Table of Contents
Advertisement
Packet Mirroring
Policy Management
Copyright © 2010, Juniper Networks, Inc.
1.
Access the context of the parent VR, and create and enable IPv6 PIM on the
parent VR.
host1(config)#virtual-router parent
host1:parent(config)#ipv6 router pim
2.
Enter the VRF Configuration mode to restore PIM settings on the VRF in the
parent VR.
host1:parent(config)#virtual-router parent:vrf01
3.
Create and enable IPv6 PIM on the VRF in the parent VR.
host1:parent:vrf01(config)#ipv6 router pim
After the IPv6 PIM configuration is recovered on the VRF, you can remove the IPv6
PIM configuration settings on the parent VR by using the no ipv6 router pim
command, if necessary.
The ES2 10G LM supports the packet mirroring feature when the module is paired
with the ES2-S2 10GE PR IOA, the ES2-S1 GE-8 IOA, or the ES2-S3 GE-20 IOA. When
you use the ES2 10G LM with these IOAs, CLI-based interface-specific mirroring is not
supported.
When both interface-specific mirroring and user-specific mirroring are configured on
the same interface, the interface-specific secure policies take precedence. The
interface-specific secure policies, which you manually attach using the CLI, override
and remove any existing secure polices that were attached by a trigger action. If the
interface-specific secure polices are subsequently deleted, the original trigger-based
secure policies are not restored.
Typically, when configuring packet mirroring, you configure a static route to reach the
analyzer device through the analyzer port. If the analyzer port is an IP-over-Ethernet
interface, you must also configure a static Address Resolution Protocol (ARP) entry
to reach the analyzer device. However, because only a single static ARP entry can be
installed for a given address at any given time, when you are using equal-cost
multipath (ECMP) links to connect to the analyzer device, the static ARP
configuration does not provide failover if the link being selected fails or is
disconnected. Therefore, to provide continued connectivity if the link fails when using
ECMP, enable the ip proxy-arp unrestricted command on the next-hop router for
each ECMP interface. As a result, when the link fails, the router sends an ARP request
to identify the MAC address of the analyzer device and gets a response over the new
link.
The ES2 10G LM does not support the deprecated next-hop command.
You cannot configure classifier lists that reference multiple fields for a VLAN policy
list on the ES2 10G Uplink LM or the ES2 10G LM, with the exception of traffic-class
and color. The system incorrectly classifies VLAN policies that classify using multiple
fields. For example, an invalid policy list that references multiple fields uses both
color and user-packet-class, or one classifier list using color and another using
user-packet-class.
Release 11.3.0
Known Behavior
31
Advertisement
Table of Contents
