The value of the family option can be ethernet-switching, ccc, or vpls.
2.
Enable configuration of a firewall filter pm-filter-name:
[edit firewall family family]
user@host# edit filter pm-filter-name
3.
Enable configuration of a firewall filter term pm-filter-term-name:
[edit firewall family family filter pm-filter-name]
user@host# edit term pm-filter-term-name
For more information about firewall filter terms in general (including in a Layer 3
environment), see Guidelines for Configuring Firewall Filters in the Routing Policies,
Firewall Filters, and Traffic Policers Feature Guide.
4. (Optional) Specify the firewall filter match conditions based on the route source
address only if you want to mirror a subset of the sampled packets.
For information about configuring firewall filter match conditions in general (including
in a Layer 3 environment), see Firewall Filter Match Conditions Based on Numbers or
Text Aliases, Firewall Filter Match Conditions Based on Bit-Field Values, Firewall Filter
Match Conditions Based on Address Fields, and Firewall Filter Match Conditions Based
on Address Classes, in the Routing Policies, Firewall Filters, and Traffic Policers Feature
Guide.
•
For detailed information about Layer 2 bridging firewall filter match conditions
(which are supported on MX Series routers and EX Series switches only), see Firewall
Filter Match Conditions for Layer 2 Bridging Traffic.
•
For detailed information about VPLS firewall filter match conditions, see Firewall
Filter Match Conditions for VPLS Traffic.
•
For detailed information about Layer 2 circuit cross-connect (CCC) firewall filter
match conditions, see Firewall Filter Match Conditions for Layer 2 CCC Traffic.
NOTE: If you want all sampled packets to be considered to match (and
be subjected to the actions specified in the then statement), then omit
the from statement altogether.
5.
Enable configuration of the action and action-modifier to apply to matching packets:
[edit firewall family family filter pm-filter-name term pm-filter-term-name]
user@host# edit then
6.
Specify the actions to be taken on matching packets:
[edit firewall family family filter pm-filter-name term pm-filter-term-name then]
user@host# set action
The recommended value for the action is accept. If you do not specify an action, or if
you omit the then statement entirely, all packets that match the conditions in the
from statement are accepted.
Copyright © 2016, Juniper Networks, Inc.46
Port Mirroring Feature Guide for EX9200 Switches
To Next Page
Loading...
