Layer 3 remote port mirroring configuration example
Network requirements
Device A connects to the marketing department through GigabitEthernet 1/0/1 and connects to GigabitEthernet 1/0/1 of Device B through GigabitEthernet 1/0/2. Device C connects to the server through GigabitEthernet 1/0/2 and connects to GigabitEthernet 1/0/2 of Device B through GigabitEthernet 1/0/1.
Configure Layer 3 remote port mirroring to enable the server to monitor the bidirectional traffic of the marketing department through a GRE tunnel.
Figure 39: Network diagram
Configuration procedure
Configure IP addresses for the tunnel interfaces and related ports on the devices.
Configure a VLAN, add interfaces to the VLAN, and configure IP addresses and subnet masks for related ports and the tunnel interfaces according to the configurations shown in .
Configure Device A (the source device):
# Create tunnel interface Tunnel 0, and configure an IP address and subnet mask for it.
<DeviceA> system-view [DeviceA] interface tunnel 0 [DeviceA-Tunnel0] ip address 50.1.1.1 24
# Configure Tunnel 0 to operate in GRE mode, and configure source and destination IP addresses for it.
[DeviceA-Tunnel0] tunnel-protocol gre [DeviceA-Tunnel0] source 20.1.1.1 [DeviceA-Tunnel0] destination 30.1.1.2 [DeviceA-Tunnel0] quit
# Create service loopback group 1 and set the service type to tunnel.
[DeviceA] service-loopback group 1 type tunnel
# Add any port (GigabitEthernet 1/0/3 for example) on the device to service loopback group 1.
[DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] undo stp enable [DeviceA-GigabitEthernet1/0/3] port service-loopback group 1
# Apply service loopback group 1 to Tunnel 0 in tunnel interface view.
[DeviceA-GigabitEthernet1/0/3] quit [DeviceA] interface tunnel 0 [DeviceA-Tunnel0] service-loopback-group 1
# Enable the OSPF protocol.
[DeviceA] ospf 1 [DeviceA-ospf-1] area 0 [DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [DeviceA-ospf-1-area-0.0.0.0] quit [DeviceA-ospf-1] quit
# Create local mirroring group 1.
[DeviceA] mirroring-group 1 local
# Configure GigabitEthernet 1/0/1 as a source port and Tunnel 0 as the monitor port of local mirroring group 1.
[DeviceA] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both [DeviceA] mirroring-group 1 monitor-port tunnel 0
Enable the OSPF protocol on Device B (the intermediate device).
<DeviceB> system-view [DeviceB] ospf 1 [DeviceB-ospf-1] area 0 [DeviceB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255 [DeviceB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [DeviceB-ospf-1-area-0.0.0.0] quit [DeviceB-ospf-1] quit
Configure Device C (the destination device):
# Create tunnel interface Tunnel 0, and configure an IP address and subnet mask for it.
<DeviceC> system-view [DeviceC] interface tunnel 0 [DeviceC-Tunnel0] ip address 50.1.1.2 24
# Configure Tunnel 0 to operate in GRE mode, and configure source and destination IP addresses for it.
[DeviceC-Tunnel0] tunnel-protocol gre [DeviceC-Tunnel0] source 30.1.1.2 [DeviceC-Tunnel0] destination 20.1.1.1 [DeviceC-Tunnel0] quit
# Create service loopback group 1 and set the service type to tunnel.
[DeviceA] service-loopback group 1 type tunnel
# Add any port (GigabitEthernet 1/0/3 for example) on the device to service loopback group 1.
[DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] undo stp enable [DeviceA-GigabitEthernet1/0/3] port service-loopback group 1
# Apply service loopback group 1 to Tunnel 0 in tunnel interface view.
[DeviceC-GigabitEthernet1/0/3] quit [DeviceC] interface tunnel 0 [DeviceC-Tunnel0] service-loopback-group 1 [DeviceC-Tunnel0] quit
# Enable the OSPF protocol.
[DeviceC] ospf 1 [DeviceC-ospf-1] area 0 [DeviceC-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255 [DeviceC-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255 [DeviceC-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255 [DeviceC-ospf-1-area-0.0.0.0] quit [DeviceC-ospf-1] quit
# Create local mirroring group 1.
[DeviceC] mirroring-group 1 local
# Configure GigabitEthernet 1/0/1 as a source port and GigabitEthernet 1/0/2 as the monitor port of local mirroring group 1.
[DeviceC] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 inbound [DeviceC] mirroring-group 1 monitor-port GigabitEthernet 1/0/2
# Disable the spanning tree feature on the monitor port GigabitEthernet 1/0/2.
[DeviceC] interface GigabitEthernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] undo stp enable [DeviceC-GigabitEthernet1/0/2] quit
Verify the configurations.
After the configurations are completed, you can monitor all the packets received and sent by the marketing department on the server.