Juniper EX9200 Features Manual page 102
Port mirroring feature guide ex series
Hide thumbs
Also See for EX9200:
- Features manual (342 pages) ,
- Manual (118 pages) ,
- Overview manual (72 pages)
Table of Contents
Advertisement
Port Mirroring Feature Guide for EX9200 Switches
Step-by-Step
Procedure
86
set firewall family ethernet-switching filter watch-employee term employee-to-corp then
accept
set firewall family ethernet-switching filter watch-employee term employee-to-web from
destination-port 80
set firewall family ethernet-switching filter watch-employee term employee-to-web then
port-mirror-instance employee-web-monitor
set interfaces ge-0/0/0 unit 0 family ethernet-switching filter input watch-employee
set interfaces ge-0/0/1 unit 0 family ethernet-switching filter input watch-employee
Copy and paste the following commands in the destination switch terminal window:
[edit]
set vlans remote-analyzer vlan-id 999
set interfaces ge-0/0/10 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members 999
set interfaces ge-0/0/5 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members 999
To configure port mirroring of all traffic from the two ports connected to employee
computers to the
remote-analyzer
On the source switch:
1.
a. Configure the
employee-web-monitor
[edit ]
user@switch# set interfaces ge-0/0/10 unit 0 family ethernet-switching port mode
access
user@switch# set forwarding-options port-mirroring instance employee-web-monitor
output vlan 999
b. Configure the VLAN ID for the
[edit vlans]
user@switch# set remote-analyzer vlan-id 999
c. Configure the interface to associate it with the
[edit interfaces]
user@switch# set ge-0/0/10 unit 0 family ethernet-switching vlan members 999
d. Configure the firewall filter called
[edit firewall family ethernet-switching]
user@switch# set filter watch-employee term employee-to-corp from
destination-address 192.0.2.16/28
user@switch# set filter watch-employee term employee-to-corp from source-address
192.0.2.16/28
user@switch# set filter watch-employee term employee-to-corp then accept
user@switch# set filter watch-employee term employee-to-web from destination-port
80
user@switch# set filter watch-employee term employee-to-web then
port-mirror-instance employee-web-monitor
In this configuration, the
destination-address
accepted to pass through the switch, and the
that traffic from port
employee-web-monitor
e. Apply the firewall filter to the employee interfaces:
[edit interfaces]
VLAN for use from a remote monitoring station:
port-mirroring instance:
remote-analyzer
watch-employee
employee-to-corp
term defines that traffic from
and source address
192.0.2.16/28
employee-to-web
80
must be sent to the port-mirroring instance
.
Copyright © 2016, Juniper Networks, Inc.
VLAN:
VLAN:
remote-analyzer
:
can be
192.0.2.16/28
term defines
Advertisement
Table of Contents
