10/07/2018

Huawei – Observe (SPAN) Port

To configure a Observe Port on a Huawei S5720, S6720, … switch, just do the following:

 

[S5300]observe-port 1 interface gig0/0/3
[S5300]
[S5300]
[S5300]int gig0/0/20
[S5300-GigabitEthernet0/0/20]port-mirroring to observe-port 1 both
[S5300-GigabitEthernet0/0/20]q
[S5300]
[S5300]
[S5300]dis observe-port
  ----------------------------------------------------------------------
  Index          : 1
  Untag-packet   : No
  Interface      : GigabitEthernet0/0/3
  ----------------------------------------------------------------------
[S5300]
[S5300]
[S5300]dis port-mirroring
  ----------------------------------------------------------------------
  Observe-port 1 : GigabitEthernet0/0/3
  ----------------------------------------------------------------------
  Port-mirror:
  ----------------------------------------------------------------------
       Mirror-port               Direction  Observe-port
  ----------------------------------------------------------------------
  1    GigabitEthernet0/0/20     Inbound    Observe-port 1
  2    GigabitEthernet0/0/20     Outbound   Observe-port 1
  ----------------------------------------------------------------------
[S5300]

 

ATTENTION: I was sending the traffic seen on the observe-port to a spare NIC on my ESXi. I was not able to see anything beside some switch generates packets. I had to change the VLAN ID of the vSwitch to 4095 to see the traffic inside my (ntopng) VM! Some more information about VLAN 4095: https://nsxstack.wordpress.com/2014/08/10/vlan-id-4095-in-vmware/