Defining A Layer 2 Port-Mirroring Firewall Filter - Juniper EX9200 Features Manual
Port mirroring feature guide ex series
Hide thumbs
Also See for EX9200:
- Features manual (342 pages) ,
- Manual (118 pages) ,
- Overview manual (72 pages)
Table of Contents
Advertisement
Defining a Layer 2 Port-Mirroring Firewall Filter
Copyright © 2016, Juniper Networks, Inc.
For virtual private LAN service (VPLS) traffic (
and for Layer 2 VPNs with
only, you can define a firewall filter that specifies Layer 2 port mirroring as the action to
be performed if a packet matches the conditions configured in the firewall filter term.
You can use a Layer 2 port-mirroring firewall filter in the following ways:
To mirror packets received or sent on a logical interface.
To mirror packets forwarded or flooded to a VLAN.
To mirror packets forwarded or flooded to a VPLS routing instance.
To mirror tunnel interface input packets only to multiple destinations.
For a summary of the three types of Layer 2 port-mirroring you can configure on an MX
Series router and on an EX Series switch, see Application of Layer 2 Port Mirroring Types.
For information about configuring firewall filters in general (including in a Layer 3
environment), see Stateless Firewall Filter Overview and How Standard Firewall Filters
Evaluate Packets in the Routing Policies, Firewall Filters, and Traffic Policers Feature Guide.
To define a firewall filter with a Layer 2 port-mirroring action:
Enable configuration of firewall filters for Layer 2 packets that are part of a VLAN, a
1.
Layer 2 switching cross-connect, or a virtual private LAN service (VPLS):
[edit]
user@host# edit firewall family family
The value of the
family
Enable configuration of a firewall filter
2.
[edit firewall family family]
user@host# edit filter pm-filter-name
Enable configuration of a firewall filter term
3.
[edit firewall family family filter pm-filter-name]
user@host# edit term pm-filter-term-name
For more information about firewall filter terms in general (including in a Layer 3
environment), see Guidelines for Configuring Firewall Filters in the Routing Policies,
Firewall Filters, and Traffic Policers Feature Guide.
(Optional) Specify the firewall filter match conditions based on the route source
4.
address only if you want to mirror a subset of the sampled packets.
Chapter 8: Port Mirroring for Multiple Destinations
family ethernet-switching
on MX Series routers and on EX Series switches
family ccc
option can be
ethernet-switching
pm-filter-name
pm-filter-term-name
or
family vpls
,
ccc
, or
vpls
.
:
:
)
69
Advertisement
Table of Contents
