Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual page 232

JunosE 11.3.x Policy Management Configuration Guide
208
Out Scheduler Dropped Packets 0, Bytes 0
Out Policed Packets 0, Bytes 0
Out Discarded Packets 2269
IP policy input pingAttack
classifier-group icmpEchoReq entry 1
488421 packets, 69355782 bytes
log
queue 0: traffic class best-effort, bound to ip GigabitEthernet0/0
Queue length 0 bytes
Forwarded packets 485988, bytes 70954248
Dropped committed packets 0, bytes 0
Dropped conformed packets 0, bytes 0
Dropped exceeded packets 0, bytes 0
You can also capture traffic that transits through the router by using the
policyMgrPacketLog category. When you set the logging severity level to info, you have
the following options
interface—filter on an interface
interface-type—filter on an interface type
policy-list—filter on a policy list
The policy list must contain the log keyword in the classifier group you want to monitor.
You must also enable logging for policyMgrPacketLog and for the specific interface or
policy list.
host1(config)#log severity info policyMgrPacketLog
host1(config)#log severity info policyMgrPacketLog policy-list all
host(config)#ip policy-list test
host(config-policy-list)#classifier-group *
host1(config-policy-list-classifier-group)#log
host1(config)#interface fastEthernet 2/0.100
host1(config-if)#vlan id 100
host1(config-if)#ip address 100.1.1.1 255.255.255.0
host1(config-if)#ip policy input test
host1(config-if)#ip policy output test
The packet capture can also be done for any source and destination defined in the
classifier list. If the logging verbosity is set to low, you can obtain the following level of
detail from the packet capture:
INFO 02/20/2008 10:10:23 policyMgrPacketLog:
test icmp FastEthernet2/2.100 100.1.1.2 100.1.2.2 forwarded
INFO 02/20/2008 10:10:26 ppolicyMfrPacketLog:
test icmp FastEthernet2.2.100.100.1.2.2 100.1.1.2 forwarded
If the logging verbosity is set to medium or high, you can obtain the following level of
detal from the packet capture:
INFO 02/20/2008 10:15:11 policyMgrPacketLog: Classifier: test.1, prot: icmp,
intf: FastEthernet2/2.100, sa: 100.1.1.2, da: 100.1.2.2 version: 0x45, tos:
0x0, len: 0x3e8, id: 0x714, flags: 0x0, ttl: 0x20, proto; 0x1, chksum: 0xc4fb,
forwarded
Copyright © 2010, Juniper Networks, Inc.