For information about configuring firewall filter match conditions in general (including
in a Layer 3 environment), see Firewall Filter Match Conditions Based on Numbers or
Text Aliases, Firewall Filter Match Conditions Based on Bit-Field Values, Firewall Filter
Match Conditions Based on Address Fields, and Firewall Filter Match Conditions Based
on Address Classes, in the Routing Policies, Firewall Filters, and Traffic Policers Feature
Guide.
•
For detailed information about Layer 2 bridging firewall filter match conditions
(which are supported on MX Series routers and EX Series switches only), see Firewall
Filter Match Conditions for Layer 2 Bridging Traffic.
•
For detailed information about VPLS firewall filter match conditions, see Firewall
Filter Match Conditions for VPLS Traffic.
•
For detailed information about Layer 2 circuit cross-connect (CCC) firewall filter
match conditions, see Firewall Filter Match Conditions for Layer 2 CCC Traffic.
NOTE: If you want all sampled packets to be considered to match (and
be subjected to the actions specified in the then statement), then omit
the from statement altogether.
5.
Enable configuration of the action and action-modifier to apply to matching packets:
[edit firewall family family filter pm-filter-name term pm-filter-term-name]
user@host# edit then
6.
Specify the actions to be taken on matching packets:
[edit firewall family family filter pm-filter-name term pm-filter-term-name then]
user@host# set action
The recommended value for the action is accept. If you do not specify an action, or if
you omit the then statement entirely, all packets that match the conditions in the
from statement are accepted.
7. Specify Layer 2 port mirroring or a next-hop group as the action-modifier:
•
To reference the Layer 2 port mirroring properties currently in effect for the Packet
Forwarding Engine or PIC associated with the underlying physical interface, use the
port-mirror statement:
[edit firewall family family filter pm-filter-name term pm-filter-term-name then]
user@host# set port-mirror
•
To reference the Layer 2 port mirroring properties configured in a specific named
instance, use the port-mirror-instance pm-instance-name action modifier:
[edit firewall family family filter pm-filter-name term pm-filter-term-name then]
user@host# set port-mirror-instance pm-instance-name
If the underlying physical interface is not bound to a named instance of Layer 2 port
mirroring but instead is implicitly bound to the global instance of Layer 2 port
mirroring, then traffic at the logical interface is mirrored according to the properties
Copyright © 2016, Juniper Networks, Inc.70
Port Mirroring Feature Guide for EX9200 Switches
To Next Page
Loading...
