Beruflich Dokumente
Kultur Dokumente
Full spelling
IDS
VLAN
1/16
Table of Contents
1 Feature Overview ........................................................................................................................... 3
2 Application Scenarios ..................................................................................................................... 3
3 Configuration Guidelines ................................................................................................................ 3
4 Example of Port Mirroring with Multiple Monitor Ports ................................................................... 5
4.1 Network Requirements ........................................................................................................ 5
4.2 Configuration Considerations .............................................................................................. 5
4.3 Software Version Used ........................................................................................................ 5
4.4 Configuration Procedures .................................................................................................... 6
4.4.1 Configuration on Device A ........................................................................................ 6
4.4.2 Verification................................................................................................................. 8
5 Example of Port Mirroring with Multiple Source Devices ............................................................... 8
5.1 Network Requirements ........................................................................................................ 8
5.2 Configuration Considerations .............................................................................................. 9
5.3 Software Version Used ........................................................................................................ 9
5.4 Configuration Procedures .................................................................................................... 9
5.4.1 Configuration on Device A ...................................................................................... 10
5.4.2 Configuration on Device B ...................................................................................... 11
5.4.3 Configuration on Device C ...................................................................................... 13
5.4.4 Verification............................................................................................................... 15
6 References ................................................................................................................................... 16
2/16
1 Feature Overview
Port mirroring is to copy the packets passing through a port (called a mirroring port) to
another port (called the monitor port) connected with a monitoring device for packet
analysis.
Port mirroring can be local or remote. In local port mirroring, the mirroring port or
ports and the monitor port are located on the same device. In remote port mirroring,
the mirroring port or ports and the monitor port can be located on different devices,
and between them there may be multiple network devices.
Port mirroring is implemented through port mirroring groups. A port mirroring group
may include the mirroring port(s), monitor port, reflector port, and remote probe VLAN.
For detailed description, refer to Port Mirroring Configuration in the Access Volume.
2 Application Scenarios
Network traffic monitoring is needed for packet analysis or IDS deployment (as well
as for a network analyzer). However, monitoring all the traffic in a large switching
network is difficult, so that you can configure port mirroring to copy the traffic of a port
or ports to a specific port for network traffic monitoring.
3 Configuration Guidelines
During configuration, note the following:
z
Status of mirroring groups. Port mirroring can take effect only when the
mirroring groups are in the active state. You can know whether a mirroring
group is active by viewing the mirroring group information. A mirroring group is
in the active state if it has the required smallest complete configuration and the
ports used in the smallest configuration are valid ports. The required smallest
complete configuration is different for different mirroring group types. For
example, for a local mirroring group, the smallest complete configuration is that
the group has at least one mirroring port and one monitor port; for a remote
source mirroring group that needs a reflector port, the smallest complete
configuration is that the group has at least one mirroring port, a remote probe
VLAN, and a reflector port; for a remote source mirroring group that needs no
3/16
reflector port, the smallest complete configuration is that the group has at least
a mirroring port and a remote probe VLAN.
z
Validity of mirroring ports. At present, the validity mainly refers to the Combo
port validity, for Combo ports may be disabled. If the port in the smallest
complete configuration is a disabled Combo port, the mirroring group will be
inactive. If you enable the Combo port, the mirroring group will automatically
turn active. Likewise, if you disable the Combo port in the active mirroring group,
the group will become inactive.
4/16
Analyzer
GE1/0/27
Internet
GE1/0/25
GE1/0/28
Device A
IDS
Figure 1 Network diagram for port mirroring with multiple monitor ports
Configure a remote source mirroring group and make sure the group is in the
active state.
5/16
COMWAREV500R002B41D001.
Note:
z
The following configuration was created from the devices in a specific lab
environment. All of the devices used in this document started with a default
configuration. If you have configured your device, make sure the existing
configuration does not conflict with the following configuration.
# Create VLAN 2.
[DeviceA] vlan 2
[DeviceA-vlan2] quit
2)
6/16
7/16
4.4.2 Verification
You can see the traffic coming from the Internet on both the analyzer and the IDS,
that is, the port mirroring function has taken effect. At this time, you can analyze
Internet traffic and detect Internet intrusion simultaneously.
Internet
GE1/0/25
GE1/0/27
Device C
GE1/0/25
GE1/0/27
GE1/0/26
Analyzer
GE1/0/27
LAN
GE1/0/25
Device B
Figure 2 Network diagram for port mirroring with multiple source devices
8/16
On Device A, configure the port connected with Device C, allowing only the
remote probe VLAN of Device A.
On Device B, configure the port connected with Device C, allowing only the
remote probe VLAN of Device B.
On Device C, configure the port connected with Device A, allowing only the
remote probe VLAN of Device A.
On Device C, configure the port connected with Device B, allowing only the
remote probe VLAN of Device B.
On Device C, configure the port connected with the analyzer, allowing only the
remote probe VLANs of Device A and Device B.
Note:
z
The following configuration was created from the devices in a specific lab
environment. All of the devices used in this document started with a default
configuration. If you have configured your device, make sure the existing
configuration does not conflict with the following configuration.
9/16
# Create VLAN 2.
[DeviceA] vlan 2
[DeviceA-vlan2] quit
2)
10/16
11/16
# Create VLAN 3.
[DeviceB] vlan 3
[DeviceB-vlan2] quit
2)
12/16
2)
13/16
3)
4)
14/16
5.4.4 Verification
You can see the traffic coming from both the Internet and the LAN on the analyzer,
that is, the port mirroring function has taken effect.
15/16
6 References
z
Copyright 2007-2008 Hangzhou H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of
Hangzhou H3C Technologies Co., Ltd.
The information in this document is subject to change without notice.
16/16