Defining a Layer 2 Port-Mirroring Firewall Filter
For virtual private LAN service (VPLS) traffic (family ethernet-switching or family vpls)
and for Layer 2 VPNs with family ccc on MX Series routers and on EX Series switches
only, you can define a firewall filter that specifies Layer 2 port mirroring as the action to
be performed if a packet matches the conditions configured in the firewall filter term.
You can use a Layer 2 port-mirroring firewall filter in the following ways:
•
To mirror packets received or sent on a logical interface.
•
To mirror packets forwarded or flooded to a VLAN.
•
To mirror packets forwarded or flooded to a VPLS routing instance.
•
To mirror tunnel interface input packets only to multiple destinations.
For a summary of the three types of Layer 2 port-mirroring you can configure on an MX
Series router and on an EX Series switch, see Application of Layer 2 Port Mirroring Types.
For information about configuring firewall filters in general (including in a Layer 3
environment), see Stateless Firewall Filter Overview and How Standard Firewall Filters
Evaluate Packets in the Routing Policies, Firewall Filters, and Traffic Policers Feature Guide.
To define a firewall filter with a Layer 2 port-mirroring action:
1.
Enable configuration of firewall filters for Layer 2 packets that are part of a VLAN, a
Layer 2 switching cross-connect, or a virtual private LAN service (VPLS):
[edit]
user@host# edit firewall family family
The value of the family option can be ethernet-switching, ccc, or vpls.
2.
Enable configuration of a firewall filter pm-filter-name:
[edit firewall family family]
user@host# edit filter pm-filter-name
3.
Enable configuration of a firewall filter term pm-filter-term-name:
[edit firewall family family filter pm-filter-name]
user@host# edit term pm-filter-term-name
For more information about firewall filter terms in general (including in a Layer 3
environment), see Guidelines for Configuring Firewall Filters in the Routing Policies,
Firewall Filters, and Traffic Policers Feature Guide.
4. (Optional) Specify the firewall filter match conditions based on the route source
address only if you want to mirror a subset of the sampled packets.
69Copyright © 2016, Juniper Networks, Inc.
Chapter 8: Port Mirroring for Multiple Destinations
To Next Page
Loading...
Need help?
General
