Mirroring is to copy packets matching the specified rule to the mirroring destination port. Generally, the destination port is connected to the data detection device. Users can analyze the mirrored packets, monitor the network, and troubleshoot faults. Mirroring is divided into port mirroring, remote port mirroring, and flow mirroring.
10.1 Port Mirroring
Port mirroring, which is used to copy the packets received or sent on the specified port to the mirroring destination port. OLT supports one-to-one and many-to-one mirroring, which can support multiple mirroring sources.
mirrored: it can be a port or a packet that the CPU receives or sends.
mirror: For the OLT, the destination port of the mirror can only be one. If the mirroring destination port is configured, only the mirroring destination port of the last configuration takes effect.
10.1.1
Configure Port Mirroring
Configuring Port Mirroring
operation command remark
Enter global configuration
mode configure terminal - Configure mirrored mirror source-interface } {ingress | egress | both}{{ethernet | pon} port-number| cpu
Required; You can configure multiple mirroring source ports Configure mirror mirror destination-interface {ethernet | pon} port-number
Required; You can specify only one mirroring destination port Delete a mirroring group
no mirror {soure-interface {cpu | {ethernet | pon} port- number } | destination-interface ethernet device/slot/port |
all } optional
Display mirroring groups show mirror optional
10.1.2
Configuration Example for Port Mirror
1.Network requirementsMirror the packet of CPU, e 0/1, e 0/2to e 0/4. 2.Configuration steps
OptiWay(config)#mirror source-interface cpu both
OptiWay(config)#mirror source-interface ethernet 0/1 both OptiWay(config)#mirror source-interface ethernet 0/2 both OptiWay(config)#mirror destination-interface ethernet 0/4 3.Result Validation
OptiWay(config)#show mirror Information about mirror port(s) The monitor port : e0/4
The mirrored egress ports : cpu,e0/1-e0/2. The mirrored ingress ports : cpu,e0/1-e0/2.
132
The packet of CPU, e 0/1, e 0/2 can be mirrored to port e 0/4.
10.2 RSPAN
RSPAN, that is, Remote Switched Port Analyzer, breaks the restriction that mirrored ports and mirror ports must be on the same OLT. RSPAN allows mirrored and mirrored ports to span multiple devices in the network, facilitating the management of remote OLT devices.
There are three types of OLTs that can implement RSPAN functions:
Source OLT: The OLT where the monitored port resides is responsible for forwarding the traffic to the intermediate OLT or the destination OLT via rspan vlan.
Intermediate OLT: OLTs between the source OLT and the destination OLT transmits the mirrored traffic to the next intermediate OLT or destination OLT through the rspan vlan. If the source OLT is directly connected to the destination OLT, there is no intermediate OLT.
Destination OLT: The OLT where the remote mirroring destination port located forwards the mirrored flow received from the rspan vlan to the monitoring device through the mirroring destination port
The ports that participate in mirroring on each OLT are shown in the following table: The ports that participate in mirroring on each OLT
OLT participate in mirroringThe ports that Function
Source OLT
Source port
The monitored user port copies the user data packets to the specified local destination port through local port mirroring.There can be multiple source ports. Destination port of local
mirror to receive theuser data packet of local port mirror
Intermediate OLT Trunkport
forward the mirrored packets to the destination OLT On the intermediate OLT, it is recommended to configure two trunk ports, which are connected to the devices on both sides
Destination OLT Trunkport to receive remote mirror packets Destination port Monitor port for remote mirror packets
In order to implement remote port mirroring, you need to define a special VLAN, called rspan vlan.All the mirrored packets are transmitted from the source OLT of this VLAN to the mirroring port of the destination OLT to monitor the source packets of the remote OLT port based on the destination OLT.
Rspan vlan has the following characteristics:
It is recommended that you configure the device interconnection ports in the VLAN as trunk ports.
You cannot configure the default VLAN and management VLAN as rspan vlan.
You need to configure the rspan vlan to ensure Layer2 interoperability from source OLT to destination OLT.
10.2.1
Configure Remote Port Mirror
Source device configurations
operation command remark
133
configuration mode Configure the local
mirror source mirror source-interface | egress | both} {{ethernet | pon} port-number | cpu} {ingress required Configure the
destination port for local mirror
mirror destination-interface {ethernet | pon} port-number required Enable remote
mirror remote_mirror required
Configure the remote mirror source VLAN
remote_mirror rspan enable vlan vlan-id required
Verify the operation show remote_mirror optional
Note:
remote_mirror rspan enable vlanis for the source mirroring device. Only one remote source vlan can be configured on a device.
intermediate deviceconfigurations
operation command remark
Enter global
configuration mode configure terminal -
Configure the remote mirror VLAN
remote_mirror rspan disable vlan vlan-id required
Verify the operation show remote_mirror optional
Note:
remote_mirror rspan disable vlanis for the intermediate mirror device and it can configure multiple remote mirroring vlans.A device can either be a mirrored source device or an intermediate device.
destination deviceconfigurations
operation command remark
Enter global
configuration mode configure terminal -
Configure the remote mirror
VLAN remote_mirror rspan disable vlan vlan-id required
Verify the operation show remote_mirror optional
10.2.2
Configuration Example for Remote Port Mirroring
1.Network requirementsThe packets from Device 1 on port 1 can be mirrored to port 8 on Device 3. Network diagram is as follows:
2.Configuration steps #Device1 configurations:
OptiWay(config)#mirror source-interface ethernet 0/1 both OptiWay(config)#mirror destination-interface ethernet 0/2 OptiWay(config)#vlan 100
134
OptiWay(config)#interface ethernet 0/2
OptiWay(config-if-ethernet-0/2)#switchport mode trunk OptiWay(config)#remote_mirror
OptiWay(config)#remote_mirror rspan enable vlan 100 #Device2configurations:
OptiWay(config)#vlan 100
OptiWay(config-if-vlan)#switchport ethernet 0/2 ethernet 0/4 OptiWay(config-if-vlan)#exit
OptiWay(config)#interface ethernet 0/4
OptiWay(config-if-ethernet-0/4)#switchport mode trunk OptiWay(config-if-ethernet-0/4)#exit
OptiWay(config)#remote_mirror rspan disable vlan 100 #Device3configurations:
OptiWay(config)#vlan 100
OptiWay(config-if-vlan)#switchport ethernet 0/4 ethernet 0/8 OptiWay(config-if-vlan)#exit
OptiWay(config)#remote_mirror rspan disable vlan 100 3.Result Validation
The packets from Device 1 on port 1 can be mirrored to port 8 on Device 3.
10.3 Flow Mirror
Flow mirror is to copy the service flow matching ACL rules to the specified destination port for packet analysis and monitoring. Before configuring flow mirror, you need to define the ACL rules that meet the requirements. The device references these ACL rules for flow identification.
10.3.1
Configure Flow Mirror
Configure Flow Mirror
operation command remark
Enter global configuration
mode configure terminal - Configure flow
mirror mirrored-to127>] {ip-group<1-199>|link-group<200-299>[subitem<0- required Remove flow
mirror no mirrored-to127>] {ip-group<1-199>|link-group<200-299> } [subitem<0- optional Verify the
operation show mirror optional
10.3.2
Configuration Example for Flow Mirror
1.Network requirementsMirror the packets whose source IP address is 10.1.1.1 to e 0/7. 2.Configuration steps
OptiWay(config)#access-list 100 permit 10.1.1.1 0 any OptiWay(config)#mirror destination-interface ethernet 0/7 OptiWay(config)#mirrored-to ip-group 100
3.Result Validation
136