mirroring on huawei AR19/29/49 routers

Download as PDF

If you want to look into packets sent or received by a router, and there is no possible to display them by command, the simplest and fastest way is to use mirroring. Unfortunately, in case of AR routers, you have to go on-site to connect packets’ analyser (for example Wireshark). Comparing to NE routers, AR routers do not support remote mirroring.

There are two types of mirroring on AR routers:

port mirroring

Port mirroring is to copy all packets from mirroring port to another port, which is called monitor port. Monitor port is that where a monitoring device is connected to. AR routers support local port mirroring for inbound and outbound direction.

traffic mirroring

Traffic mirroring is to copy specified packets, by QoS policy, to a specific destination and send them to an interface for analysis. Traffic mirroring is supported on AR29 and AR49 routers.

example of port mirroring configuration (system-view):

Create a local mirroring group:

[labnario] mirroring-group 1 local

Configure mirroring port (source port):

[labnario] mirroring-group 1 mirroring-port ethernet 1/2 inbound

Finally configure monitor port for local mirroring group:

[labnario] mirroring-group 1 monitor-port ethernet 1/1

Connect packets’ analyser to ethernet 1/1 and capture packets.
You can also configure port mirroring in interface view. The result is the same.

example of traffic mirroring configuration:

Let’s assume that we have a host, with IP 10.255.1.10, connected to interface ethernet 1/2 of AR29 router. What we want to do is to monitor all packets being received from this host. As monitor port we will use interface ethernet 1/3.

Create ACL to permit all packets from source IP address 10.255.1.10:

[labnario] acl number 2100
[labnario-acl-basic-2100] rule permit source 10.255.1.10 0

Configure traffic classifier that match ACL 2100:

[labnario] traffic classifier mirroring
[labnario-classifier-mirroring] if-match acl 2100

Configure traffic behavior that mirrors traffic to interface ethernet 1/3:

[labnario] traffic behavior mirroring
[labnario-behavior-mirroring] mirror-to interface ethernet 1/3

Bind traffic classifier with traffic behavior to create qos policy and apply this policy to ethernet 1/2 as inbound:

[labnario] qos policy mirroring
[labnario-qospolicy-mirroring] classifier mirroring behavior mirroring
[labnario-qospolicy-mirroring] quit
[labnario] interface ethernet 1/2
[labnario-Ethernet1/2] qos apply policy mirroring inbound

Connect packets’ analyser to ethernet 1/3 and capture packets.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s