Example: Layer 2 Port Mirroring at a Logical Interface
The following steps describe an example in which the global port-mirroring instance and
a port-mirroring firewall filter are used to configure Layer 2 port mirroring for the input to
a logical interface.
1.
Configure the VLAN example-bd-with-analyzer, which contains the external packet
analyzer, and the VLAN example-bd-with-traffic, which contains the source and
destination of the Layer 2 traffic being mirrored:
[edit]
bridge-domains {
example-bd-with-analyzer { # Contains an external traffic analyzer
vlan-id 1000;
interface ge-2/0/0.0; # External analyzer
}
example-bd-with-traffic { # Contains traffic input and output interfaces
vlan-id 1000;
interface ge-2/0/6.0; # Traffic input port
interface ge-3/0/1.2; # Traffic output port
}
}
Assume that logical interface ge-2/0/0.0 is associated with an external traffic analyzer
that is to receive port-mirrored packets. Assume that logical interfaces ge-2/0/6.0
and ge-3/0/1.2 will be traffic input and output ports, respectively.
2.
Configure Layer 2 port-mirroring for the global instance, with the port-mirroring
destination being the VLAN interface associated with the external analyzer (logical
interface ge-2/0/0.0 on VLAN example-bd-with-analyzer). Be sure to enable the option
that allows filters to be applied to this port-mirroring destination:
[edit]
forwarding-options {
port-mirroring {
input {
rate 10;
run-length 5;
}
family ethernet-switching {
output {
interface ge-2/0/0.0; # Mirror packets to the external analyzer
no-filter-check; # Allow filters on the mirror destination interface
}
}
}
}
The input statement at the [edit forwarding-options port-mirroring] hierarchy level
specifies that sampling begins every tenth packet and that each of the first five packets
selected are to be mirrored.
Copyright © 2016, Juniper Networks, Inc.56
Port Mirroring Feature Guide for EX9200 Switches
To Next Page
Loading...
Need help?
General
