Layer 2 remote port mirroring configuration example (reflector port)

Network requirements

As shown in Figure 86, configure Layer 2 remote port mirroring to enable the server to monitor the bidirectional traffic of the Marketing Department.

Figure 86: Network diagram

Configuration procedure

  1. Configure Device C (the destination device):

    # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 2.

    <DeviceC> system-view
    [DeviceC] interface ten-gigabitethernet 1/0/1
    [DeviceC-Ten-GigabitEthernet1/0/1] port link-type trunk
    [DeviceC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
    [DeviceC-Ten-GigabitEthernet1/0/1] quit
    

    # Create a remote destination group.

    [DeviceC] mirroring-group 2 remote-destination
    

    # Create VLAN 2.

    [DeviceC] vlan 2
    

    # Disable MAC address learning for VLAN 2.

    [DeviceC-vlan2] undo mac-address mac-learning enable
    [DeviceC-vlan2] quit
    

    # Configure VLAN 2 as the remote probe VLAN for the mirroring group.

    [DeviceC] mirroring-group 2 remote-probe vlan 2
    

    # Configure Ten-GigabitEthernet 1/0/2 as the monitor port for the mirroring group.

    [DeviceC] interface ten-gigabitethernet 1/0/2
    [DeviceC-Ten-GigabitEthernet1/0/2] mirroring-group 2 monitor-port
    

    # Disable the spanning tree feature on Ten-GigabitEthernet 1/0/2.

    [DeviceC-Ten-GigabitEthernet1/0/2] undo stp enable
    

    # Assign Ten-GigabitEthernet 1/0/2 to VLAN 2.

    [DeviceC-Ten-GigabitEthernet1/0/2] port access vlan 2
    [DeviceC-Ten-GigabitEthernet1/0/2] quit
    
  2. Configure Device B (the intermediate device):

    # Create VLAN 2.

    <DeviceB> system-view
    [DeviceB] vlan 2
    

    # Disable MAC address learning for VLAN 2.

    [DeviceB-vlan2] undo mac-address mac-learning enable
    [DeviceB-vlan2] quit
    

    # Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 2.

    [DeviceB] interface ten-gigabitethernet 1/0/1
    [DeviceB-Ten-GigabitEthernet1/0/1] port link-type trunk
    [DeviceB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
    [DeviceB-Ten-GigabitEthernet1/0/1] quit
    

    # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 2.

    [DeviceB] interface ten-gigabitethernet 1/0/2
    [DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk
    [DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
    [DeviceB-Ten-GigabitEthernet1/0/2] quit
    
  3. Configure Device A (the source device):

    # Create a remote source group.

    <DeviceA> system-view
    [DeviceA] mirroring-group 1 remote-source
    

    # Create VLAN 2.

    [DeviceA] vlan 2
    

    # Disable MAC address learning for VLAN 2.

    [DeviceA-vlan2] undo mac-address mac-learning enable
    [DeviceA-vlan2] quit
    

    # Configure VLAN 2 as the remote probe VLAN for the mirroring group.

    [DeviceA] mirroring-group 1 remote-probe vlan 2
    

    # Configure Ten-GigabitEthernet 1/0/1 as a source port for the mirroring group.

    [DeviceA] mirroring-group 1 mirroring-port ten-gigabitethernet 1/0/1 both
    

    # Configure Ten-GigabitEthernet 1/0/3 as the reflector port for the mirroring group.

    [DeviceA] mirroring-group 1 reflector-port ten-gigabitethernet 1/0/3
    This operation may delete all settings made on the interface. Continue? [Y/N]: y
    

    # Configure Ten-GigabitEthernet 1/0/2 as a trunk port, and assign the port to VLAN 2.

    [DeviceA] interface ten-gigabitethernet 1/0/2
    [DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk
    [DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
    [DeviceA-Ten-GigabitEthernet1/0/2] quit
    

Verifying the configuration

# Verify the mirroring group configuration on Device C.

[DeviceC] display mirroring-group all
Mirroring group 2:
    Type: Remote destination
    Status: Active
    Monitor port: Ten-GigabitEthernet1/0/2
    Remote probe VLAN: 2

# Verify the mirroring group configuration on Device A.

[DeviceA] display mirroring-group all
Mirroring group 1:
    Type: Remote source
    Status: Active
    Mirroring port:
        Ten-GigabitEthernet1/0/1  Both
    Reflector port: Ten-GigabitEthernet1/0/3
    Remote probe VLAN: 2