H3C交换机远程端口镜像配置（反射端口方式）

组网需求

在一个二层网络中，Device A、Device B、Device C及Server如下图所示连接。其中，Device A通过端口Ten-GigabitEthernet1/0/1连接市场部。

通过配置二层远程端口镜像，使Server可以监控所有进、出市场部的报文。

组网图

配置步骤

配置Device C

# 配置端口Ten-GigabitEthernet1/0/1为Trunk口，并允许VLAN 2的报文通过。
<DeviceC> system-view
[DeviceC] interface ten-gigabitethernet 1/0/1
[DeviceC-Ten-GigabitEthernet1/0/1] port link-type trunk
[DeviceC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[DeviceC-Ten-GigabitEthernet1/0/1] quit
# 创建远程目的镜像组2。
[DeviceC] mirroring-group 2 remote-destination
# 创建VLAN 2作为远程镜像VLAN。
[DeviceC] vlan 2
# 关闭VLAN 2的MAC地址学习功能。
[DeviceC-vlan2] undo mac-address mac-learning enable
[DeviceC-vlan2] quit
# 配置远程目的镜像组2的远程镜像VLAN为VLAN 2，目的端口为Ten-GigabitEthernet1/0/2，在该端口上关闭生成树协议并将其加入VLAN 2。
[DeviceC] mirroring-group 2 remote-probe vlan 2
[DeviceC] interface ten-gigabitethernet 1/0/2
[DeviceC-Ten-GigabitEthernet1/0/2] mirroring-group 2 monitor-port
[DeviceC-Ten-GigabitEthernet1/0/2] undo stp enable
[DeviceC-Ten-GigabitEthernet1/0/2] port access vlan 2
[DeviceC-Ten-GigabitEthernet1/0/2] quit

配置Device B

# 创建VLAN 2作为远程镜像VLAN。
<DeviceB> system-view
[DeviceB] vlan 2
# 关闭VLAN 2的MAC地址学习功能。
[DeviceB-vlan2] undo mac-address mac-learning enable
[DeviceB-vlan2] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk口，并允许VLAN 2的报文通过。
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[DeviceB-Ten-GigabitEthernet1/0/1] quit
# 配置端口Ten-GigabitEthernet1/0/2为Trunk口，并允许VLAN 2的报文通过。
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceB-Ten-GigabitEthernet1/0/2] quit

配置Device A

# 创建远程源镜像组1。
<DeviceA> system-view
[DeviceA] mirroring-group 1 remote-source
# 创建VLAN 2作为远程镜像VLAN。
[DeviceA] vlan 2
# 关闭VLAN 2的MAC地址学习功能。
[DeviceA-vlan2] undo mac-address mac-learning enable
[DeviceA-vlan2] quit
# 配置远程源镜像组1的远程镜像VLAN为VLAN 2，源端口为Ten-GigabitEthernet1/0/1，反射端口为Ten-GigabitEthernet1/0/3。
[DeviceA] mirroring-group 1 remote-probe vlan 2
[DeviceA] mirroring-group 1 mirroring-port ten-gigabitethernet 1/0/1 both
[DeviceA] mirroring-group 1 reflector-port ten-gigabitethernet 1/0/3
This operation may delete all settings made on the interface. Continue? [Y/N]: y
# 配置端口Ten-GigabitEthernet1/0/2为Trunk口，并允许VLAN 2的报文通过。
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceA-Ten-GigabitEthernet1/0/2] quit

验证配置

# 显示Device C上所有镜像组的配置信息。
[DeviceC] display mirroring-group all
Mirroring group 2:
Type: Remote destination
Status: Active
Monitor port: Ten-GigabitEthernet1/0/2
Remote probe VLAN: 2
# 显示Device A上所有镜像组的配置信息。
[DeviceA] display mirroring-group all
Mirroring group 1:
Type: Remote source
Status: Active
Mirroring port:
Ten-GigabitEthernet1/0/1 Both
Reflector port: Ten-GigabitEthernet1/0/3
Remote probe VLAN: 2

配置测试

配置完成后，用户可以通过Server监控所有进、出市场部的报文。

可以使用抓包软件去抓取流量进行测试。如：wireshark，sniffer等。