[j-nsp] M20 port mirroring/
Nick Kraal
nick at arc.net.my
Mon Jul 7 04:10:37 EDT 2008
Dear all,
We are trying to create a mirrored port on an M20 for an IPS/IDS to
monitor. From information on-line, we have come up with the following
configuration. Would appreciate it there is some feedback as we
currently do not see packets spit out.
Thanks in advance,
-nick/
==============================
ge-0/3/0 {
link-mode full-duplex;
unit 0 {
family inet {
filter {
input mirror_packets;
}
address 192.168.100.1/30;
}
}
}
fe-0/2/3 {
unit 0 {
family inet;
}
}
}
firewall {
family inet {
filter mirror_packets {
term catch_all {
then {
port-mirror;
accept;
}
}
}
}
}
forwarding-options {
port-mirroring {
input {
family inet {
rate 1;
}
}
output {
interface fe-0/2/3.0;
no-filter-check;
}
}
}
More information about the juniper-nsp
mailing list