Network Device port Image

Port Mirroring is a very important function in network devices and plays a role in management and monitoring. It also plays a role in device security, monitor the packet information of an important network device to prevent any adverse network security events. Port images are divided into local port image SPAN and remote port image (RSPAN) local port image: it is limited to the same device in the network, and the remote port image: the mirrored port is not on the same device, and can span the network, more convenient for network administrators to manage port image configurations for remote switch devices: 1. first, determine the mirror source port and the direction of the mirrored packets. inbound indicates mirroring the packets received by the port, and outbound indicates mirroring the packets sent by the port, both indicates mirroring the packets received and sent by the port at the same time. determine the port number of the remote port: 650) this. width = 650; "title =" 2013-08-29_112659.png "src =" http://www.bkjia.com/uploads/allimg/131227/052211A56-0.png "Width =" 698 "height =" 222 "/> to implement Remote port mirroring, you must configure a special vlan called Remote-probe VLAN, all reported images are transmitted to the Image Port of the destination switch through this vlan. Source switch: The switch where the monitored port is located. It forwards the image traffic up through the Remote-probe VLAN and to the intermediate switch or the intermediate switch of the destination switch: the switch between the source switch and the destination switch is responsible for forwarding the image traffic to the next intermediate switch or destination switch through the Remote-probe VLAN. If the source switch is directly connected to the destination switch, no intermediate switch exists. Destination switch: The switch where the detection port is located. The received traffic is forwarded to the detection device through the destination port of the image. Test preparation: Huawei S2000-HI switch 2, h3c firewall 2, pc, linux operating system virtual machine a simulated Monitoring Device) Experiment 1 local port image topology: 650) this. width = 650; "title =" 2013-08-29_122410.png "src =" http://www.bkjia.com/uploads/allimg/131227/0522113R4-1.png "/> The configuration command data monitoring device has a packet capture tool to simulate the installation of wireshark or other packet capture tools. Sw-1 <Quidway> system-view [Quidway] sysname sw-1 [sw-1] int Vlan-interface 1 [sw-1-Vlan-interface1] ip add 192.168.2.4 24 // configure ip Address [sw-1-Vlan-interface1] quit [sw-1] local- user user1 // set the Logon account New local user added. [sw-1-luser-user1] password simple 1234 [sw-1-luser-user1] service-type telnet level 3 [sw-1-luser-user1] quit [sw-1] user-interface vty 0 4 [sw-1-ui-vty0-4] authentication-mode scheme [sw-1-ui-vty0-4] quit
Sw-2 configuration <Quidway> system-view [Quidway] sysname sw-2 [sw-2] int Vlan-interface 1 [sw-2-Vlan-interface1] ip add 192.168.2.5 24 [sw-2-Vlan-interface1] quit [sw-2]
Sw-3 configuration <Quidway> system-view [Quidway] sysname sw-3 [sw-3] logging ing-group 1 local // set local port image [sw-3] logging ing-group 1 logging ing-port Ethernet 1/0/ 2 Ethernet 1/0/4 both // set the mirrored port [sw-3] mirroring ing-group 1 monitor-port Ethernet 1/0/6 // set the mirrored port [sw-3] dis inserting ing-group 1/ /view the local image group copying ing-group 1: type: local status: active processing ing port: Ethernet1/0/41 both Ethernet1/0/42 both monitor port: Ethernet1/0/41 test: 0/2) this. width = 650; "title =" 2013-08-31_1502.16.png "src =" http://www.bkjia.com/uploads/allimg/131227/0522111003-2.png "Width =" 689 "height =" 65 "/> remote port image experiment topology: 650) this. width = 650;" title = "2013-08-29_122713.png" src =" http://www.bkjia.com/uploads/allimg/131227/052211E45-3.png "Width =" 666 "height =" 353 "/> sw3 configuration <Quidway> system-view [Quidway] sysname sw3 [sw3] logging ing-group 1 remote-source // set the image group source [sw3] vlan 10 [sw3-vlan10] remote-probe vlan enable // enable image-related vlan [sw3-vlan10] int e1/0/1 [sw3-Ethernet1/0/1] port link-type trunk/ /set the trunk port [sw3-Ethernet1/0/1] port trunk permit vlan 10 // allow vlan10 through Please wait... done. [sw3-Ethernet1/0/1] quit [sw3] logging ing-group 1 logging ing-port Ethernet 1/0/3 inbound // receive packets from the mirrored port [sw3] logging ing-group 1 logging ing-port ethernet 1/0/5 outbound // accept the packet [sw3] routing ing-group 1 remote-probe vlan 10 [sw3] routing ing-group 1 reflector-port e1/0/7/ /map the Image Port [sw3] dis using ing-group 1inging-group 1: type: remote-source status: active communication ing port: Ethernet1/0/42 inbound Ethernet1/0/42 outbound reflector port: Ethernet1/0/42 remote-probe vlan: 10 [sw3] sw2 configuration <Quidway> system-view [Quidway] sysname sw2 [sw2] vlan 10 [sw2-vlan10] remote-probe vlan enable [sw2-vlan10] quit [sw2] [sw2] int e1/0/1 [sw2-Ethernet1/0/1] port link-type trunk [sw2-Ethernet1/0/1] port trunk permit vlan 10 Please wait... done. [sw2-Ethernet1/0/1] int e1/0/3 [sw2-Ethernet1/0/3] port link-type trunk [sw2-Ethernet1/0/3] port trunk permit vlan 10 Please wait... done. [sw2-Ethernet1/0/3] quit [sw2] sw1 configuration <Quidway> system-view [Quidway] sysname sw1 [sw1] vlan 10 [sw1-vlan10] remote-probe vlan enable [sw1-vlan10] int e1 /0/1 [sw1-Ethernet1/0/1] port link-type trunk [sw1-Ethernet1/0/1] port trunk permit vlan 10 Please wait... done. [sw1-Ethernet1/0/1] quit [sw1] routing ing-group 1 remote-destination [sw1] routing ing-group 1 monitor-port e1/0/5 [sw1] routing ing-group 1 remote-probe vlan 10. [sw1] dis discovery ing-group 1mirroring-group 1: type: remote-destination status: active monitor port: Ethernet1/0/5 remote-probe vlan: 10 [sw1]
Pc1 Configure Firewall simulation) <H3C> system-view [H3C] sysname pc1 [pc1] local-user user1 New local user added. [pc1-luser-user1] password simple 123 [pc1-luser-user1] service-type ftp [pc1-luser-user1] q [pc1] int eth0/0 [pc1-Ethernet0/0] ip add 192.168.2.4 24 [pc1-Ethernet0/0] quit [pc1]
Pc2 configure <H3C> system-view [H3C] sysname pc2 [pc2] int eth0/0 [pc2-Ethernet0/0] ip add 192.168.2.5 24 [pc2-Ethernet0/0] q [pc2]
Test: log on to pc1 on pc2 using ftp to obtain packet capture data 650) this. width = 650; "title =" 2013-08-29_180448.png "src =" http://www.bkjia.com/uploads/allimg/131227/0522114Q9-4.png "/>

 

This article is from the "those once" blog, please be sure to keep this source http://slayr.blog.51cto.com/7613374/1286355