Switch Port Mirror Configuration 1 Functional Demand and Network Description
Port Mirror Configuration "Environment Configuration Parameters" 1. PC1 is connected to the switch E0 / 1 port, IP address 1.1.1.1/242. PC2 is connected to the switch E0 / 2 port, IP address 2.2.2.2/243. E0 / 24 is the switch uplink Port 4. Server is connected to the switch E0 / 8 port, which is used as the Mirror Port "Networking Demand" 1. Monitoring the business packets of the two PCs using Server by the Switch port image. 2. Configuration according to the image of the image: 1) Port-based mirroring 2) stream-based mirror 2 data configuration step "Data flow of port mirror" is port-based image is completely copied with the image port of the mirrored port. Series to the mirror port, which is to perform traffic observation or fault location. [3026 and other switched mirroring] S2008 / S2016 / S2026 / S2403H / S3026 and other switches are supported by ports, there are two methods: method 1 1. Configure mirror (observation) port [Switcha] Monitor-Port E0 / 82 Configure the mirror port [Switcha] port mirror Ethernet 0/1 to Ethernet 0/2 Method 1. Can define a mirror and mirror port [Switcha] port mirror Ethernet 0/1 to Ethernet 0/2 ObserVing-Port Ethernet 0/8 [8016 Switch Port Mirror Configuration] 1. Assume that the 8016 switch mirror port is E1 / 0/15, the mirror port is E1 / 0/0, and the port 1/0/15 is the observation port of the port image. [Switcha] Port Monitor EtherNet 1/0/152. Setting port 1/0/0 is mirror port, mirroring its input and output data. [Switcha] Port mirroring Ethernet 1/0/0 Both Ethernet 1/0/15 can also be mirrored by two different ports, data on input and output 1. Setting E1 / 0/15 and E2 / 0/0 Mirror (observation) port [Switcha] Port Monitor Ethernet 1/0/152. Set port 1/0/0 is mirrored port, which use E1 / 0/15 and E2 / 0/0 to mirror input and output data. [Switcha] Port mirroring Gigabitethernet 1/0/0 ingress Ethernet 1/0/15 [Switcha] Port mirroring GigabitEthernet 1/0/0 EGRESS Ethernet 2/0/0
"Data Process Based on Sir Mirror" is mirrored by the switched switch for some streams. Each connection has two directions of data streams. For the switch, the two data streams are to be separated. [3500 / 3026e / 3026F / 3050] Mirroring Based on Three-Tier Flow 1. Define a list of extended access controls [Switcha] ACL NUM 1012. Define a rule message source address is 1.1.1.1/32 to all destination addresses [Switch ACL-ADV-101] rule 0 Permit IP Source 1.1.1.1 0 Destination Any3. Define a rule message source address for all source address destination is 1.1.1.1/32[switcha-ACL-ADV-101]Rule 1 Permit IP Source Any Destination 1.1.1.1 04. Members of the above Acl rules to E0 / 8 port [Switcha] mirrored-to ip-group 101 Interface E0 / 8
〖Based on two-layer flow mirror 1. Define an ACL [Switcha] ACL Num 200 2. Define a rule from E0 / 1 to other port packets [Switcha] rule 0 permit INTERFACE Ethernet 0/1 (Egress Interface ANY) 3. Define a rule from other ports to E0 / 1 ports [Switcha] rule 1 permit (INGRESS Interface Any) EGRESS Interface Ethernet0 / 14. Members of the above ACLs to E0 / 8 [Switcha ] Mirrored-to Link-Group 200 Interface E0 / 8 [5516] Supports mirror configuration port Ethernet 3/0/1 to monitor ports, the incoming flow image of the Ethernet 3/0/2. [Switcha] mirror Ethernet 3/0/2 ingress-to Ethernet 3/0/1
[6506/6503 / 6506R] The three products are currently only mirroring the port traffic, although there is an Outbount parameter, but cannot be configured. The mirror group is named 1, the monitoring port is Ethernet 4/0/2, the port Ethernet 4/0/1 is imaged. [Switcha] mirroring-group 1 inbound Ethernet4 / 0/1 mirrored-to ethernet4 / 0/2
[Supplementary description] 1. Mirror generally enables high-rate port mirror low rate ports, such as 1000m ports can be mirrored 100M port, which cannot be implemented 2. 8016 support cross-board port mirror 3 test verification on the observation port by tool software You can see the corresponding packets of the mirrored ports, flow observation or fault location can be performed.
