Configuring Port Mirroring
After port mirroring is enabled, you can connect the observing port to the network traffic analyzer to analyze the constitution of various application packets on the mirroring port.
Background
To enable the port mirroring function is helpful for locating network problems. However, this function can affect the device performance to some extent, please be cautious. When using port mirroring, reference an ACL to set a traffic mirroring range to protect other services against heavy mirrored traffic.
After locating network problems is complete, please disable the port mirroring function.
To prevent the failure of receiving all mirroring packets due to the inconsistency of interface transmission rates, ensure that the transmission rates of the observing and mirroring ports are the same.
The mirroring port needs to be added to security zones, and configure security policies to ensure normal network communication. The observing port does not need to be added to security zones and configure security policies.
The management port, HA port, and Eth-Trunk interface and sub-interface cannot be used as mirrored ports or observing ports.
The FW supports MPU CPU-based and hardware chip-based port mirroring. FW packets first pass through the NP chip and then are sent to the MPU CPU. After the hardware fast forwarding function is enabled by default, only some traffic is sent to the CPU. Therefore, the packets captured based on the hardware chip in port mirroring mode are more comprehensive. In addition, it helps reduce the CPU usage and is therefore recommended.
Configuring MPU CPU-based Port Mirroring
- Access the system view.
- Specify the observing port.
observing-port observing-port
The observing port is a non-service interface and is used to transmit the service packets mirrored to this port. Through the mirroring port, you can observe the packets passing through the mirrored port.
- Enable the function of sending packet discarding packets to the observing port.
port-mirroring packet-discard observing-port { interface-name | interface-type interface-num } [ acl-number { acl-number | ipv6 acl-number } ]
- Enable port mirroring.
port-mirroring mirroring-port { both | inbound | outbound } observing-port [ acl-number { acl-number | ipv6 acl-number } ]
The mirrored port is a service port and is used to send and receive service packets. Before enabling port mirroring, you should run the observing-port command to configure the mirroring port.
Only the Ethernet interface supports to be the mirroring port.
Configuring Hardware Chip-based Port Mirroring
- Access the system view.
system-view
- Configure the observing port.
observing-port hardware observing-port
The observing port is a non-service port for transmitting service packets mirrored to this port. You can use the observing port to observe packets passing through the corresponding mirroring port.
- Enable port mirroring.
port-mirroring hardware mirroring-port { both | inbound | outbound } observing-port [ acl-number acl-number ]
The mirroring port is a service port for transmitting and receiving service packets. It can mirror transmitted and received packets. Before enabling port mirroring, you should run the observing-port command to configure the related observing port.
Follow-up Procedure
<sysname> system-view [sysname] display port-mirroring configuration Observing port: GigabitEthernet0/0/1 Port-mirroring configuration: GigabitEthernet0/0/2 [Inbound][Outbound] is mirrored to GigabitEthernet0/0/1 according to ACL 3001
After locating network problems, please run the undo port-mirroring command to disable the port mirroring function.