Layer 3 remote port mirroring configuration example
Network requirements
On the Layer 3 network shown in Figure 36,
• Device A connects to the marketing department through GigabitEthernet 1/0/1 and connects to
the trunk port GigabitEthernet 1/0/1 of Device B through the trunk port GigabitEthernet 1/0/2;
Device C connects to the server through GigabitEthernet 1/0/2 and connects to the trunk port
GigabitEthernet 1/0/2 of Device B through the trunk port GigabitEthernet 1/0/1. Device A
supports egress port configuration.
• Configure Layer 2 remote port mirroring to enable the server to monitor the bidirectional traffic of the marketing department.
1. Configure Device A (the source device)
# Create a remote source group.
<DeviceA> system-view
[DeviceA] mirroring-group 1 remote-source
# Create VLAN 2 as the remote probe VLAN.
[DeviceA] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceA-vlan2] mac-address mac-learning disable
[DeviceA-vlan2] quit
[DeviceA] mirroring-group 1 remote-probe vlan 2
[DeviceA] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both
[DeviceA] mirroring-group 1 monitor-egress GigabitEthernet 1/0/2
#
Configure output port GigabitEthernet 1/0/2 as a trunk port to permit the packets of VLAN 2 to pass
through, and disable the spanning tree feature on the port.
[DeviceA] interface GigabitEthernet 1/0/2
[DeviceA-GigabitEthernet1/0/2] port link-type trunk
[DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceA-GigabitEthernet1/0/2] undo stp enable
[DeviceA-GigabitEthernet1/0/2] quit
2. Configure Device B (the intermediate device)
# Create VLAN 2 as the remote probe VLAN.
<DeviceB> system-view
[DeviceB] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceB-vlan2] mac-address mac-learning disable
[DeviceB-vlan2] quit
# Configure GigabitEthernet 1/0/1 as a trunk port that permits the packets of VLAN 2 to pass through.
[DeviceB] interface GigabitEthernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] port link-type trunk
[DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 2
[DeviceB-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as a trunk port that permits the packets of VLAN 2 to pass through.
[DeviceB-GigabitEthernet1/0/1] quit
[DeviceB] interface GigabitEthernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] port link-type trunk
[DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceB-GigabitEthernet1/0/2] quit
3. Configure Device C (the destination device)
# Configure GigabitEthernet 1/0/1 as a trunk port that permits the packets of VLAN 2 to pass through.
<DeviceC> system-view
[DeviceC] interface GigabitEthernet 1/0/1
[DeviceC-GigabitEthernet1/0/1] port link-type trunk
[DeviceC-GigabitEthernet1/0/1] port trunk permit vlan 2
[DeviceC-GigabitEthernet1/0/1] quit
# Create a remote destination group.
[DeviceC] mirroring-group 1 remote-destination
# Create VLAN 2 as the remote probe VLAN.
[DeviceC] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceA-vlan2] mac-address mac-learning disable
[DeviceA-vlan2] quit
# Configure VLAN 2 as the remote probe VLAN of the mirroring group and GigabitEthernet 1/0/2 as
the monitor port of the mirroring group, disable the spanning tree feature on GigabitEthernet 1/0/2,
and assign the port to VLAN 2.
[DeviceC] mirroring-group 1 remote-probe vlan 2
[DeviceC] interface GigabitEthernet 1/0/2
[DeviceC-GigabitEthernet1/0/2] mirroring-group 1 monitor-port
[DeviceC-GigabitEthernet1/0/2] undo stp enable
[DeviceC-GigabitEthernet1/0/2] port access vlan 2
[DeviceC-GigabitEthernet1/0/2] quit
4. Verify the configurations
After the configurations are completed, you can monitor all the packets received and sent by the
marketing department on the server.
Network requirements
On the Layer 3 network shown in Figure 36,
• Device A connects to the marketing department through GigabitEthernet 1/0/1 and connects to
the trunk port GigabitEthernet 1/0/1 of Device B through the trunk port GigabitEthernet 1/0/2;
Device C connects to the server through GigabitEthernet 1/0/2 and connects to the trunk port
GigabitEthernet 1/0/2 of Device B through the trunk port GigabitEthernet 1/0/1. Device A
supports egress port configuration.
• Configure Layer 2 remote port mirroring to enable the server to monitor the bidirectional traffic of the marketing department.
1. Configure Device A (the source device)
# Create a remote source group.
<DeviceA> system-view
[DeviceA] mirroring-group 1 remote-source
# Create VLAN 2 as the remote probe VLAN.
[DeviceA] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceA-vlan2] mac-address mac-learning disable
[DeviceA-vlan2] quit
[DeviceA] mirroring-group 1 remote-probe vlan 2
[DeviceA] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both
[DeviceA] mirroring-group 1 monitor-egress GigabitEthernet 1/0/2
#
Configure output port GigabitEthernet 1/0/2 as a trunk port to permit the packets of VLAN 2 to pass
through, and disable the spanning tree feature on the port.
[DeviceA] interface GigabitEthernet 1/0/2
[DeviceA-GigabitEthernet1/0/2] port link-type trunk
[DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceA-GigabitEthernet1/0/2] undo stp enable
[DeviceA-GigabitEthernet1/0/2] quit
2. Configure Device B (the intermediate device)
# Create VLAN 2 as the remote probe VLAN.
<DeviceB> system-view
[DeviceB] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceB-vlan2] mac-address mac-learning disable
[DeviceB-vlan2] quit
# Configure GigabitEthernet 1/0/1 as a trunk port that permits the packets of VLAN 2 to pass through.
[DeviceB] interface GigabitEthernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] port link-type trunk
[DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 2
[DeviceB-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as a trunk port that permits the packets of VLAN 2 to pass through.
[DeviceB-GigabitEthernet1/0/1] quit
[DeviceB] interface GigabitEthernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] port link-type trunk
[DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceB-GigabitEthernet1/0/2] quit
3. Configure Device C (the destination device)
# Configure GigabitEthernet 1/0/1 as a trunk port that permits the packets of VLAN 2 to pass through.
<DeviceC> system-view
[DeviceC] interface GigabitEthernet 1/0/1
[DeviceC-GigabitEthernet1/0/1] port link-type trunk
[DeviceC-GigabitEthernet1/0/1] port trunk permit vlan 2
[DeviceC-GigabitEthernet1/0/1] quit
# Create a remote destination group.
[DeviceC] mirroring-group 1 remote-destination
# Create VLAN 2 as the remote probe VLAN.
[DeviceC] vlan 2
# Disable MAC address learning for the remote probe VLAN.
[DeviceA-vlan2] mac-address mac-learning disable
[DeviceA-vlan2] quit
# Configure VLAN 2 as the remote probe VLAN of the mirroring group and GigabitEthernet 1/0/2 as
the monitor port of the mirroring group, disable the spanning tree feature on GigabitEthernet 1/0/2,
and assign the port to VLAN 2.
[DeviceC] mirroring-group 1 remote-probe vlan 2
[DeviceC] interface GigabitEthernet 1/0/2
[DeviceC-GigabitEthernet1/0/2] mirroring-group 1 monitor-port
[DeviceC-GigabitEthernet1/0/2] undo stp enable
[DeviceC-GigabitEthernet1/0/2] port access vlan 2
[DeviceC-GigabitEthernet1/0/2] quit
4. Verify the configurations
After the configurations are completed, you can monitor all the packets received and sent by the
marketing department on the server.
