[j-nsp] M20 port mirroring/

Nick Kraal nick at arc.net.my
Mon Jul 7 04:10:37 EDT 2008


Dear all,

We are trying to create a mirrored port on an M20 for an IPS/IDS to 
monitor. From information on-line, we have come up with the following 
configuration. Would appreciate it there is some feedback as we 
currently do not see packets spit out.

Thanks in advance,

-nick/
==============================
ge-0/3/0 {
         link-mode full-duplex;
         unit 0 {
             family inet {
                 filter {
                     input mirror_packets;
                 }
                 address 192.168.100.1/30;
             }
         }
     }
fe-0/2/3 {
          unit 0 {
              family inet;
              }
          }
      }
firewall {
     family inet {
         filter mirror_packets {
             term catch_all {
                 then {
                     port-mirror;
                     accept;
                 }
             }
         }
     }
}
forwarding-options {
     port-mirroring {
         input {
             family inet {
                 rate 1;
             }
         }
         output {
             interface fe-0/2/3.0;
             no-filter-check;
         }
     }
}


More information about the juniper-nsp mailing list