[j-nsp] Configure mirror port in M20?
Warren Kumari
warren at kumari.net
Wed Jun 21 14:16:29 EDT 2006
Something along these lines should work (but you may need a PIC for
sampling, cannot remember) -- this isn't quite mirroring, instead you
sample at a 1:1 ratio -- basically the same thing, but you lose MAC
info, etc.
interfaces {
ge-0/2/0 {
unit 1 {
description "To somewhere";
family inet {
filter {
input sample;
}
address 1.2.3.4/27
}
}
}
}
fe-1/0/0 {
unit 0 {
family inet {
address 192.0.2.1/24 {
# You need an arp entry here so the router can
encaps the packet.
arp 192.0.2.2 mac 00.01.02.03.04.05;
}
}
}
}
forwarding-options {
port-mirroring {
input {
family inet {
rate 1;
}
}
output {
interface fe-1/0/0.0 {
next-hop 192.0.2.2;
}
no-filter-check;
}
}
}
firewall {
family inet {
filter sample {
term default {
then {
count Sampled;
port-mirror;
accept;
}
}
}
}
}
Keep in mind I have probably forgotten a few closing braces....
W
On Jun 21, 2006, at 1:24 AM, F J wrote:
> Hi,
> I want to "mirror" all traffic sent and recieved on my ge-0/2/0.1
> interface
> to my fe-1/0/0 so that I can connect a computer to that interface
> and use
> Etherreal to see what traffic that is transmitted/recieved on the
> ge-0/2/0.1
> interface.
>
> Is there an easy way to do this in an M20? Configuration examples
> appreciated...
>
> Best Regards
> /// Fredrik
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
A. No
Q. Is it sensible to top-post?
More information about the juniper-nsp
mailing list