1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE...
  6. Configuration manual

Configuring The E Series Router; Example: Configuring Cli-Based Interface-Specific Mirroring - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04 Configuration Manual

Software for e series broadband services routers policy management configuration guide
Hide thumbs Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04:
Table of Contents

Advertisement

JunosE 11.3.x Policy Management Configuration Guide

Configuring the E Series Router

Example: Configuring CLI-Based Interface-Specific Mirroring

228
Policies are not supported on analyzer interfaces. When you configure an analyzer
interface, existing policies are disabled, and no new policies are accepted.
To configure the router to support CLI-based packet mirroring:
Configure the analyzer interface, the route to the analyzer device, and any static ARP
1.
entries.
Allow authorized users to have access to the mirror-enable command. The users can
2.
then make the packet mirroring CLI commands visible and perform the following
steps.
Configure the secure policy that forwards the mirrored traffic to the analyzer device.
3.
(Optional) For increased security, create an IPSec tunnel between the analyzer
4.
interface and the analyzer device.
For interface-specific mirroring, attach the secure policy to the interface.
5.
For user-specific mirroring, configure the trigger that identifies the user.
6.
This example shows the configuration of a CLI-based packet mirroring session for a
particular static IP interface. The configuration results in all traffic through the interface
being replicated and the replicated traffic then sent through an IPSec tunnel to the
analyzer device.
Enable the visibility and use of the packet mirroring CLI commands.
1.
host1#mirror-enable
Configure the analyzer interface and a route to reach the analyzer device at
2.
192.168.125.29.
NOTE: If the analyzer interface is Ethernet-based, you must configure a
static ARP entry for the analyzer device.
host1(config)#virtual-router vr1
host1:vr1(config)#interface tunnel ipsec:Diag transport-virtual-router default
host1:vr1(config-if)#ip analyzer
host1:vr1(config-if)#exit
host1:vr1(config)#ip route 192.168.125.29 255.255.255.255 tunnel ipsec:Diag
Configure the secure IP policy that forwards the mirrored traffic to the analyzer device
3.
at 192.168.125.29.
In this example, the configured mirror rule does not include the analyzer-udp-port
keyword. Therefore, the rule sets the mirror header to disable, which means that the
mirror header is not prepended to the mirrored packets. See "Understanding the
Prepended Header During a Packet Mirroring Session" on page 243 for information
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04

This manual is also suitable for:

Junose 11.3

Table of Contents