Example: Layer 2 Port Mirroring For A Layer 2 Vpn - Juniper EX9200 Features Manual

Port Mirroring Feature Guide for EX9200 Switches
Related
Documentation

Example: Layer 2 Port Mirroring for a Layer 2 VPN

58
flexible-vlan-tagging;
encapsulation extended-vlan-bridge;
unit 2 {
vlan-tags outer 10 inner 20;
family ethernet-switching;
}
}
}
Packets received at logical interface
evaluated by the port-mirroring firewall filter
filter acts on the input traffic according to the filter actions configured in the firewall
filter itself plus the input packet-sampling properties and mirror destination properties
configured in the global port-mirroring instance:
All packets received at
destination at logical interface
For every ten input packets, copies of the first five packets in that selection are
forwarded to the external analyzer at logical interface
example-bd-with-analyzer
If you configure the port-mirroring firewall filter
action instead of the
discard
copies of the packets selected using the global port-mirroring
sent to the external analyzer.
Understanding Layer 2 Port Mirroring on page 3
Layer 2 Port Mirroring Firewall Filters
Defining a Layer 2 Port-Mirroring Firewall Filter
The following example is not a complete configuration, but shows all the steps needed
to configure port mirroring on an L2VPN using
Configure the VLAN port-mirror-bd
1.
[edit]
vlans {
port-mirror-vlan { # Contains an external traffic analyzer
interface ge-2/2/9.0; # External analyzer
}
}
Configure the Layer 2 VPN CCC to connect logical interface
2.
interface :
ge-2/0/1.1
[edit]
protocols {
mpls {
interface all;
ge-2/0/6.0 on VLAN
example-bridge-pm-filter
ge-2/0/6.0 are forwarded to their (assumed) normal
.
ge-3/0/1.2
.
example-bridge-pm-filter
action, all original packets are discarded while
accept
family ccc
, which contains the external packet analyzer:
example-bd-with-traffic
. The firewall
ge-0/0/0.0 in the other VLAN,
to take the
properties are
input
.
and logical
ge-2/0/1.0
Copyright © 2016, Juniper Networks, Inc.
are