"Port mirror" is a port image, which provides a backup channel for network transmission. It can also be used for data traffic monitoring. It can be understood as follows: Establish an image relationship between port A and port B. In this way, data transmitted through port A will be transmitted through port B at the same time, even if data error occurs at port a due to transmission line issues, data at Port B is available.
Cisco switch port image Configuration
A Cisco switch supports up to two sets of images and all port images. Default password Cisco
Cisco catylist2820
There are 2 menu options
First enter the menu option, enable port Monitor
Enter CLI mode,
En
Conf term
Interface fast0/X Image Port
Port monitor fast0/X Image Port
Exit
WR
Cisco catylist2924, 2948 Cisco catylist 3524, 3548
Switch> en
Switch # conf term
Switch (config) # interface fast MOD/Port
Switch (config-If) # port monitor MOD/Port
Switch (config-If) # exit
Switch (config) # WR
Cisco catylist 2550 Cisco catylist 3550
Two groups of monitor sessions are supported.
En Password
Config term
Switch (config) # monitor session 1 destination interface fast0/4 (1 is session ID, ID range is 1-2)
Switch (config) # monitor session 1 source interface fast0/1, fast0/2, fast0/3 (space, comma, space)
Switch (config) # exit
Switch # copy running-conf startup-Conf
Switch # Show Port-Monitor
Cisco catylist 4000/5000 series Cisco catylist 6000 series
Two groups of images are supported.
En
Show module)
Set span source (mod/port) destination (mod/port) in | Out | both inpkts enable
Write tern all
Show Span
Note: For Multiple Source: MOD/port, MOD/port-mod/port, use the horizontal bar "-" for continuous ports, and for non-continuous ports, use the comma ","
Set span enable allows images
Set span disable Image
Set span source destination in | Out | both inpkts enable create (create is used to create a second set of images)
Huawei s2403h port monitoring configuration
En
Conf term
Monitor Ethernet source_mod/port to Ethernet source_mod/port obser Ethernet dest_mod/Port
Exit
Write
Show Monitor-Port
Note: The non-continuous port cannot be used as the Souce. If a single port is mirrored, direct to OBS ether without using ".....
Delete an image
En
Conf t
No monitort Ethernet source to enternet source obser enternet objective
Exit
Show Monitor-Port
Write
Alibaba Cloud 6500
S6506_a> en
Password:
S6506_a #
S6506_a # conf t
Enter configuration commands, one per line. End with Ctrl + Z.
S6506_a (config )#
S6506_a (config) # Set mirr word1 input gigabitethernet1/0/3 gigabitethernet1/0/4 mirror-port gigabitethernet1/0/6
S6506_a (config) # exit
S6506_a # Show mirror all
Mirror name: word1
Slot No: 1/0
Port mask: gigabitethernet1/0/3 gigabitethernet1/0/4
Mirror ction: Input
Mirror port: gigabitethernet1/0/6
Nortel Switch
Nortel 1100, 2000
Supports a set of images, two sources, and one destination.
Default username/password: 12/12
Config
Mirror
Input1 (mod/port) Enable
Input2 (mod/port) Enable
Output (mod/port) Enable
Save configure ture
Nortel 8000 series port image Configuration
In versions earlier than software 3.2.0.0, a set of images, 10 sources, and one destination are supported.
Software 3.2.0.0 and later versions support two sets of images. (Note: Generally, eight Ethernet ports are used as an integrated circuit board. Destination cannot be deployed on the same board, that is, only one destination is allowed on Ports 1-8, and 25 sources are supported (10 are valid-you don't know, you haven't played such a high version ).
Username/password: RWA/RWA superuser
Example: 2/6 2/6 2/8 image to 2/1
Config diag mirror-by-Port 1 create in-port 2/4 out-port 2/1 (1 is the ID number, range: 1-10)
Config diag mirror-by-Port 1 enable ture
Config diag mirror-by-Port 2 create in-port 2/6 out-port 2/1
Config diag mirror-by-Port 2 enable ture
Config diag mirror-by-Port 3 create in-port 2/8 out-port 2/1
Config diag mirror-by-Port 3 enable ture
Config diag mirror-by-Port 1 mode both | TX | RX
Save config
Diag mirror-by-port ID Info (view ID No. Image Information)
The image function provided by the Nortel switch is generally RX and does not support the both method (depending on the CPU). Therefore, the ping packet cannot be detected and can only be pinged. ?
Bay stack 450
Very easy, as long as the installation menu step by step. Only two sources and one destination are supported. Vswitch Software Version 3 or later.
Ssr8000
SSR command line interface reference manual 551
Port processing ing
Command
Purpose
Apply port forwarding ing to one or more target ports on an SSR or to traffic specified by
ACL profile.
Format
Port processing ing Monitor-port target-port | target-profile name>
Mode
Configure
Description
The port processing ing command allows you to monitor via a single port the activity of one
Or more ports on an SSR or the traffic that is specified by an ACL.
Parameters
Monitor-Port
The port you will use to monitor activity.
Target-Port
The port (s) for which you want to monitor activity. You can specify a single port or
Comma-separated list of ports.
Target-Profile
The name of the ACL that specifies the profile of the traffic that you want
Monitor. The ACL must be a previusly created ip acl. The ACL may contain in
Either permit or deny keywords. The port bonding ing command only looks at
Following ACL Rule parameter values: Protocol, source IP address, destination IP
Address, source port, destination port, and TOS.
3Com switch port image Configuration
In a 3Com Switch, a port image is called "Roving analysis ". The listening port is called the monitor port, and the port connecting to the listening device is called the analyzer port ).
Run the following command to configure the port image:
● Specified analysis Port
Feature rovinganalysis add, or f r,
For example:
Select menu option: feature rovinganalysis add
Select analysis slot: 1
Select analysis port: 2
● Specify the listening port and start the listening port
Feature rovinganalysis start, or f r STA,
For example:
Select menu option: feature rovinganalysis start
Select slot to monitor (1-12): 1
Select port to monitor (1-8): 3
● Stop port listening
Feature rovinganalysis stop, or f r sto,
Intel switch port image Configuration
Intel calls port listening "mirror ports ". The listening port is called the source port, and the port connecting to the listening device is called the mirror port ).
To configure a port listener, follow these steps:
● In the navigation menu, click mirror ports under statistics to display the mirror ports information.
● Click the port in the configure source column to select the source port. The mirror ports configuration is displayed.
● Set the Source Port:
The source port is the source port of the image traffic, and the mirror port is the port that receives the traffic from the source port.
● Click Apply.
You can select three listening methods:
1. Continuous (always): all traffic of the image.
2. Period (periodic): all traffic of images within a period. Set the image cycle in sampling interval configuration.
3. Disable: Disable the traffic image.
AVaya switch port image Configuration
In the Avaya switch user manual, port monitoring is called "port mirror ).
Run the following command to configure a port listener:
{Set | clear} port mirror
Set port listening: set port mirror source-port mirror-port sampling {always | disable | periodic} [Max-packets-sec <max-packets-sec-value>] [piggyback-port]
Disable port listening: Clear port mirror
In the command, mod-Port-range specifies the port range; mod-Port-spec specifies the specific port; piggyback-port specifies the port of the two-way image; sampling specifies the image cycle; max-packets-sec is only used when sampling is set to periodic. It specifies the maximum number of data entries per second for the listener.
Harbor flax24
Harbour (config )#
Harbour (config) # config grouping ing 1
Add add ports to processing ING Group.
Delete Delete ports from processing ING Group.
Disable disable current processing ING Group.
To apply port grouping ING Group.
Harbour (config) # config grouping ing 1 add Port 5 (source)
Harbour (config) # config grouping ing 1 to 13 (target)
Harbour (config) # Show processing ing
Port mirror configurations:
Grouping Group 1:
Source Port: 5
Target Port: 13
Harbour (config) # Save Configuration
Cisco switch port image Configuration
Catalyst 2900xl/3500XL/2950 Series Switch Port image Configuration
Run the following command to configure a port listener:
Port Monitor
For example, F0/1 and F0/2 belong to the same vlan1 and F0/1 Listen to ports F0/2 and F0/2:
Interface fastethernet0/1
Port monitor fastethernet0/2
Port monitor fastethernet0/5
Port monitor vlan1
Catalyst 6000, and Series Switch Port image Configuration
Run the following command to configure a port listener:
Set Span
For example, in Module 6, Port 1 and Port 2 belong to the same vlan1, Port 3 in vlan2, port 4 and 5 in vlan2, and Port 2 listen to ports 1, 3, 4, and 5,
Set span 6/1, 6/3-5 6/2
Run the following command to disable port listening:
Set span disable [dest_mod/dest_port | all]
Cisco 3550 EMI port image Configuration:
Configure in configuration mode
Monitor Session 1 source interface fa0/15
Monitor Session 1 destination interface fa0/14
Note: Port 15 is the source port (the port connected to the Internet) and Port 14 is the monitoring port (the computer that installs the Internet management software is connected to the port
Huawei switch port image Configuration
Port Image Data Process
Port-based images completely copy incoming and outgoing data packets from the mirrored ports to the mirrored ports for traffic observation or fault locating.
[Vswitch image 3026]
Vswitches such as s2008/s2016/s2026/s2403h/s3026 support port-based images. There are two methods:
Method 1
1. Configure the image (observation) Port
[Switcha] monitor-port E0/8
2. Configure the port to be mirrored
[Switcha] Port mirror Ethernet 0/1 to Ethernet 0/2
Method 2
1. You can define the image and the port to be mirrored at a time.
[Switcha] Port mirror Ethernet 0/1 to Ethernet 0/2 observing-port ethernet 0/8
[8016 vswitch port image configuration]
1. Assume that the image port of the 8016 switch is e1/0/15, the Image Port is e1/0/0, and Port 1/0/15 is the observation port of the port image.
[Switcha] Port monitor Ethernet 1/0/15
2. Set Port 1/0/0 as the port to be mirrored, and image the input and output data.
[Switcha] Port bonding ing Ethernet 1/0/0 both Ethernet 1/0/15
You can also mirror the input and output data through two different ports.
1. Set E1/0/15 and E2/0/0 as mirror (observation) ports.
[Switcha] Port monitor Ethernet 1/0/15
2. Set Port 1/0/0 as the mirrored port, and use E1/0/15 and E2/0/0 to mirror the input and output data respectively.
[Switcha] Port bonding ing gigabitethernet 1/0/0 ingress Ethernet 1/0/15
[Switcha] Port bonding ing gigabitethernet 1/0/0 egress Ethernet 2/0/0
"Stream Image-based Data Process 』
A vswitch based on a flow image mirrors some streams. Each connection has two data streams. For a vswitch, these two data streams must be mirrored separately.
[3500/3026 E/3026f/3050]
Cloudification-Based Image 〗
1. Define an extended access control list
[Switcha] ACL num0 101
2. Define a rule message source address as 1.1.1.1/32 to all destination addresses
[SwitchA-acl-adv-101] Rule 0 permit IP source 1.1.1.1 0 destination any
3. Define a rule message source address as the destination address of all source addresses 1.1.1.1/32
[SwitchA-acl-adv-101] Rule 1 permit IP source any destination 1.1.1.1 0
4. mirror the packets that comply with the preceding ACL rules to the E0/8 Port
[Switcha] mirrored-to ip-group 101 interface E0/8
2-layer stream-Based Image 〗
1. Define an ACL
[Switcha] ACL num0 200
2. Define a rule to send data packets from E0/1 to all other ports.
[Switcha] Rule 0 permit ingress interface ethernet0/1 (Egress interface any)
3. Define a packet rule from all other ports to E0/1
[Switcha] Rule 1 permit (ingress interface any) egress interface ethernet0/1
4. mirror the packets that match the preceding ACL to E0/8.
[Switcha] mirrored-to link-Group 200 interface E0/8
[5516] supports mirroring inbound port traffic
Configure the port ethernet 3/0/1 as the monitoring port and the inbound traffic image of port ethernet 3/0/2.
[Switcha] mirror Ethernet 3/0/2 ingress-to Ethernet 3/0/1
[6506/6503]
Currently, the three products only support mirroring inbound port traffic. Although the outbount parameter exists, it cannot be configured.
The image group name is 1, the monitoring port is ethernet4/0/2, and the inbound traffic on the port ethernet4/0/1 is mirrored.
[Switcha] grouping ing-group 1 inbound ethernet4/0/1 mirrored-to ethernet4/0/2
[Additional description]
1. Images can generally achieve high-speed port mirroring with low-speed ports. For example, a m port can mirror a m port. Otherwise, Images cannot be implemented.
2. 8016 support for cross-board Port Mirroring
3 test and verification
On the observation port, you can view the corresponding packets of the mirrored port through the tool software, and perform traffic observation or fault locating.
3Com Switch Port Monitoring Configuration
In the 3Com Switch user manual, port monitoring is called "Roving analysis ". The listening port is called the monitor port, and the port connecting to the listening device is called the analyzer port ).
Run the following command to configure a port listener:
● Specified analysis Port
Feature rovinganalysis add, or f r,
For example:
Select menu option: feature rovinganalysis add
Select analysis slot: 1
Select analysis port: 2
● Specify the listening port and start the listening port
Feature rovinganalysis start, or f r STA,
For example:
Select menu option: feature rovinganalysis start
Select slot to monitor (1-12): 1
Select port to monitor (1-8): 3
● Stop port listening
Feature rovinganalysis stop, or f r sto,
● Delete the analysis port and restore its status
Feature rovinganalysis remove, or use the abbreviation f r,
Run the Stop port listening command before using this command.
● View the settings of the analysis port and listening port:
Feature rovinganalysis summary, or use the abbreviation f r Su,
For example:
Select menu option: feature rovinganalysis Summary
Monitor port analysis port State
---------------------------------------
Slot 3 Port 5 slot1 port2 Enabled
Intel switch port image Configuration
Intel calls port listening "mirror ports ". The listening port is called the source port, and the port connecting to the listening device is called the mirror port ).
To configure a port image, follow these steps:
In the navigation menu, click mirror ports under statistics to display the mirror ports information.
Click the port in the configure source column to select the source port. The mirror ports configuration is displayed.
Set the Source Port:
The source port is the source port of the image traffic, and the mirror port is the port that receives the traffic from the source port.
Click Apply.
You can select three listening methods:
1. Continuous (always): all traffic of the image.
2. Period (periodic): all traffic of images within a period. Set the image cycle in sampling interval configuration.
3. Disable: Disable the traffic image.