Configuring Port Mirroring To A Remote Vlan; Configuring Port Mirroring - Juniper EX9200 Features Manual
Port mirroring feature guide ex series
Hide thumbs
Also See for EX9200:
- Features manual (342 pages) ,
- Manual (118 pages) ,
- Overview manual (72 pages)
Table of Contents
Advertisement
Port Mirroring Feature Guide for EX9200 Switches
Configuring Port Mirroring to a Remote VLAN
82
BEST PRACTICE:
performance impact. We recommend that you:
Disable port mirroring that you have configured when you are not using
them.
Specify individual interfaces as input rather than specifying all interfaces
as input in a port mirroring configuration.
Limit the amount of mirrored traffic by:
Using statistical sampling.
Setting ratios to select statistical samples.
Using firewall filters.
Configuring Port Mirroring to a Remote VLAN on page 82
To filter packets to be mirrored to a port-mirroring instance, create the instance and then
use it as the action in the firewall filter. You can use firewall filters in both local and remote
mirroring configurations.
If the same port-mirroring instance is used in multiple filters or terms, the packets are
copied to the port-mirroring output port or port-mirroring VLAN only once.
To filter mirrored traffic, create a port-mirroring instance under the
hierarchy level, and then create a firewall filter. The filter can use
forwarding-options]
any of the available match conditions and must have
as an action. This action in the firewall filter configuration provides the input to the
port-mirroring instance.
To configure a port-mirroring instance with firewall filters:
Configure the port-mirroring instance name and set the output destination to a VLAN:
1.
[edit forwarding-options]
user@switch# set port-mirroring instance instance-name output vlan (vlan-ID | vlan-name)
For example, configure a port-mirroring instance
destination to a VLAN ID
[edit forwarding-options]
user@switch# set port-mirroring instance employee-monitor output vlan 999
Create a firewall filter by using any of the available match conditions and assign the
2.
port-mirroring instance name as an action in the firewall filter configuration.
[edit firewall family ethernet-switching]
user@switch set filter filter-name term term-name from match-condition
user@switch set filter filter-name term term-name then match-condition
user@switch# set filter filter-name term term-namethen port-mirror-instance instance-name
Mirror only necessary packets to reduce potential
port-mirror-instance instance-name
employee-monitor
:
999
[edit
and set the output
Copyright © 2016, Juniper Networks, Inc.
Advertisement
Table of Contents
