NOTE: When configuring a Layer 2 port-mirroring firewall filter, do not include
the optional from statement that specifies match conditions based on the
route source address. Omit this statement so that all packets are considered
to match and all actions and action-modifiers specified in the then statement
are taken.
If you want to mirror all incoming packets, then you must not use the from
statement; /* comment: one configure filter terms with from if they are
interested in mirroring only a subset of packet.
For a general description of Layer 2 port-mirroring properties, see “Understanding Layer
2 Port Mirroring Properties” on page 4. For a comparison of the types of Layer 2 port
mirroring available on an MX Series router and on an EX Series switch, see Application of
Layer 2 Port Mirroring Types.
NOTE: If you associate integrated routing and bridging (IRB) with the VLAN
(or VPLS routing instance), and also configure within the VLAN (or VPLS
routing instance) a forwarding table filter with the port-mirror or
port-mirror-instance action, then the IRB packet is mirrored as a Layer 2 packet.
You can disable this behavior by configuring the no-irb-layer-2-copy statement
in the VLAN (or VPLS routing instance).
For a detailed description of how to configure a Layer 2 port-mirroring firewall filter, see
Defining a Layer 2 Port-Mirroring Firewall Filter.
For detailed information about how you can use Layer 2 port-mirroring firewall filters
with MX Routers and EX Series switches configured as provider edge (PE) routers or PE
switches, see “Understanding Layer 2 Port Mirroring of PE Router Logical Interfaces” on
page 41. For detailed information about configuring firewall filters in general (including
in a Layer 3 environment), see the Routing Policies, Firewall Filters, and Traffic Policers
Feature Guide.
Mirroring of Packets Received or Sent on a Logical Interface
To mirror Layer 2 traffic received or sent on a logical interface, apply a port-mirroring
firewall filter to the input or output of the interface.
A port-mirroring firewall filter can also be applied to an aggregated-Ethernet logical
interface. For details, see Understanding Layer 2 Port Mirroring of PE Router Aggregated
Ethernet Interfaces.
NOTE: If port-mirroring firewall filters are applied at both the input and output
of a logical interface, two copies of each packet are mirrored. To prevent the
router or switch from forwarding duplicate packets to the same destination,
you can enable the “mirror-once” option for Layer 2 port mirroring in the global
instance for the Layer 2 packet address family.
Copyright © 2016, Juniper Networks, Inc.66
Port Mirroring Feature Guide for EX9200 Switches
To Next Page
Loading...
Need help?
General
