3.
Configure two Layer 2 port-mirroring firewall filters, both for VLAN traffic and with
one of the filters explicitly referencing one of the named instances of Layer 2 port
mirroring:
•
Configure the filter pm_filter_1 to use the Layer 2 port-mirroring properties configured
in the named port-mirroring instance pm_instance_1. To refer to the Layer 2 port
mirroring properties configured in a particular named instance of port mirroring, use
the port-mirror-instance port-mirroring-instance-name statement.
•
Configure the filter pm_filter_2 to use the Layer 2 port mirroring properties in effect
on the underlying physical interface of the logical interface to which the filter is
applied. To refer to the Layer 2 port mirroring properties in effect on the underlying
physical interface, use the port-mirror statement. If two instances of port mirroring
are bound to that port, then the firewall filter uses the first instance bound within
the [edit chassis fpc slot-number] or [edit chassis fpc slot-number pic slot-number]
hierarchy level.
[edit]
firewall {
family ethernet-switching {
filter pm_filter_1 {
term pm {
then port-mirror-instance pm_instance_1;
}
}
filter pm_filter_2 {
term pm {
then port-mirror;
}
}
}
}
NOTE: Because the port-mirror filter action modifier relies on the
port-mirroring properties defined at the [edit forwarding-options
port-mirroring] hierarchy level, the port-mirror filter action is not supported
for logical systems.
4.
Apply the two Layer 2 port-mirroring firewall filters to logical interfaces on interface
ge-2/0/1:
[edit]
interfaces {
ge-2/0/1 {
flexible-vlan-tagging;
encapsulation ethernet-bridge;
unit 0 {
vlan-id 201;
family ethernet-switching {
filter { # Explicitly references a named instance of port mirroring.
input pm_filter_1;
}
}
}
unit 1 {
Copyright © 2016, Juniper Networks, Inc.38
Port Mirroring Feature Guide for EX9200 Switches
To Next Page
Loading...
