Enabling And Securing Cli-Based Packet Mirroring - Juniper E320 Configuration Manual

JUNOSe 7.2.x Policy Management Configuration Guide

Enabling and Securing CLI-Based Packet Mirroring

152 !
Configuring CLI-Based Packet Mirroring
Figure 8: CLI-Based Interface Mirroring
CE
Port-mirroring
interface
Interface
The JUNOSe software enables you to create a secure environment for your packet
mirroring operation by restricting access to the packet mirroring CLI commands
and information. For example, when dealing with a critical diagnostic or
troubleshooting procedure, you might want the packet mirroring feature to be
available and visible to a subset of your network operations group. Or, if you are
monitoring confidential traffic from a particular user, you might want the
configuration and results of the mirroring operation to be available only to a unique
group, such as the management group of the analyzer device.
By default, the packet mirroring configuration commands are hidden from all users.
You must use the mirror-enable command to make the commands visible, which
then enables you to configure the packet mirroring environment. The command
applies only to the current CLI session. When you log off the current session and
then log on again, the packet mirroring commands are no longer visible,
The no mirror-enable command makes the packet mirroring commands
NOTE:
no longer visible. However, any active mirroring sessions are unaffected and traffic
continues to be mirrored.
Ingress mirrored interface
E-series router
Interface
Analyzer
interface
Egress mirrored interface
E-series router
Port-mirroring
interface
Analyzer
interface
Destination
Analyzer
device
CE
Analyzer
device