Flow mirroring configuration example, Network requirements, Configuration procedure – H3C Technologies H3C S6300 Series Switches User Manual

183

Flow mirroring configuration example

Network requirements

As shown in

Figure 61

, configure flow mirroring so that the server can monitor the following traffic:

•

All traffic that the Technical department sends to access the Internet.

•

IP traffic that the Technical department sends to the Marketing department during working hours
(8:00 to 18:00) on weekdays.

Figure 61 Network diagram

Configuration procedure

# Create a working hour range work, in which the working hour is from 8:00 to 18:00 on weekdays.

system-view

[DeviceA] time-range work 8:00 to 18:00 working-day

# Create ACL 3000 to allow packets from the Technical department to access the Internet and to the
Marketing department during working hours.

[DeviceA] acl number 3000

[DeviceA-acl-adv-3000] rule permit tcp source 192.168.2.0 0.0.0.255 destination-port eq

www

[DeviceA-acl-adv-3000] rule permit ip source 192.168.2.0 0.0.0.255 destination

192.168.1.0 0.0.0.255 time-range work

[DeviceA-acl-adv-3000] quit

# Create traffic class tech_c, and configure the match criterion as ACL 3000.

[DeviceA] traffic classifier tech_c

[DeviceA-classifier-tech_c] if-match acl 3000

[DeviceA-classifier-tech_c] quit

# Create traffic behavior tech_b, configure the action of mirroring traffic to port Ten-GigabitEthernet
1/0/3.

[DeviceA] traffic behavior tech_b