交换机端口镜像,如何配置多个观察口
转自: http://support.huawei.com/ecommunity/bbs/10152503.html
实现原理:将所有端口镜像报文引入一个观察端口,通过观察端口内部环回(配置loopback internal),
将报文在vlan内广播到其它若干实际观察端口,报文出端口时剥除vlan id。
配置举例:
预留vlan3500(for example)
# vlan batch 3 10 20 100 300 to 301 3000 to 3002 3500 4000
#
观察端口
# observe-port 1 interface GigabitEthernet0/0/21 vlan 3500
#
三个镜像端口:
# interface GigabitEthernet0/0/3
port-mirroring to observe-port 1 both
# interface GigabitEthernet0/0/4
port-mirroring to observe-port 1 both
# interface GigabitEthernet0/0/5
port-mirroring to observe-port 1 both
#
三个观察端口:
# interface GigabitEthernet0/0/11
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3500
# interface GigabitEthernet0/0/12
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3500
# interface GigabitEthernet0/0/13
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3500
#
环回端口:
# interface GigabitEthernet0/0/21
description neibuhuanhui
loopback internal
mac-address learning disable
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 3500
stp disable
注意:如果交换机全局配置stp enable,需要在环回端口上配置stp disable,否则该端口如果接收到交换机自己发出去的stp报文,
会将端口置为discarding状态,环回报文都会在入向被丢弃
