Dell PowerConnect J-EX4200-24T Software Manual page 3324

Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS
CLI Quick
Configuration
Step-by-Step
Procedure
Results
3252
To quickly configure local port mirroring of traffic from the two ports connected to
employee computers, filtering so that only traffic to the external Web is mirrored, copy
the following commands and paste them into the switch terminal window:
[edit]
set ethernet-switching-options analyzer employee–web–monitor output interface ge-0/0/10.0
set firewall family ethernet-switching filter watch-employee term employee-to-corp from
destination-address 192.0.2.16/28
set firewall family ethernet-switching filter watch-employee term employee-to-corp from
source-address 192.0.2.16/28
set firewall family ethernet-switching filter watch-employee term employee-to-corp then accept
set firewall family ethernet-switching filter watch-employee term employee-to-web from
destination-port 80
set firewall family ethernet-switching filter watch-employee term employee-to-web then analyzer
employee-web-monitor
set interfaces ge-0/0/0 unit 0 family ethernet-switching filter input watch-employee
set interfaces ge-0/0/1 unit 0 family ethernet-switching filter input watch-employee
To configure local port mirroring of employee-to-web traffic from the two ports connected
to employee computers:
Configure the local analyzer interface:
1.
[edit interfaces]
user@switch# set ge-0/0/10 unit 0 family ethernet-switching
Configure the
employee-web-monitor
2.
comes from the action of the filter):
[edit ethernet-switching-options]
user@switch# set analyzer employee-web-monitor output interface ge-0/0/10.0
Configure a firewall filter called
3.
requests to the Web to the
and from the corporate subnet (destination or source address of
Send mirrored copies of all packets destined for the Internet (
to the
employee-web-monitor
[edit firewall family ethernet-switching]
user@switch# set filter watch-employee term employee-to-corp from
destination-address 192.0.2.16/28
user@switch# set filter watch-employee term employee-to-corp from source-address
192.0.2.16/28
user@switch# set filter watch-employee term employee-to-corp then accept
user@switch# set filter watch-employee term employee-to-web from destination-port
80
user@switch# set filter watch-employee term employee-to-web then analyzer
employee-web-monitor
Apply the watch-employee
4.
[edit interfaces]
user@switch# set ge-0/0/0 unit 0 family ethernet-switching filter input watch-employee
user@switch# set ge-0/0/1 unit 0 family ethernet-switching filter input watch-employee
Check the results of the configuration:
[edit]
user@switch# show
analyzer output (the input to the analyzer
watch-employee to send mirrored copies of employee
employee-web-monitor analyzer. Accept all traffic to
analyzer.
filter to the appropriate ports:
).
192.0.2.16/28
)
destination port 80