Juniper EX9200 Features Manual page 86

Port Mirroring Feature Guide for EX9200 Switches
70
For information about configuring firewall filter match conditions in general (including
in a Layer 3 environment), see Firewall Filter Match Conditions Based on Numbers or
Text Aliases, Firewall Filter Match Conditions Based on Bit-Field Values, Firewall Filter
Match Conditions Based on Address Fields, and Firewall Filter Match Conditions Based
on Address Classes, in the Routing Policies, Firewall Filters, and Traffic Policers Feature
Guide.
For detailed information about Layer 2 bridging firewall filter match conditions
(which are supported on MX Series routers and EX Series switches only), see Firewall
Filter Match Conditions for Layer 2 Bridging Traffic.
For detailed information about VPLS firewall filter match conditions, see Firewall
Filter Match Conditions for VPLS Traffic.
For detailed information about Layer 2 circuit cross-connect (CCC) firewall filter
match conditions, see Firewall Filter Match Conditions for Layer 2 CCC Traffic.
NOTE: If you want all sampled packets to be considered to match (and
be subjected to the actions specified in the
the statement altogether.
from
Enable configuration of the
5.
[edit firewall family family filter pm-filter-name term pm-filter-term-name]
user@host# edit then
Specify the actions to be taken on matching packets:
6.
[edit firewall family family filter pm-filter-name term pm-filter-term-name then]
user@host# set action
The recommended value for the
you omit the statement entirely, all packets that match the conditions in the
then
statement are accepted.
from
Specify Layer 2 port mirroring or a next-hop group as the
7.
To reference the Layer 2 port mirroring properties currently in effect for the Packet
Forwarding Engine or PIC associated with the underlying physical interface, use the
statement:
port-mirror
[edit firewall family family filter pm-filter-name term pm-filter-term-name then]
user@host# set port-mirror
To reference the Layer 2 port mirroring properties configured in a specific named
instance, use the
port-mirror-instance pm-instance-name
[edit firewall family family filter pm-filter-name term pm-filter-term-name then]
user@host# set port-mirror-instance pm-instance-name
If the underlying physical interface is not bound to a named instance of Layer 2 port
mirroring but instead is implicitly bound to the global instance of Layer 2 port
mirroring, then traffic at the logical interface is mirrored according to the properties
and
action action-modifier
action is accept . If you do not specify an action, or if
Copyright © 2016, Juniper Networks, Inc.
statement), then omit
then
to apply to matching packets:
action-modifier :
action modifier: