組網需求:
Switch A為目的交換機,Switch A通過GigabitEthernet 1/1/2和監控裝置PC2相連,GigabitEthernet 1/1/2為鏡像目的端口,Switch B為中間交換機,Switch A的Trunk端口GigabitEthernet 1/1/1和Switch B的Trunk端口GigabitEthernet 1/1/1相連,Switch B的Trunk端口GigabitEthernet 1/1/2和Switch C的Trunk端口GigabitEthernet 1/1/1相連,Switch C為源交換機,Switch C的端口GigabitEthernet 1/1/2和PC1相連,GigabitEthernet 1/1/2為鏡像源端口,定義GigabitEthernet 1/1/3為反射端口。
組網圖:
 |
配置步驟:
SwitchC的配置:
1.進入系統視圖
<SwitchC> system-view
2.建立并進入VLAN10,設定VLAN10為remote-probe vlan
[SwitchC] vlan 10
[SwitchC-vlan10] remote-probe vlan enable
[SwitchC-vlan10] quit
3.進入G1/1/1端口視圖
[SwitchC] interface GigabitEthernet 1/1/1
4.設定端口為trunk,并允許vlan10通過
[SwitchC-GigabitEthernet1/1/1] port link-type trunk
[SwitchC-GigabitEthernet1/1/1] port trunk permit vlan 10
[SwitchC-GigabitEthernet1/1/1] quit
5.設定遠端源鏡像組
[SwitchC] mirroring-group 1 remote-source
6.設定G1/1/2為源端口,并對進方向封包進行監控
[SwitchC] mirroring-group 1 mirroring-port GigabitEthernet 1/1/2 inbound
7.設定G1/1/3為遠端反射端口
[SwitchC] mirroring-group 1 reflector-port GigabitEthernet 1/1/3
8.設定鏡像組1的remote-probe vlan為10
[SwitchC] mirroring-group 1 remote-probe vlan 10
Switch B的配置:
1.設定vlan10為remote-probe vlan
[SwitchB] vlan 10
[SwitchB-vlan10] remote-probe vlan enable
[SwitchB-vlan10] quit
2.将端口G1/1/1設為trunk口并允許vlan10通過
[SwitchB] interface GigabitEthernet 1/1/1
[SwitchB-GigabitEthernet1/1/1] port link-type trunk
[SwitchB-GigabitEthernet1/1/1] port trunk permit vlan 10
[SwitchB-GigabitEthernet1/1/1] quit
3.将端口G1/1/2設為trunk口并允許vlan10通過
[SwitchB] interface GigabitEthernet 1/1/2
[SwitchB-GigabitEthernet1/1/2] port link-type trunk
[SwitchB-GigabitEthernet1/1/2] port trunk permit vlan 10
Switch A的配置:
1.設定vlan10為remote-probe vlan
[SwitchA] vlan 10
[SwitchA-vlan10] remote-probe vlan enable
[SwitchA-vlan10] quit
2.将端口G1/1/1設為trunk口并允許vlan10通過
[SwitchA] interface GigabitEthernet 1/1/1
[SwitchA-GigabitEthernet1/1/1] port link-type trunk
[SwitchA-GigabitEthernet1/1/1] port trunk permit vlan 10
[SwitchA-GigabitEthernet1/1/1] quit
3.設定遠端監控鏡像組
[SwitchA] mirroring-group 1 remote-destination
4.設定端口G1/1/2為監控端口
[SwitchA] mirroring-group 1 monitor-port GigabitEthernet 1/1/2
5.設定鏡像組1的remote-probe vlan為10
[SwitchA] mirroring-group 1 remote-probe vlan 10
配置關鍵點:
1.不能将預設VLAN、管理VLAN設定成Remote-probe vlan;
2.需要通過配置保證Remote-probe VLAN從源交換機到目的交換機的二層互通性;
3.支援遠端鏡像的裝置包括:H3C S3100、H3C S3600-EI、H3C S5600、H3C S5100、Quidway S3900-EI、Quidway S5100和Quidway S5600系列交換機。
![在DOS下運作不了ipconfig指令[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)