交换机端口镜像配置大全【汇集22个各种品牌交换机】.docx

交换机端口镜像配置大全【汇集22个各种品牌交换机】1、思科（CISCO）交换机1.1配置镜像（SPAN）端口Switch(config)# monitor session 1 source interface fastethernet 4/10Switch(config)# monitor session 1 filter vlan 57Switch(config)# monitor session 1 destination interface fastethernet 4/15如果想释放该SPAN 任务，输入如下命令：Switch(config)# no monitor session 1以下语句显示如何检验SPAN 任务的配置结果：Switch# show monitor session 2在配置镜像端口(SPAN)过程中，还应考虑到数据流量过大时，设备的处理速度及端口数据缓存的大小，要尽量减少被监控数据包的丢失。1.2 Catalyst 2550/2950/3550/3560/3560-E/3570-E旧交换机系统命令：Switch(config)# int fa0/1Switch(config-if)# port monitor fastEthernet0/2新交换机系统命令：Switch show interfacesSwitch enablePassword: ciscoSwitch# configure terminalSwitch(config)# monitor session 1 source interface fastethernet 0/17Switch(config)# monitor session 1 destination interface fastethernet 0/2Switch(config)# endSwitch# show monitor session 1 -查看镜像Switch# no monitor session 1 -清空镜像Switch# show running-config -查看运行配置Switch# copy running-config startup-config -保存到配置文件如果用 display mirror 命令看到ingress:disabled，说明划分了VLAN，源数据中包含了目的端口所在的VLAN。假设目的端口在VLAN1：Switch(config)# monitor session 1 filter vlan 1或者Switch(config)# monitor session 1 destination interface fasternet 0/20 ingress vlan 11.3 Catalyst 4000/4500/4900进入配置模式：Switch# enableSwitch# password cisco -默认为ciscoSwitch# configure terminal举例配置： FastEthernet2/3为源端口，FastEthernet5/48为目的端口Switch(config)# monitor session 1 source interface fa 2/3 (rx|tx|both)Switch(config)# monitor session 1 destination interface fa 5/48当源端口是trunk interface 时，监控VLAN 1-5 和VLAN 9Switch(config)# monitor session 2 fiter vlan 1-5,9当监控FastEthernet 4/10是trunk interface 带着VLAN 1-1005，如果只想监控VLAN57的数据，fastethernet 4/15为目的端口Switch(config)# monitor session 1 source interface fastethernet 4/10Switch(config)# monitor session 1 filter vlan 57Switch(Config)# monitor session 1 destination interface fastethernet 4/151.4 Cisco catylist2820有2 个菜单选项先进入menu 选项，enable port monitor进入cli 模式，enconf termInterface fast 0/x -镜像口port monitor fast 0/x -被镜像口exitwr2、华为交换机2.1 华为NE803/0/2的数据镜像到3/0/0 和3/0/1中NE80-C(config)#observing-port ethernet3/0/0NE80-C(config)#observing-port Ethernet3/0/1NE80-C(config)#port-mirroring ethernet3/0/2 both ethernet3/0/0 ethernet3/0/1注：如果只想镜像出口或入口可以将both改为egress或ingress2.2 华为3900Quidway interface Ethernet 1/0/4Quidway-Ethernet1/0/1 monitor-portQuidway-Ethernet1/0/1 quitQuidway interface Ethernet1/0/1Quidway-Ethernet1/0/1 mirroring-port bothQuidway-Ethernet1/0/1 quit2.3 华为S6500/S7500将1/0/11/0/3端口镜像到1/0/4Quidwaysystem-viewQuidwaymirroring-group 1 inbound Ethernet 1/0/1 to Ethernet1/0/3 mirrored-to Ethernet1/0/4Quidwaymirroring-group 1 outbound ethernet1/0/1 to Ethernet1/0/3 mirrored-to Ethernet1/0/4取消镜像Quidwayundo mirroring-group 12.4 Quidway 2008/2016/3026/2403HQuidway(config)# monitor-port e 0/18 -镜像口Quidway(config)# monitor e 0/3 -被镜像口上述两条命令与下面一条等效Quidway(config)# monitor e 0/3 observing-port e0/18查看镜像端口信息Quidway(config)# show monitor2.5 Quidway 3526Quidway(config)#monitor-port Ethernet 0/24 -监控口将从 Ethernet0/1输出的业务流镜像到监控口Quidway(config)#rule-map 12 rule1 ingress Ethernet 0/1 egress any将从 Ethernet0/1输入的业务流镜像到监控口Quidway(config)#rule-map 12 rule2 ingress any egress Ethernet 0/1注：（rule1/rule2）为rule 名称，两个规则名称不能相同，否则后配置规则覆盖先配置的规则，any定义对端口Ethernet0/1的所有(出/入)的业务流进行监控。3、H3C 交换机3.1 H3C S2008/S2016/S2026/S2403H/S3026方法一：SwitchAsystem-viewSwitchAmonitor-port 0/8 -(观测)端口SwitchAport mirror Ethernet 0/1 to Ethernet 0/2 -被镜像端口方法二：SwitchAsystem-viewSwitchAport mirror Ethernet 0/1 to Ethernet 0/2 observing-port Ethernet 0/83.2 H3C S3100system-viewH3Cmirroring-group 1 localH3Cmirroring-group 1 monitor-port Ethernet 1/0/4 -镜像口H3Cmirroring-group 1 mirroring-port Ethernet 1/0/1 both -被镜像口3.3 H3C S3500system-viewH3Cmirroring-group 1 localH3Cmirroring-group 1 mirroring-port Ethernet 1/0/1 to Ethernet 1/0/5 both3.4 H3C S3600方法一：system-viewH3Cmirroring-group 1 localH3Cinterface Ethernet 1/0/4H3C-Ethernet1/0/4monitor-port -设置为镜像口H3C-GigabitEthernet1/0/4quitH3Cinterface Ethernet 1/0/1H3C-GigabitEthernet1/0/1mirroring-port both -设置为被镜像口H3C-GigabitEthernet1/0/1quitH3Csave -(Y/N)保存名称方法二：system-viewH3Cmirroring-group 1 localH3Cmirroring-group 1 monitor-port GigabitEthernet 1/0/4H3Cmirroring-group 1 mirroring-port GigabitEthernet 1/0/1 both4、3COM 交换机4.1 3com 440024端口监控9端口Select menu option(feature/rovingAnalysis):addSelect analyzer port(unit:port,?): 1:24Select menu option(feature/rovingAalysis):startSelect port to monitor(unit:port,?): 1:9Select menu option(feature/rovingAnalysis):summary注：命令（add、start、remove、summary）4.2 3com 3500/3026E/3026F/3050/S3526system-viewswitchac1 num 4000 -定义一条扩展访问控制列表定义对 e0/2口出/入进行监控switch-ac1-4000rule 0 permit ingress interface Ethernet 0/2 egress anyswitch-ac1-4000rule 1 permit ingress any egress interface Ethernet 0/2switch-ac1-4000quit定义 e0/1监控口switchmirrored-to link-group 4000 rule 0 interface Ethernet 0/1switchmirrored-to link-group 4000 rule 1 interface Ethernet 0/1或switchmirrored-to link-group 4000 interface Ethernet 0/14.3 3com 4900 family配置分析端口Feature rovingAlysis addThe following prompt is displayed:Select analyzer port(unit:port,?): 1:10配置被监控端口Feature rovingAlysis startThe following prompt is displayed:Select unit to monitor(unit:port,?): 1:12检查配置Feature rovingAnalysis summary5、D-Link 交换机5.1 D-Link 3226DES-3226S:4#config mirror port 1 add source ports 2 bothDES-3226S:4#show mirrorDES-3226S:4#enable mirrorDES-3226S:4#config port mirroring source port b target port 16、Tp-Link交换机7、北电交换机7.1 Nortel 1100/2000支持一组镜像、2个source 、1个destination 默认用户名/密码12/12ConfigMirrorInput1(mod/port)enableInput2(mod/port)enableOutput(mod/port)enableSave configure ture7.2 Nortel 8000 series默认用户名/密码rwa/rwaConfig diag mirror-by-port 1 create in-port 2/4 out-port 2/1Config diag mirror-by-port 1 enable tureConfig diag mirror-by-port 1 mode both | tx | rxSave configDiag mirror-by-port 1 info -查看第1号镜像注：Nortel 镜像功能通常是rx，不支持both（看CPU而定）8、锐捷交换机Switch#configure terminalSwitch(config)#monitor session 1 source interface fastEthernet 0/10 bothSwitch(config)#monitor session 1 destination interface fastEthernet 0/2Switch(config)show monitor session 1Switch#show running-config -显示当前所有配置Switch#no monitor session 1 -取消镜像session 19、Intel交换机Navigation菜单- Statistics - Mirror Ports - Mirror Ports对话框Configure Source - Mirror Ports Configuration - Apply(确定)三种监听模式：1、连续（Always）：镜像全部流量2、周期（Periodic）：在一定周期内镜像全部流量。周期在Sampling interval configuration中设置3、禁止（Disabled）:关闭流量镜像10、Avaya交换机设置端口监听：set port mirror source-port mirror-port samplingalways | disable | periodicmax-packets-sec piggyback-portMod-port-range：指定端口范围Mod-port-spec：指定特定端口Piggyback-port：指定双向镜像的端口Sampling：指定镜像周期Max-packets-sec：指定监听口每秒最多的数据报数量(仅在sampling设置为periodic时)禁止端口监听：clear port mirror11、港湾交换机11.1 flax24Harbour(config)#Harbour(config)# config mirroring 1Harbour(config)#config mirroring 1 add port 5 (or 5-10) -被镜像口Harbour(config)#config mirroring 1 to 13 -镜像口Harbour(config)#show mirroringHarbour(config)#save configuration11.2 港湾6802Interface Ethernet 1/11Mirror ingress 1/10 egress 1/10ExitExtreme alpine 3802Alpine3804:#enable mirroring to port 2:10Alpine3804:#configure mirror add port 2:32Alpine3804:#configure mirror add port 2:1注：如果监控端口与被监控端口不在一个控制器（一组端口）中的话，只能抓到进口包，出口包抓不到11.3 BigHammer 6808设置镜像(板槽1,1端口监控2口接收、3口接收和发送、4口发送的数据)Harbour(config)#interface Ethernet 1/1Harbour(config-if-eth1/1)#mirror ingress 1/2,1/3 egress 1/3-4取消镜像Harbour(config)#interface Ethernet 1/1Harbour(config)#no mirror11.4 NetHammerM128(8口)将端口2、3接收到目的地址为00:11:22:33:44:55的报文镜像到1号口：Router(config-if-swi)#config mirror to 1Router(config-if-swi)#config mirror monitor all add 2-3Router(config-if-swi)#config mirror mode all dest 00:11:22:33:44:55Router(config-if-swi)#11.5 港湾5210Harbour5210(config)#interface Ethernet 1/4Harbour5210(config-if-eth1/4)#mirro ingress 1/24 egress 1/2411.6 港湾FLEX HAMMER 5010HarbourenablePassword:harbour -默认为harbourHarbour(config)#config mirroring 1 to 5Harbour(config)#config mirroring 1 add port 6 (or 6-10) egressHarbour(config)#config mirroring 1 add port 6 (or 6-10) ingressHarbour(config)#show mirror12、DELL 交换机12.1 DELL 5224Console#confConsole(config)#interface Ethernet 1/19 -镜像口Console(config-if)#port monitor Ethernet 1/7 tx -被镜像口tx、rx、bothConsole#show port moni -查看镜像Console(config)#interface Ethernet 1/19 -删除镜像Console(config-if)#no port monitor Ethernet 1/7 -删除镜像13、NetCore交换机进入NetCore超级终端-主菜单中输入5进入端口镜像设置-输入1设置镜像端口状态配置命令如下：1、选择配置的选项（1.off，2.Rx，3.Tx，4.Both）: 42、选择捕获端口：13、选择被镜像端口：8注：NETGEAR 增强型智能交换机有Web设置界面（在Monitoring选项卡中）14、中兴交换机14.1 2826/2826E/2618Zte(cfg)#set mirror add port 1,16 -添加被镜像端口Zte(cfg)#set mirror monitorport 24 -设置监听端口Zte(cfg)#set mirror type ingress -设置监听类型ingress | egress | allZte(cfg)#set mirror enable -开启镜像Zte(cfg)#show mirror -查看镜像Zte(cfg)#set mirror delete port 1,16 -删除被镜像口Zte(cfg)#set mirror disable -关闭镜像14.2 T16S/T16C/T32C/T64CPort mirroring monitor-port target-port |target-profile 注：不支持端口对端口的镜像，只支持对整个WAN卡配置端口镜像14.3 T160G/T64GZXR10(config)#interface gei_1/1 -被镜像口(rx)ZXR10(config-if)#monitor session 1 source direction rxZXR10(config)interface gei_1/2 -被镜像口(both)ZXR10(config-if)#monitor session 1 sourceZXR10(config)#interface gei_3/3 -监控口ZXR10(config-if)#monitor session 1 destinationZXR10(config)#show monitor session 1注：最多支持8组镜像，每组最多支持8个被镜像口15、Extreme交换机Extreme 4.1 及以上版本enable | disable mirroring on portConfigure mirroringadd | deletevlan | portExtreme 4.1 以下版本enable mirror to port 1 -镜像口config mirror add port 3 -被镜像口port | vlandisable mirror -关闭镜像config mirror del 3 -取消对该端口镜像port| vlanshow mirror -显示镜像设置16、Foundry 交换机Interface port monitorrx | tx | both17、Juniper交换机17.1 Juniper M系列/T 系列# show forwarding-options port-mirroringinputfamily inet;rate ; run-length ;output interface | next-hop;no-filter-check;注：端口镜像的风险，加重交换机负载，造成设备不稳定，在某些情况下会对包；比如，由于多个源端口镜像到一个目的端口，目的端口无法处理造成丢包18、凯创交换机19、神州数码交换机19.1 3526S/3926SSwitch(Config)#monitor session 1 source interface e 1,2-4 tx -tx,rx,bothSwi