3. Attach the firewall filter to the VLAN.
[edit interfaces]
interface-name {
unit interface-unit-number {
family ethernet-switching {
filter {
input filter-name;
}
vlan-id number;
encapsulation vlan-bridge;
}
}
}
Configuring the Output as VLAN with the no-tag Option
You can configure flow mirroring on the ACX5000 line of routers by configuring the output
as VLAN without any additional VLAN (bridge domain) tag. Use the no-tag CLI statement
as shown in the following configuration:
1. Configure the output as VLAN without any additional VLAN (bridge domain) tag by
using the no-tag CLI statement.
[edit forwarding-options]
port-mirroring {
family ethernet-switching {
output {
vlan vlan-name; {
no-tag;
}
}
}
}
2. Configure the firewall filter and specify the action as mirror or mirroring instance.
[edit firewall]
family ethernet-switching {
filter filter-name {
term rule-name {
from {
match-conditions;
}
then (port-mirror | port-mirror-instance instance-name);
}
}
}
3. Attach the firewall filter to the VLAN.
[edit interfaces]
interface-name {
unit interface-unit-number {
family ethernet-switching {
Copyright © 2017, Juniper Networks, Inc.1394
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
