1 配置需求或说明
1.1适用产品系列
本案例适用于如S7000E、S7500E等的V7交换机,V5、V7交换机具体分类及型号可以参考“1.1 Comware V5、V7平台交换机分类说明”。
1.2配置需求及实现的效果
在一个二层网络中,SWA通过端口GigabitEthernet1/0/1连接PC,SWC通过端口GigabitEthernet1/0/2连接server。通过配置二层远程端口镜像,使Server可以监控所有进、出PC的报文。
2 组网图
3 配置步骤
配置SWC
# 配置端口GigabitEthernet1/0/1为Trunk口,并允许VLAN 2的报文通过。<SWC> system-view[SWC] interface gigabitethernet 1/0/1[SWC-GigabitEthernet1/0/1] port link-type trunk[SWC-GigabitEthernet1/0/1] port trunk permit vlan 2[SWC-GigabitEthernet1/0/1] quit# 创建远程目的镜像组2。[SWC] mirroring-group 2 remote-destination# 创建VLAN 2作为远程镜像VLAN。[SWC] vlan 2# 关闭VLAN 2的MAC地址学习功能。[SWC-vlan2] undo mac-address mac-learning enable[SWC-vlan2] quit# 配置远程目的镜像组2的远程镜像VLAN为VLAN 2,目的端口为GigabitEthernet1/0/2,在该端口上关闭生成树协议并将其加入VLAN 2。[SWC] mirroring-group 2 remote-probe vlan 2[SWC] interface gigabitethernet 1/0/2[SWC-GigabitEthernet1/0/2] mirroring-group 2 monitor-port[SWC-GigabitEthernet1/0/2] undo stp enable[SWC-GigabitEthernet1/0/2] port access vlan 2[SWC-GigabitEthernet1/0/2] quit |
(2) 配置SWB
# 创建VLAN 2作为远程镜像VLAN。<SWB> system-view[SWB] vlan 2# 关闭VLAN 2的MAC地址学习功能。[SWB-vlan2] undo mac-address mac-learning enable[SWB-vlan2] quit# 配置端口GigabitEthernet1/0/1为Trunk口,并允许VLAN 2的报文通过。[SWB] interface gigabitethernet 1/0/1[SWB-GigabitEthernet1/0/1] port link-type trunk[SWB-GigabitEthernet1/0/1] port trunk permit vlan 2[SWB-GigabitEthernet1/0/1] quit# 配置端口GigabitEthernet1/0/2为Trunk口,并允许VLAN 2的报文通过。[SWB] interface gigabitethernet 1/0/2[SWB-GigabitEthernet1/0/2] port link-type trunk[SWB-GigabitEthernet1/0/2] port trunk permit vlan 2[SWB-GigabitEthernet1/0/2] quit |
(3) 配置SWA
# 创建远程源镜像组1。<SWA> system-view[SWA] mirroring-group 1 remote-source# 创建VLAN 2作为远程镜像VLAN。[SWA] vlan 2# 关闭VLAN 2的MAC地址学习功能。[SWA-vlan2] undo mac-address mac-learning enable[SWA-vlan2] quit# 配置远程源镜像组1的远程镜像VLAN为VLAN 2,源端口为GigabitEthernet1/0/1,反射端口为GigabitEthernet1/0/3。[SWA] mirroring-group 1 remote-probe vlan 2[SWA] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 both[SWA] mirroring-group 1 reflector-port gigabitethernet 1/0/3This operation may delete all settings made on the interface. Continue? [Y/N]: y# 配置端口GigabitEthernet1/0/2为Trunk口,并允许VLAN 2的报文通过。[SWA] interface gigabitethernet 1/0/2[SWA-GigabitEthernet1/0/2] port link-type trunk[SWA-GigabitEthernet1/0/2] port trunk permit vlan 2[SWA-GigabitEthernet1/0/2] quit |
4 验证配置
# 显示SWC上所有镜像组的配置信息。[SWC] display mirroring-group allMirroring group 2: Type: Remote destination Status: Active Monitor port: GigabitEthernet1/0/2 Remote probe VLAN: 2# 显示SWA上所有镜像组的配置信息。[SWA] display mirroring-group allMirroring group 1: Type: Remote source Status: Active Mirroring port: GigabitEthernet1/0/1 Both Reflector port: GigabitEthernet1/0/3 Remote probe VLAN: 2 |
我们凭借多年的智能化设计及施工经验,坚持以“帮助中小企业实现现代化网络”为宗旨,累计为4000多家客户提供品质智能化服务,得到了客户的一致好评。如果您有综合布线、计算机网络、无线覆盖、门禁考勤、机房建设、防火墙、路由器及交换机调试等方面的需求...
请立即点击咨询我们或拨打咨询热线: 17804441181,我们会详细为你一一解答你心中的疑难。项目经理在线
请立即点击咨询我们或拨打咨询热线: 17804441181,我们会详细为你一一解答你心中的疑难。项目经理在线
客服1 