filter {
input filter-name;
}
vlan-id number;
encapsulation vlan-bridge;
}
}
}
NOTE: In this method, the mirrored packet does not have any VLAN tags
associated with the packet.
Configuring the Family as inet and Specifying the Output as Next-Hop IP Address
You can configure flow mirroring on the ACX5000 line of routers by configuring the family
as inet and specifying the output as the next-hop IP address as shown in the following
configuration:
1. Configure the output as the next-hop IP address.
[edit forwarding-options]
port-mirroring {
family inet {
output {
ip-address ip-address;
}
}
}
2. Configure the firewall filter and specify the action as mirror.
[edit firewall]
family inet {
filter filter-name {
term rule-name {
from {
match-conditions;
}
then port-mirror;
}
}
}
3. Attach the firewall filter to the IP address of the packets in the inet family.
[edit interfaces]
interface-name {
unit interface-unit-number {
vlan-id number;
family inet {
ip-address ip-address;
filter {
1395Copyright © 2017, Juniper Networks, Inc.
Chapter 38: Configuring Port, VLAN, and Flow Mirroring
To Next Page
Loading...
