For example, create a firewall filter called example-filter with two terms no-analyzer
and to-analyzer, and assign the to-analyzer term to the employee-monitor port-mirroring
instance:
a. Create the first term to define the traffic that should not pass through to the
port-mirroring instance employee-monitor:
[edit firewall family ethernet-switching]
user@switch# set filter (Firewall Filters) example-filter term no-analyzer from
source-address 192.0.2.14
[edit firewall family ethernet-switching]
user@switch# set filter example-filter term no-analyzer from protocol tcp
[edit firewall family ethernet-switching]
user@switch# set filter example-filter term no-analyzer then accept
b. Create the second term to define the traffic that should pass through to the
port-mirroring instance employee-monitor:
[edit firewall family ethernet-switching]
user@switch# set filter example-filter term to-analyzer from destination-port 80
[edit firewall family ethernet-switching]
user@switch# set filter example-filter term to-analyzer then port-mirror-instance
employee–monitor
[edit firewall family ethernet-switching]
user@switch# set filter example-filter term to-analyzer then accept
3. Apply the firewall filter to an interface or VLAN that provides input to the port-mirroring
instance.
To apply a firewall filter to an interface:
[edit]
user@switch# set interfaces interface-name unit 0 family ethernet-switching filer (input |
output) filter-name
To apply a firewall filter to a VLAN:
[edit]
user@switch# set vlan (vlan-ID or vlan-name) filter (input | output) filter-name
For example, to apply the example-filter firewall filter to the ge-0/0/1 interface:
[edit]
user@switch# set interfaces ge-0/0/1 unit 0 family ethernet-switching filter input
example-filter
For example, to apply the example-filter filter to the source-vlan VLAN:
[edit]
user@switch# set vlan source-vlan filter input example-filter
Related
Documentation
Example: Configuring Layer 2 Port Mirroring to Remote VLAN on page 83•
• Layer 2 Port Mirroring to Remote Destination by Using Destination as VLAN on page 81
Example: Configuring Layer 2 Port Mirroring to Remote VLAN
EX9200 switches enable you to configure mirroring to send copies of packets to either
a local interface for local monitoring or to a VLAN for remote monitoring. You can use
mirroring to copy these packets:
•
Packets entering or exiting a port
83Copyright © 2016, Juniper Networks, Inc.
Chapter 9: Port Mirroring for Remote Destinations
To Next Page
Loading...
Need help?
General
