[j-nsp] MAC logging in filter.

Jesper Skriver jesper at skriver.dk
Fri Oct 31 06:37:47 EST 2003


On Fri, Oct 31, 2003 at 01:15:54PM +0200, David Martinez CSIC RedIRIS wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 	Hello all.
> 
> 	Is it possible to log MAC address in a Gigabit Ethernet filter? We're 
> receiving a lot of unwanted traffic through a GigaSwitch, and I haven't found 
> any statement for logging MAC addresses.

Unless you have a Q-PIC, you cannot, as the L2 header is stripped off
before the IP2 processor see the packet.

If you have a Q-PIC, I believe you can do something similar to Cisco's
MAC accouting, but only for the MAC addresses you specify, so you'd need
to look at the L2 forwarding table in the switch, to see the active MAC
addresses in your L2 domain.

/Jesper

-- 
Jesper Skriver, jesper(at)skriver(dot)dk  -  CCIE #5456

One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.


More information about the juniper-nsp mailing list