H3C镜像分为三种:《1》二层端口镜像;《2》二层远程镜像;《3》高级流镜像。
加料:H3C 查看ACL资源:dis acl resourece(V5版本)
dis qos-acl resource (V7版本)
《1》二层端口镜像:
创建本地镜像组:
[H3C]mirroring-group 1 local
划分需要监控的镜像端口:
[H3C]mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both
指定监控出接口:
[H3C]int GigabitEthernet 1/0/2
[H3C-GigabitEthernet1/0/2]mirroring-group 1 monitor-port
检验:
[H3C]dis mirroring-group all
Mirroring group 1:
Type: Local
Status: Active
Mirroring port:
GigabitEthernet1/0/1 Both
Monitor port: GigabitEthernet1/0/2
《2》二层远程镜像:
创建远程镜像组,并指定输出VLAN:
[H3C]vlan 4003
H3C]mirroring-group 1 remote-source
[H3C]mirroring-group 1 remote-probe vlan 4003
划分镜像口:
[H3C]mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both
划分镜像口:
[H3C]mirroring-group 1 reflector-port GigabitEthernet 1/0/2
This operation may delete all settings made on the interface. Continue? [Y/N]: y
指定出接口vlan:
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 4003
注意:
请不要在反射端口上连接网线,也不要在反射端口上配置例如stp协议等功能;
配置反射端口前,请确认undo shutdown保证接口的管理状态为开启。
《3》流镜像;
(高级镜像,可细化到源目IP)
要求抓取在G1/0/1口上,从192.168.1.1 去往192.168.1.2的流量,输出G1/0/3口;
流定义:
[H3C]acl advanced 3333
[H3C-acl-ipv4-adv-3333]rule permit ip source 192.168.1.1 0 destination 192.168.1.2 0
[H3C]traffic classifier 1
[H3C-classifier-1]if-match acl 3333
流行为:
[H3C]traffic behavior 1
[H3C-behavior-1]mirror-to interface GigabitEthernet 1/0/3
流策略:
[H3C]qos policy 1
[H3C-qospolicy-1]classifier 1 behavior 1
接口应用:
[H3C]int GigabitEthernet 1/0/1
[H3C-GigabitEthernet1/0/1]qos apply policy 1 inbound
检验:
Interface: GigabitEthernet1/0/1
Direction: Inbound
Policy: 1
Classifier: 1
Operator: AND
Rule(s) :
If-match acl 3333
Behavior: 1
Mirroring:
Mirror to the interface: GigabitEthernet1/0/3