H3C S5100-SI Operation Manual page 431

To do...
Configure the port as the
monitor port
Return to system view
Enter Ethernet port view
Mirror incoming ACL
matching packets on the
port to the monitor port
User-defined traffic classification rules configured for traffic mirroring in the global scope
or for a VLAN take precedence over the default rules used for processing protocol packets.
The device will perform mirroring action preferentially, which may affect device
management implemented through Telnet and so on.
Configuration examples
# Duplicate the incoming packets from network segment 10.1.1.0/24 to monitor port
GigabitEthernet 1/0/4 (assume that GigabitEthernet 1/0/1 is connected to network segment
10.1.1.0/24 and carries VLAN 2).
1) Method I: configure traffic mirroring for port GigabitEthernet 1/0/1
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.255
[Sysname-acl-basic-2000] quit
[Sysname] interface GigabitEthernet 1/0/4
[Sysname-GigabitEthernet1/0/4] monitor-port
[Sysname-GigabitEthernet1/0/4] quit
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1]
monitor-interface
2) Method II: configure traffic mirroring for VLAN 2
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.255
[Sysname-acl-basic-2000] quit
[Sysname] interface GigabitEthernet 1/0/4
[Sysname-GigabitEthernet1/0/4] monitor-port
[Sysname-GigabitEthernet1/0/4] quit
[Sysname] mirrored-to vlan 2 inbound ip-group 2000 monitor-interface
Use the command...
monitor-port
quit
interface interface-type
interface-number
mirrored-to inbound
acl-rule monitor-interface
mirrored-to
1-42
Remarks
Required
—
—
Required
inbound ip-group 2000