Applying Layer 2 Port Mirroring to a Logical Interface
You can apply a Layer 2 port-mirroring firewall filter to the input or to the output of a
logical interface, including an aggregated Ethernet logical interface. Only packets of the
address-type family specified by the filter action are mirrored.
Before you begin, complete the following task:
•
Define a Layer 2 port-mirroring firewall filter to be applied to the input to a logical
interface or output to a logical interface. For details, see Defining a Layer 2 Port-Mirroring
Firewall Filter.
NOTE: This configuration task shows two Layer 2 port-mirroring firewall
filters: one filter applied to the logical interface ingress traffic, and one filter
applied to the logical interface egress traffic.
To apply a Layer 2 port-mirroring firewall filter to an input or output logical interface:
1. Configure the underlying physical interface for the logical interface.
a.
Enable configuration of the underlying physical interface:
[edit]
user@host# edit interfaces interface-name
NOTE: A port-mirroring firewall filter can also be applied to an
aggregated-Ethernet logical interface.
b.
For Fast Ethernet and Gigabit Ethernet interfaces and aggregated Ethernet
interfaces configured for VPLS, enable the reception and transmission of 802.1Q
VLAN-tagged frames on the interface:
[edit interfaces interface-name]
user@host# set vlan-tagging
c.
For Ethernet interfaces that have IEEE 802.1Q VLAN tagging and bridging enabled
and that must accept packets carrying TPID 0x8100 or a user-defined TPID, set
the logical link-layer encapsulation type:
[edit interfaces interface-name]
user@host# set encapsulation extended-vlan-ethernet-switching
2. Configure the logical interface to which you want to apply a Layer 2 port-mirroring
firewall filter.
a.
Specify the logical unit number:
[edit interfaces interface-name]
user@host# edit unit logical-unit-number
49Copyright © 2016, Juniper Networks, Inc.
Chapter 7: Port Mirroring for Logical interfaces
To Next Page
Loading...
Need help?
General
