Download
Share
Print this page
H3C S6530X Series Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S6530X Series
  6. Configuration manual
H3C S6530X Series Configuration Manual

H3C S6530X Series Configuration Manual

Tap
Hide thumbs

Advertisement

Quick Links

Download this manual
H3C S6530X Switch Series
TAP Configuration Guide
New H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 8307Pxx
Document version: 6W100-20240313

Advertisement

loading
Need help?

Need help?

Do you have a question about the S6530X Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S6530X Series

Summary of Contents for H3C S6530X Series

  • Page 1 H3C S6530X Switch Series TAP Configuration Guide New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 8307Pxx Document version: 6W100-20240313...
  • Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Command Conventions

    Preface This configuration guide describes the TAP fundamentals and configuration procedures. This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback. Audience This documentation is intended for: • Network planners. • Field technical support and servicing engineers. •...

  • Page 4: Network Topology Icons

    Symbols Convention Description An alert that calls attention to important information that if not understood or followed WARNING! can result in personal injury. An alert that calls attention to important information that if not understood or followed CAUTION: can result in data loss, data corruption, or damage to hardware or software. An alert that calls attention to essential information.

  • Page 5: Documentation Feedback

    Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 6: Table Of Contents

    Contents Configuring TAP ···························································································· 1 About TAP ·························································································································································· 1 How TAP works ·········································································································································· 1 TAP deployment mode ······························································································································· 2 Restrictions and guidelines: TAP configuration·································································································· 3 TAP tasks at a glance ········································································································································ 3 Prerequisites for TAP configuration ··················································································································· 4 Enabling TAP globally ········································································································································ 4 Configuring a traffic class ···································································································································...

  • Page 7: Configuring Tap

    Configuring TAP About TAP The growing scale of data center networks places more and more stringent requirements on security and performance. Monitoring network traffic and extracting data from the traffic is an important aspect to be addressed. The test access point (TAP) feature can copy and forward traffic in real time without interrupting the traffic.

  • Page 8: Tap Deployment Mode

    Figure 1 TAP workflow A packet enters TAP device Matches the criteria? No TAP Editing actions exist? processing Execute editing actions Execute redirecting action Copy the packet Send a copy to each monitoring device TAP deployment mode A TAP device can be deployed in the following modes: •...

  • Page 9: Restrictions And Guidelines: Tap Configuration

    Figure 2 Deployment modes IP network IP network Monitoring device Monitoring device Direct mode Indirect mode Restrictions and guidelines: TAP configuration In a TAP policy, you must configure the action of redirecting packets to a monitoring group, and you can configure packet editing actions as needed. If both the redirecting action and a packet editing action are configured, the packet editing action is executed before the redirecting action.

  • Page 10: Prerequisites For Tap Configuration

    Configuring an outer VLAN tag deleting action  Configuring an outer VLAN tag adding action  Configuring an IP or MAC address marking action  Configuring a timestamp and Ethernet header adding action  Configuring a packet truncation action  Configuring a tunnel header stripping action ...

  • Page 11: Configuring A Traffic Behavior

    Configuring a traffic behavior Configuring an M:N copying action About this task This feature allows the device to forward packets it receives from multiple (M) interfaces to multiple (N) data monitoring devices (Server A and Server B), as shown in Figure Figure 3 Network diagram Port 1...

  • Page 12: Configuring An Outer Vlan Tag Deleting Action

    Figure 4 Network diagram Port 1 Port 3 Device Server Port 2 Procedure Enter system view. system-view Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name Configure a VLAN ID marking action. Choose one option as needed: Configure a CVLAN ID marking action.

  • Page 13: Configuring An Outer Vlan Tag Adding Action

    By default, no outer VLAN tag deleting action is configured. Configure an action of redirecting packets to a monitoring group. redirect monitoring-group group-id By default, no action of redirecting packets to a monitoring group is configured. Configuring an outer VLAN tag adding action About this task In some scenarios, the device receives packets with different CVLAN IDs on different interfaces.

  • Page 14: Configuring A Timestamp And Ethernet Header Adding Action

    system-view Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name Configure an IP or MAC address marking action. Choose one option as needed: Configure a destination IPv4 address marking action.  remark destination-ip ipv4-address By default, no destination IPv4 address marking action is configured. Configure a source IPv4 address marking action.

  • Page 15: Configuring A Packet Truncation Action

    Figure 8 Network diagram ETH Header ETH Header ETH Header Port 2 Port 4 Device Server Procedure Enter system view. system-view Create a traffic behavior and enter traffic behavior view. traffic behavior behavior-name Configure a timestamp and Ethernet header adding action. timestamp-over-ether destination-mac mac-address source-mac mac-address ethtype-id ethtype-id By default, no timestamp and Ethernet header adding action is configured.

  • Page 16: Configuring A Tunnel Header Stripping Action

    redirect monitoring-group group-id By default, no action of redirecting packets to a monitoring group is configured. Return to system view. quit Set the packet length after truncation. qos truncation length length The default setting is 128 bytes. Configuring a tunnel header stripping action About this task In some scenarios, the data monitoring device (the server) cannot parse GRE, NVGRE, or VXLAN packets.

  • Page 17: Configuring A Tap Policy

    Configure a tunnel header stripping action. Delete a tunnel header by using the user-defined method.  strip-header position { l2 | l3 | l4 } [ offset offset-value ] Delete the GRE header.  strip-header gre header-length header-length encap-eth-header destination-mac mac-address source-mac mac-address [ vlan vlan-id [ dot1p dot1p-value ] ] ethtype-id ethtype-id Delete the NVGRE header.

  • Page 18: Tap Configuration Examples

    Task Command For more information about this command, see flow mirroring commands in ACL and QoS Command Reference. display traffic behavior user-defined [ behavior-name ] [ slot slot-number ] Display traffic behavior configuration. For more information about this command, see flow mirroring commands in ACL and QoS Command Reference.

  • Page 19: Example: Configuring M:n Copying For Aggregate Interfaces

    [DeviceD-monitoring-group-1] quit Create a traffic class named classifier_tap, and configure the traffic class to match all packets. [DeviceD] traffic classifier classifier_tap [DeviceD-classifier-classifier_tap] if-match any [DeviceD-classifier-classifier_tap] quit Create a traffic behavior named behavior_tap, and configure an action of redirecting packets to monitoring group 1. [DeviceD] traffic behavior behavior_tap [DeviceD-behavior-behavior_tap] redirect monitoring-group 1 [DeviceD-behavior-behavior_tap] quit...
  • Page 20 Figure 15 Network diagram Device B Device C Device A XGE1/0/1 XGE1/0/2 XGE1/0/3 XGE1/0/4 Bridge-Aggregation 1 XGE1/0/5 Device D Procedure Enable TAP globally. <DeviceB> system-view [DeviceB] tap enable Configure an aggregate interface: # Create a Layer 2 aggregate interface named Bridge-Aggregation 1. [DeviceB] interface bridge-aggregation 1 [DeviceB-Bridge-Aggregation1] quit # Assign Ten-GigabitEthernet 1/0/3, Ten-GigabitEthernet 1/0/4, and Ten-GigabitEthernet 1/0/5...
  • Page 21 [DeviceB-acl-ipv4-adv-3001] rule permit ip source 192.168.1.1 0 destination 192.168.2.1 0 [DeviceB-acl-ipv4-adv-3001] quit # Create a traffic class named classifier1, and use ACL 3001 as the match criterion. [DeviceB] traffic classifier classifier1 [DeviceB-classifier-classifier1] if-match acl 3001 [DeviceB-classifier-classifier1] quit # Create IPv4 advanced ACL 3002, and configure a rule to match packets with source IP address 192.168.2.1 and destination IP address 192.168.1.1.

  • Page 22: Example: Configuring Vlan Id Marking

    Example: Configuring VLAN ID marking Network configuration As shown in Figure 16, Device C is a TAP device. Configure VLAN ID marking on Device C to meet the following requirements: • Mark CVLAN 10 for packets received on Ten-GigabitEthernet 1/0/1. •...

  • Page 23: Example: Configuring Outer Vlan Tag Deleting

    # Create a TAP policy named policy_tap1, and associate traffic class classifier_tap with traffic behavior behavior_tap1 in the TAP policy. [DeviceC] qos tap policy policy_tap1 [DeviceC-qospolicy-policy_tap1] classifier classifier_tap behavior behavior_tap1 [DeviceC-qospolicy-policy_tap1] quit # Create a TAP policy named policy_tap2, and associate traffic class classifier_tap with traffic behavior behavior_tap2 in the TAP policy.

  • Page 24: Example: Configuring Outer Vlan Tag Adding

    [DeviceC-monitoring-group-1] quit Create a traffic class named classifier_tap, and configure the traffic class to match all packets. [DeviceC] traffic classifier classifier_tap [DeviceC-classifier-classifier_tap] if-match any [DeviceC-classifier-classifier_tap] quit Create a traffic behavior named behavior_tap, and configure an outer VLAN tag deleting action and an action of redirecting packets to monitoring group 1. [DeviceC] traffic behavior behavior_tap [DeviceC-behavior-behavior_tap] strip-header top-most-vlan [DeviceC-behavior-behavior_tap] redirect monitoring-group 1...

  • Page 25: Example: Configuring Destination Mac Address Marking

    Enable TAP globally. <DeviceC> system-view [DeviceC] tap enable Create monitoring group 1, and assign Ten-GigabitEthernet 1/0/3 to the monitoring group. [DeviceC] monitoring-group 1 [DeviceC-monitoring-group-1] monitoring-port ten-gigabitethernet 1/0/3 [DeviceC-monitoring-group-1] quit Create a traffic class named classifier_tap, and configure the traffic class to match all packets. [DeviceC] traffic classifier classifier_tap [DeviceC-classifier-classifier_tap] if-match any [DeviceC-classifier-classifier_tap] quit...

  • Page 26: Example: Configuring Timestamp And Ethernet Header Adding

    Enable TAP globally. <DeviceB> system-view [DeviceB] tap enable Create monitoring group 1, and assign Ten-GigabitEthernet 1/0/2 to the monitoring group. [DeviceB] monitoring-group 1 [DeviceB-monitoring-group-1] monitoring-port ten-gigabitethernet 1/0/2 [DeviceB-monitoring-group-1] quit Create a traffic class named classifier_tap, and configure the traffic class to match all packets. [DeviceB] traffic classifier classifier_tap [DeviceB-classifier-classifier_tap] if-match any [DeviceB-classifier-classifier_tap] quit...
  • Page 27 Figure 20 Network diagram Device A XGE1/0/2 XGE1/0/4 Device B Device D Server Device C Procedure Enable TAP globally. <DeviceD> system-view [DeviceD] tap enable Create monitoring group 1, and assign Ten-GigabitEthernet 1/0/4 to the monitoring group. [DeviceD] monitoring-group 1 [DeviceD-monitoring-group-1] monitoring-port ten-gigabitethernet 1/0/4 [DeviceD-monitoring-group-1] quit Configure a traffic class.

  • Page 28: Example: Configuring Packet Truncation

    [DeviceD] traffic behavior behavior_tap3 [DeviceD-behavior-behavior_tap3] timestamp-over-ether destination-mac 0050-ba27-bed4 source-mac 0050-ba27-bed3 ethtype-id ff [DeviceD-behavior-behavior_tap3] redirect monitoring-group 1 [DeviceD-behavior-behavior_tap2] quit Configure TAP policies: # Create a TAP policy named policy_tap1, and associate traffic class classifier_tap with traffic behavior behavior_tap1 in the TAP policy. [DeviceD] qos tap policy policy_tap1 [DeviceD-qospolicy-policy_tap1] classifier classifier_tap behavior behavior_tap1 [DeviceD-qospolicy-policy_tap1] quit...

  • Page 29: Example: Configuring Nvgre Header Stripping

    Procedure Enable TAP globally. <DeviceB> system-view [DeviceB] tap enable Create monitoring group 1, and assign Ten-GigabitEthernet 1/0/2 to the monitoring group. [DeviceB] monitoring-group 1 [DeviceB-monitoring-group-1] monitoring-port ten-gigabitethernet 1/0/2 [DeviceB-monitoring-group-1] quit Configure a traffic class. # Create IPv4 advanced ACL 3001, and configure a rule to match TCP packets with source IP address 10.0.0.1 and mask 255.255.255.0.
  • Page 30 Figure 22 Network diagram XGE1/0/1 XGE1/0/2 Device A Device B Server Procedure Enable TAP globally. <DeviceB> system-view [DeviceB] tap enable Create monitoring group 1, and assign Ten-GigabitEthernet 1/0/2 to the monitoring group. [DeviceB] monitoring-group 1 [DeviceB-monitoring-group-1] monitoring-port ten-gigabitethernet 1/0/2 [DeviceB-monitoring-group-1] quit Create a traffic class named classifier_tap, and configure the traffic class to match NVGRE packets with VSID FFFF28.