Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 2391 to Favourites
    image text
    Enable zoom 
    							 90 
{ When a VLAN is configured as a remote probe VLAN, use the remote probe VLAN for port 
mirroring exclusively. Do not create a VLAN interface for the VLAN or configure any other 
features for the VLAN. 
{ The remote mirroring groups on the source device and destination device must use the same 
remote probe VL AN. 
2. Configuration procedure: 
To configure the remote probe VLAN for the remote source group: 
 
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Configure the 
remote probe 
VLAN.  mirroring-group 
group-id 
remote-probe vlan 
rprobe-vlan-id   B y  d e f a u l t ,  n o  r e m o t e  p r o b e  V L A N  i s  c o n f i g u r e d  
for a remote source group. 
 
Configuring a remote destination group (on the destination 
device) 
To configure a remote destination group, make the following configurations on the destination device: 
Creating a remote destination group 
 
Step Command Remarks 
1.
  Enter system view. 
system-view  N/A 
2.  Create a remote destination 
group.  mirroring-group
 group-id 
remote-destination  By default, no remote destination 
group exists on a device.  
 
Configuring the monitor port for the remote destination group 
You can configure the monitor port for a mirroring grou
p in system view, or assign the current port to a 
mirroring group as the monitor port in interfac e view. The two methods lead to the same result. 
1. Configuration restrictions and guidelines: 
{  A mirroring group contains only one monitor port.  
{ To make sure that the mirroring function works properly, do not enable the spanning tree 
feature on the monitor port.  
{ HP recommends you use a monitor port only for po rt mirroring. This is to make sure that the 
data monitoring device receives and analyzes only the mirrored traffic rather than a mix of 
mirrored traffic and normally forwarded traffic. 
{  You cannot configure the monitor port in a mirroring group as a port in a RRPP ring. 
2. Configuration procedure: 
To configure the monitor port for the remote destination group in system view: 
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A
    Add page 2392 to Favourites
    image text
    Enable zoom 
    							 91 
Step Command Remarks 
2.  Configure the monitor port.  mirroring-group 
group-id 
monitor-port  monitor-port-id  By default, no monitor port is configured 
for a remote destination group. 
 
To configure the monitor port for the remote destination group in interface view:  
Step Command Remarks 
1.
  Enter system view. 
system-view  N/A 
2.  Enter interface view.  interface
 interface-type 
interface-number  N/A 
3.
  Configure the current 
port as the monitor 
port.  [
 mirroring-group  group-id ] 
monitor-port  By default, a port does not serve as the monitor 
port for any remote destination group.  
 
Configuring the remote probe VLAN 
for the remote destination group 
1. Configuration restrictions and guidelines: 
{  A VLAN can serve for only one mirroring group. 
{ When a VLAN is configured as a remote probe VLAN, use the remote probe VLAN for port 
mirroring exclusively. Do not configure a VLAN interface for the VLAN or configure any other 
features for the VLAN. 
{ When a VLAN is configured as a remote probe VLAN, you must remove the remote probe 
VLAN configuration before deleting the VLAN. 
{ When you remove the configuration of a remote probe VLAN, an active mirroring group 
becomes inactive. 
2. Configuration procedure:  
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Configure the 
remote probe 
VLAN.  mirroring-group 
group-id 
remote-probe vlan  rprobe-vlan-id By default, no remote probe VLAN is 
configured for a remote destination group.
 
 
Assigning the monitor port to the remote probe VLAN 
 
Step Command Remarks 
1.
  Enter system view. 
system-view  N/A 
2.  Enter the interface view of the 
monitor port.  interface
 interface-type interface-number N/A 
3.  Assign the port to the probe VLAN. 
• For an access port: 
port access vlan  vlan-id 
• For a trunk port: 
port trunk permit vlan  vlan-id  
• For a hybrid port: 
port hybrid  vlan  vlan-id {  tagged | 
untagged  }  Use one of the 
commands
    Add page 2393 to Favourites
    image text
    Enable zoom 
    							 92 
For more information about the port access vlan, port trunk permit vlan , and port hybrid vlan  commands, 
see  Layer 2—LAN Switching Command Reference. 
Displaying and maintaining port mirroring 
 
Task Command Remarks 
Display the configuration 
of mirroring groups.  display mirroring-group 
{ group-id  |  all  | local  | 
remote-destination  | remote-source  } [ | { begin  | 
exclude  | include  } regular-expression ]  Available in any view 
 
Port mirroring configuration examples 
Local port mirroring configuration example 
Network requirements 
On the network shown in 
Figure 34:  
•   D
evice A connects to the marketing department through GigabitEthernet 1/0/1 and to the 
technical department through GigabitEthernet 1/0/2. It connects to the server through 
GigabitEthernet 1/0/3.  
•   Co n fig u re  l o c a l  p o r t  m i rro ri n g  i n  s ou rc e  po r t  m o d e  to  en ab l e  t h e  s er ve r  to  m o n i to r  th e  bid i re ct io na l  
traffic of the marketing department and the technical department. 
Figure 34  Network diagram 
 
 
Configuration procedure 
1. Create a local mirroring group: 
# Create local mirroring group 1. 
 system-view 
[DeviceA] mirroring-group 1 local 
# Configure GigabitEthernet 1/0/1 and Gigabi tEthernet 1/0/2 as source ports and port 
GigabitEthernet 1/0/3 as the monitor port.
    Add page 2394 to Favourites
    image text
    Enable zoom 
    							 93 
[DeviceA] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 Gigabit\
Ethernet 
1/0/2 both 
[DeviceA] mirroring-group 1 monitor-port GigabitEthernet 1/0/3 
# Disable the spanning tree feature on the monitor port GigabitEthernet 1/0/3. 
[DeviceA] interface GigabitEthernet 1/0/3 
[DeviceA-GigabitEthernet1/0/3] undo stp enable 
[DeviceA-GigabitEthernet1/0/3] quit 
2. Verify the configurations: 
# Display the configuration of all mirroring groups. 
[DeviceA] display mirroring-group all 
mirroring-group 1: 
    type: local 
    status: active 
    mirroring port: 
        GigabitEthernet1/0/1  both 
        GigabitEthernet1/0/2  both 
monitor port: GigabitEthernet1/0/3 
After the configurations are completed, you can mo nitor all the packets received and sent by the 
marketing department and the technical department on the server. 
Local port mirroring with multiple monitor ports configuration 
example 
Network requirements 
As shown in Figure 35 , Dept. A, Dept. B, and Dept. C are connected to Device A through ports 
GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3, respectively. Configure 
port mirroring to enable all three data monitoring devi ces, Server A, Server B, and Server C, to monitor 
both the incoming and outgoing traffic of the three departments.  
Figure 35  Network diagram
    Add page 2395 to Favourites
    image text
    Enable zoom 
    							 94 
Configuration procedure 
# Create remote source mirroring group 1. 
 system-view 
[DeviceA] mirroring-group 1 remote-source 
# Configure GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 as source ports of remote source 
mirroring group 1. 
[DeviceA] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 to gigabitethernet 1/0/3 
both 
# Configure an unused port (GigabitEthernet 1/0/5 for example) of Device A as the reflector port of 
remote source mirroring group 1. 
[DeviceA] mirroring-group 1 reflector-port GigabitEthernet 1/0/5 
# Create VLAN 10 and assign the three ports (GigabitEthernet 1/0/1 1 through GigabitEthernet 1/0/13) 
connecting the three data monitoring devices to VLAN 10. 
[DeviceA] vlan 10 
[DeviceA-vlan10] port gigabitethernet 1/0/11 to gigabitethernet 1/0/13 
[DeviceA-vlan10] quit 
# Configure VLAN 10 as the remote probe VLAN of remote source mirroring group 1. 
[DeviceA] mirroring-group 1 remote-probe vlan 10 
Layer 2 remote port mirroring configuration example 
Network requirements 
On the Layer 2 network shown in  Figure 36: 
•   D
evice A connects to the marketing department  through GigabitEthernet 1/0/1 and connects to 
the trunk port GigabitEthernet 1/0/1 of Device B through the trunk port GigabitEthernet 1/0/2. 
Device C connects to the server through GigabitEthernet 1/0/2 and connects to the trunk port 
GigabitEthernet 1/0/2 of Device B through the trunk port GigabitEthernet 1/0/1. 
•   Configure Layer 2 remote port mirroring to enable  the server to monitor the bidirectional traffic of 
the marketing department. 
Figure 36  Network diagram 
 
 
Configuration procedure 
1. Configure Device A (the source device):
    Add page 2396 to Favourites
    image text
    Enable zoom 
    							 95 
# Create a remote source group. 
 system-view 
[DeviceA] mirroring-group 1 remote-source 
# Create VLAN 2 as the remote probe VLAN. 
[DeviceA] vlan 2 
# Disable MAC address learning for the remote probe VLAN. 
[DeviceA-vlan2] mac-address mac-learning disable 
[DeviceA-vlan2] quit 
# Configure VLAN 2 as the remote probe VLAN of the mirroring group; configure GigabitEthernet 
1/0/1 as a source port and GigabitEthernet 1/0/ 2 as the egress port in the mirroring group. 
[DeviceA] mirroring-group 1 remote-probe vlan 2 
[DeviceA] mirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both 
[DeviceA] mirroring-group 1 monitor-egress GigabitEthernet 1/0/2 
# Configure output port GigabitEthernet 1/0/2 as a  trunk port to permit the packets of VLAN 2 to 
pass through, and disable the spanning tree feature on the port. 
[DeviceA] interface GigabitEthernet 1/0/2 
[DeviceA-GigabitEthernet1/0/2] port link-type trunk 
[DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 2 
[DeviceA-GigabitEthernet1/0/2] undo stp enable 
[DeviceA-GigabitEthernet1/0/2] quit 
2.  Configure Device B (the intermediate device): 
# Create VLAN 2 as the remote probe VLAN. 
 system-view 
[DeviceB] vlan 2 
# Disable MAC address learning  for the remote probe VLAN. 
[DeviceB-vlan2] mac-address mac-learning disable 
[DeviceB-vlan2] quit 
# Configure GigabitEthernet 1/0/1 as a trunk port  that permits the packets of VLAN 2 to pass 
through. 
[DeviceB] interface GigabitEthernet 1/0/1 
[DeviceB-GigabitEthernet1/0/1] port link-type trunk 
[DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 2 
[DeviceB-GigabitEthernet1/0/1] quit 
# Configure GigabitEthernet 1/0/2 as a trunk port  that permits the packets of VLAN 2 to pass 
through. 
[DeviceB-GigabitEthernet1/0/1] quit 
[DeviceB] interface GigabitEthernet 1/0/2 
[DeviceB-GigabitEthernet1/0/2] port link-type trunk 
[DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 2 
[DeviceB-GigabitEthernet1/0/2] quit 
3.  Configure Device C (the destination device): 
# Configure GigabitEthernet 1/0/1 as a trunk port  that permits the packets of VLAN 2 to pass 
through. 
 system-view 
[DeviceC] interface GigabitEthernet 1/0/1 
[DeviceC-GigabitEthernet1/0/1] port link-type trunk
    Add page 2397 to Favourites
    image text
    Enable zoom 
    							 96 
[DeviceC-GigabitEthernet1/0/1] port trunk permit vlan 2 
[DeviceC-GigabitEthernet1/0/1] quit 
# Create a remote destination group. 
[DeviceC] mirroring-group 1 remote-destination 
# Create VLAN 2 as the remote probe VLAN. 
[DeviceC] vlan 2 
# Disable MAC address learning for the remote probe VLAN. 
[DeviceC-vlan2] mac-address mac-learning disable 
[DeviceC-vlan2] quit 
# Configure VLAN 2 as the remote probe VLAN  of the mirroring group and GigabitEthernet 
1/0/2 as the monitor port of the mirroring  group, disable the spanning tree feature on 
GigabitEthernet 1/0/2, and assign the port to VLAN 2. 
[DeviceC] mirroring-group 1 remote-probe vlan 2 
[DeviceC] interface GigabitEthernet 1/0/2 
[DeviceC-GigabitEthernet1/0/2] mirroring-group 1 monitor-port 
[DeviceC-GigabitEthernet1/0/2] undo stp enable 
[DeviceC-GigabitEthernet1/0/2] port access vlan 2 
[DeviceC-GigabitEthernet1/0/2] quit 
4.  Verify the configurations. 
After the configurations are completed, you can mo nitor all the packets received and sent by the 
marketing department on the server.
    Add page 2398 to Favourites
    image text
    Enable zoom 
    							 97 
Configuring traffic mirroring 
•  Both bridge mode (Layer 2) and route mode (Layer  3) Ethernet ports support traffic mirroring. The 
term interface in this chapter collectively refers to these two types of ports. You can use the  port 
link-mode  command to set an Ethernet por t to operate in bridge or route mode (see  Layer 2—LAN 
Switching Configuration Guide ). 
•   Only the HP 5500 EI switch series supports configuring traffic mirroring on Layer 3 Ethernet 
interfaces. 
Introduction to traffic mirroring 
Traffic mirroring copies the specified packets to the specified destination for packet analyzing and 
monitoring. It is implemented through QoS policies . In other words, you define traffic classes and 
configure match criteria to classify packets to be mi rrored and then configure traffic behaviors to mirror 
packets that fit the match criteria to the specified destination. Traffic mirroring allows you to flexibly 
classify packets by defining match criteria and obtain accurate statistics.  
You can configure the traffic to be mirrored to  an interface, to a CPU, or to a VLAN.  
•   Mirroring traffic to an interface copies the ma tching packets to a destination interface.  
•   Mirroring traffic to a CPU copies the matching packets to a CPU.  
For more information about QoS policies, traffic classes, and traffic behaviors, see  ACL and QoS 
Configuration Guide . 
Traffic mirroring configuration task list 
 
Task Remarks 
Configuring match criteria  Required 
Configuring traffic 
mirroring of different types  Mirroring traffic to a port 
Required 
Perform
 at least one 
configuration. 
Mirroring traffic to the CPU 
Configuring a QoS policy  Required 
Applying a QoS policy  Apply a QoS policy to a port 
Required 
Perform one of 

these 
configurations 
Apply a QoS policy to a VLAN 
Apply a QoS policy globally 
Apply a QoS policy to the control plane 
 
Configuring match criteria 
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A
    Add page 2399 to Favourites
    image text
    Enable zoom 
    							 98 
Step Command Remarks 
2.  Create a class and enter class 
view.  traffic classifier
 tcl-name  [ operator 
{  and  | or } ]   By default, no traffic class exists.  
3.
  Configure match criteria. 
if-match match-criteria   By default, no match criterion is 
configured in a traffic class.  
 
For more information about the 
traffic classifier and if-match commands, see  ACL and QoS Command 
Reference . 
Configuring traffic mirroring of different types 
In a traffic behavior, you can configure only one type of traffic mirroring. 
Mirroring traffic to a port  
Step Command Remarks 
1.  Enter system view. 
system-view N/A 
2.  Create a behavior and enter 
behavior view.  traffic behavior 
behavior-name
  By default, no traffic behavior exists. 
For more information about the 
traffic 
behavior  command, see  ACL and QoS 
Command Reference . 
3.  Specify the destination 
interface for traffic mirroring.  mirror-to
 interface  
interface-type  
interface-number    By default, traffi
c mirroring is not 
configured in a traffic behavior. 
You can specify up to four destination 
interfaces by executing the  mirror-to 
interface  command repeatedly. 
 
Mirroring traffic to the CPU  
Step Command Remarks 
1.  Enter system view. 
system-view N/A 
2.  Create a behavior and enter 
behavior view.  traffic behavior 
behavior-name
  By default, no traffic behavior exists. 
For more information about the 
traffic 
behavior  command, see  ACL and QoS 
Command Reference . 
3.  Mirror traffic to the CPU. 
mirror-to cpu By default, no traffic mirroring is 
configured in a traffic behavior. 
 
 
NOTE: 
The CPU refers to the CPU of the device where  ports with traffic mirroring configured reside. 
 
Configuring a QoS policy
    Add page 2400 to Favourites
    image text
    Enable zoom 
    							 99 
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Create a policy and enter 
policy view.  qos policy
 policy-name   By default, no policy exists. 
3.  Associate a class with a traffic 
behavior in the QoS policy.  classifier 
tcl-name behavior 
behavior-name   By default, no traffic behavior is 
associated with a class.  
 
For more information about the 
qos policy and classifier  behavior  commands, see  ACL and QoS 
Command Reference . 
Applying a QoS policy 
For more information about applying a QoS policy, see  ACL and QoS Configuration Guide. 
Apply a QoS policy to a port 
By applying a QoS policy to an interface, you can mirror the traffic in a specified direction on the 
interface. A policy can be applied to multiple interf aces, but in one direction (inbound or outbound) of 
an interface, only one policy can be applied.  
To apply a QoS policy to a port: 
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A 
2.  Enter interface view or port 
group view. 
• Enter interface view: 
interface interface-type 
interface-number 
• Enter port group view: 
port-group manual 
port-group-name   Use either command 
Settings in interface view take 
effect on the current interface; 
settings in port group view take 
e f f e c t  o n  a l l  p o r t s  i n  t h e  p o r t  g r o u p .  
 
3.
  Apply a policy to the 
interface, all ports in the port 
group, or the PVC.  qos apply policy
 policy-name 
{  inbound  | outbound  }  For more information about the 
qos 
apply policy command, see  ACL 
and QoS Command Reference . 
 
Apply a QoS policy to a VLAN 
You can apply a QoS policy to a VLAN to mirror the traffic in a specified direction on all ports in the 
VLAN.  
To apply the QoS policy to a VLAN: 
 
Step Command 
1.  Enter system view. 
system-view 
2.  Apply a QoS policy to a VLAN.  qos vlan-policy
 policy-name  vlan vlan-id-list  { inbound  | 
outbound  } 
 
For more information about the  qos vlan-policy command, see  ACL and QoS Command Reference .
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide