镜像

H3C镜像分为三种:《1》二层端口镜像;《2》二层远程镜像;《3》高级流镜像。

加料:H3C 查看ACL资源:dis acl resourece(V5版本)

                                           dis qos-acl resource  (V7版本)

                    

 

 

《1》二层端口镜像:

 

 

 

创建本地镜像组:

[H3C]mirroring-group 1 local

 

划分需要监控的镜像端口:

[H3C]mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both

 

指定监控出接口:

[H3C]int GigabitEthernet 1/0/2

[H3C-GigabitEthernet1/0/2]mirroring-group 1 monitor-port

 

检验:

[H3C]dis mirroring-group all

Mirroring group 1:

    Type: Local

    Status: Active

    Mirroring port:

        GigabitEthernet1/0/1  Both

Monitor port: GigabitEthernet1/0/2

 

 

《2》二层远程镜像:

 

 

创建远程镜像组,并指定输出VLAN:

[H3C]vlan 4003

H3C]mirroring-group 1 remote-source

[H3C]mirroring-group 1 remote-probe vlan 4003

 

划分镜像口:

[H3C]mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both

 

划分镜像口:

[H3C]mirroring-group 1 reflector-port GigabitEthernet 1/0/2

This operation may delete all settings made on the interface. Continue? [Y/N]: y

 

指定出接口vlan:

interface GigabitEthernet1/0/3

 port link-mode bridge

 port access vlan 4003

 

 

注意:

请不要在反射端口上连接网线,也不要在反射端口上配置例如stp协议等功能;

配置反射端口前,请确认undo shutdown保证接口的管理状态为开启。

 

 

 

《3》流镜像;

(高级镜像,可细化到源目IP)

 

要求抓取在G1/0/1口上,从192.168.1.1 去往192.168.1.2的流量,输出G1/0/3口;

 

流定义:

[H3C]acl advanced 3333

[H3C-acl-ipv4-adv-3333]rule permit ip source 192.168.1.1 0 destination 192.168.1.2 0

 

[H3C]traffic classifier 1

[H3C-classifier-1]if-match acl 3333

 

流行为:

[H3C]traffic behavior 1

[H3C-behavior-1]mirror-to interface GigabitEthernet 1/0/3

 

流策略:

[H3C]qos policy 1

[H3C-qospolicy-1]classifier 1 behavior 1

 

接口应用:

[H3C]int GigabitEthernet 1/0/1

[H3C-GigabitEthernet1/0/1]qos apply policy 1 inbound

 

检验:

dis qos policy interface GigabitEthernet 1/0/1

Interface: GigabitEthernet1/0/1

  Direction: Inbound

  Policy: 1

   Classifier: 1

     Operator: AND

     Rule(s) :

      If-match acl 3333

     Behavior: 1

      Mirroring:

        Mirror to the interface: GigabitEthernet1/0/3

你可能感兴趣的:(镜像)