[j-nsp] M20 port mirroring/

Nick Kraal nick at arc.net.my
Wed Jul 9 03:44:09 EDT 2008


Dear Sam,

Thanks for your reply. We did this, but still did not see any traffic 
being 'mirrored' over. Well I'll scour further around the 'net for hints.

Thanks and regards,

-nick/

samuel.gay at bt.com wrote:
> Hi Nick,
> 
> To do port mirroring we have to add this in your configuration:
> 
>     fe-0/2/3 {
>         unit 0 {
>             family inet {
>                 address 20.0.0.1/30 {
> 			  # You need an arp entry here so the router can encaps the packet.	
>                     arp 20.0.0.2 mac 00:01:6c:fa:9c:71;
>                 }
>             }
>         }
>     } 
> 
> Regards,
> Samuel
> 
> -----Message d'origine-----
> De : juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] De la part de Nick Kraal
> Envoyé : lundi 7 juillet 2008 10:11
> À : juniper-nsp at puck.nether.net
> Objet : [j-nsp] M20 port mirroring/
> 
> Dear all,
> 
> We are trying to create a mirrored port on an M20 for an IPS/IDS to monitor. From information on-line, we have come up with the following configuration. Would appreciate it there is some feedback as we currently do not see packets spit out.
> 
> Thanks in advance,
> 
> -nick/
> ==============================
> ge-0/3/0 {
>          link-mode full-duplex;
>          unit 0 {
>              family inet {
>                  filter {
>                      input mirror_packets;
>                  }
>                  address 192.168.100.1/30;
>              }
>          }
>      }
> fe-0/2/3 {
>           unit 0 {
>               family inet;
>               }
>           }
>       }
> firewall {
>      family inet {
>          filter mirror_packets {
>              term catch_all {
>                  then {
>                      port-mirror;
>                      accept;
>                  }
>              }
>          }
>      }
> }
> forwarding-options {
>      port-mirroring {
>          input {
>              family inet {
>                  rate 1;
>              }
>          }
>          output {
>              interface fe-0/2/3.0;
>              no-filter-check;
>          }
>      }
> }
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list