviceB-GigabitEthernet1/0/3] quit [DeviceB] interface gigabitethernet 1/0/4 [DeviceB-GigabitEthernet1/0/4] port link-aggregation group 1 [DeviceB-GigabitEthernet1/0/4] quit [DeviceB] interface gigabitethernet 1/0/5 [DeviceB-GigabitEthernet1/0/5] port link-aggregation group 1 [DeviceB-GigabitEthernet1/0/5] quit...

  • Page 21: Example: Configuring Vlan Id Marking

    [DeviceD-behavior-behavior_tap] redirect monitoring-group 1 [DeviceD-behavior-behavior_tap] quit Configure TAP policies: # Create a TAP policy named policy1, and associate traffic class classifier1 with traffic behavior behavior1 in the TAP policy. [DeviceB] qos tap policy policy1 [DeviceB-qospolicy-policy1] classifier classifier1 behavior behavior1 [DeviceB-qospolicy-policy1] quit # Create a TAP policy named policy2, and associate traffic class classifier2 with traffic behavior behavior1 in the TAP policy.
  • Page 22 Procedure Enable TAP globally. <DeviceC> system-view [DeviceC] tap enable Create monitoring group 1, and assign GigabitEthernet 1/0/3 to the monitoring group. [DeviceC] monitoring-group 1 [DeviceC-monitoring-group-1] monitoring-port gigabitethernet 1/0/3 [DeviceC-monitoring-group-1] quit Create a traffic class named classifier_tap, and configure the traffic class to match all packets. [DeviceC] traffic classifier classifier_tap [DeviceC-classifier-classifier_tap] if-match any [DeviceC-classifier-classifier_tap] quit...

  • Page 23: Example: Configuring Outer Vlan Tag Deleting

    Example: Configuring outer VLAN tag deleting Network configuration As shown in Figure 17, Device C is a TAP device, and GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 receive double-tagged packets. Configure Device C to meet the following requirements: • Delete the outer VLAN tag of the packets received on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.

  • Page 24: Example: Configuring Outer Vlan Tag Adding

    [DeviceC-GigabitEthernet1/0/1] quit # Apply TAP policy policy_tap to the inbound direction of GigabitEthernet 1/0/2. [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] qos apply tap policy policy_tap inbound [DeviceC-GigabitEthernet1/0/2] quit Example: Configuring outer VLAN tag adding Network configuration As shown in Figure 18, Device C is a TAP device, and GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 receive single-tagged packets.

  • Page 25: Example: Configuring Destination Mac Address Marking

    [DeviceC-qospolicy-policy_tap] quit Apply the TAP policy. # Apply TAP policy policy_tap to the inbound direction of GigabitEthernet 1/0/1. [DeviceC] interface gigabitethernet 1/0/1 [DeviceC-GigabitEthernet1/0/1] qos apply tap policy policy_tap inbound [DeviceC-GigabitEthernet1/0/1] quit # Apply TAP policy policy_tap to the inbound direction of GigabitEthernet 1/0/2. [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] qos apply tap policy policy_tap inbound [DeviceC-GigabitEthernet1/0/2] quit...

  • Page 26: Example: Configuring Timestamp And Ethernet Header Adding

    [DeviceB-qospolicy-policy_tap] quit Apply TAP policy policy_tap to the inbound direction of GigabitEthernet 1/0/1. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] qos apply tap policy policy_tap inbound [DeviceB-GigabitEthernet1/0/1] quit Example: Configuring timestamp and Ethernet header adding Network configuration As shown in Figure 20, Device D is a TAP device. Configure timestamp and Ethernet header adding on Device D to meet the following requirements: •...
  • Page 27 [DeviceD-classifier-classifier_tap] quit Configure traffic behaviors: # Create a traffic behavior named behavior_tap1, and configure an action of add destination MAC address 0050-ba27-bed4, source MAC address 0050-ba27-bed1, and Ethernet protocol number FF, and an action of redirecting packets to monitoring group 1. [DeviceD] traffic behavior behavior_tap1 [DeviceD-behavior-behavior_tap1] timestamp-over-ether destination-mac 0050-ba27-bed4 source-mac 0050-ba27-bed1 ethtype-id ff...

  • Page 28: Example: Configuring Packet Truncation

    [DeviceD-GigabitEthernet1/0/2] qos apply tap policy policy_tap2 inbound [DeviceD-GigabitEthernet1/0/2] quit # Apply TAP policy policy_tap3 to the inbound direction of GigabitEthernet 1/0/3. [DeviceD] interface gigabitethernet 1/0/3 [DeviceD-GigabitEthernet1/0/3] qos apply tap policy policy_tap2 inbound [DeviceD-GigabitEthernet1/0/3] quit Example: Configuring packet truncation Network configuration As shown in Figure 21, Device B is a TAP device.

  • Page 29: Example: Configuring Nvgre Header Stripping

    Create a TAP policy named policy_tap, and associate the traffic class with the traffic behavior in the TAP policy. [DeviceB] qos tap policy policy_tap [DeviceB-qospolicy-policy_tap] classifier classifier_tap behavior behavior_tap [DeviceB-qospolicy-policy_tap] quit Apply TAP policy policy_tap to the inbound direction of GigabitEthernet 1/0/1. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] qos apply tap policy policy_tap inbound [DeviceB-GigabitEthernet1/0/1] quit...
  • Page 30 Apply TAP policy policy_tap to the inbound direction of GigabitEthernet 1/0/1. <DeviceB> system-view [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] qos apply tap policy policy_tap inbound [DeviceB-GigabitEthernet1/0/1] quit...

This manual is also suitable for:

S5590-eiS5500v3-hi

Table of Contents