specified in the named instance referenced by the port-mirror-instance action
modifier.
•
To reference a next-hop group that specifies the next-hop addresses (for sending
additional copies of packets to an analyzer), use the
next-hop-group pm-next-hop-group-name action modifier:
[edit firewall family family filter pm-filter-name term pm-filter-term-name then]
user@host# set next-hop-group pm-next-hop-group-name
For configuration information about next-hop groups, see “Defining a Next-Hop
Group for Layer 2 Port Mirroring” on page 72. If you specify a next-hop group for
Layer 2 port mirroring, the firewall filter term applies to the tunnel interface input
only.
8.
Verify the minimum configuration of the Layer 2 port-mirroring firewall filter:
[edit firewall ... ]
user@host# top
[edit]
user@host# show firewall
family (ethernet-switching | ccc | vpls) { # Type of packets to mirror
filter pm-filter-name { # Firewall filter name
term pm-filter-term-name {
from { # Do not specify match conditions based on route source address
}
then {
action; # Recommended action is ’accept’
action-modifier; # Three options for Layer 2 port mirroring
}
}
}
}
In the firewall filter term then statement, the action-modifier can be port-mirror,
port-mirror-instance pm-instance-name, or next-hop-group pm-next-hop-group-name.
Related
Documentation
Understanding Layer 2 Port Mirroring on page 3•
• Layer 2 Port Mirroring Firewall Filters
• Understanding Layer 2 Port Mirroring to Multiple Destinations Using Next-Hop Groups
on page 68
• Example: Layer 2 Port Mirroring at a Logical Interface
• Example: Layer 2 Port Mirroring for a Layer 2 VPN
• Example: Layer 2 Port Mirroring for a Layer 2 VPN with LAG Links
• Example: Layer 2 Port Mirroring to Multiple Destinations
71Copyright © 2016, Juniper Networks, Inc.
Chapter 8: Port Mirroring for Multiple Destinations
To Next Page
Loading...
Need help?
General
