[j-nsp] M20 port mirroring/
samuel.gay at bt.com
samuel.gay at bt.com
Wed Jul 9 03:58:46 EDT 2008
Hi Nick,
This is the configuration that I use to mirror two interfaces (ge-0/0/1 and fe-0/3/0) toward an other one (ge-0/0/3):
interfaces {
ge-0/0/1 {
unit 0 {
family inet {
filter {
input Mirroring;
}
address 10.0.0.5/30;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 20.0.0.1/30 {
arp 20.0.0.2 mac 00:01:6c:fa:9c:71;
}
}
}
}
fe-0/3/0 {
unit 0 {
family inet {
filter {
input Mirroring;
}
address 10.0.0.13/30;
}
}
}
}
forwarding-options {
port-mirroring {
family inet {
input {
rate 1;
}
output {
interface ge-0/0/3.0 {
next-hop 20.0.0.2;
}
}
}
}
}
firewall {
family inet {
filter Mirroring {
term Default {
then {
port-mirror;
accept;
}
}
}
}
}
Regards,
Samuel
-----Message d'origine-----
De : Nick Kraal [mailto:nick at arc.net.my]
Envoyé : mercredi 9 juillet 2008 09:44
À : Gay,S,Samuel,JPECS R
Cc : juniper-nsp at puck.nether.net
Objet : Re: [j-nsp] M20 port mirroring/
Dear Sam,
Thanks for your reply. We did this, but still did not see any traffic being 'mirrored' over. Well I'll scour further around the 'net for hints.
Thanks and regards,
-nick/
samuel.gay at bt.com wrote:
> Hi Nick,
>
> To do port mirroring we have to add this in your configuration:
>
> fe-0/2/3 {
> unit 0 {
> family inet {
> address 20.0.0.1/30 {
> # You need an arp entry here so the router can encaps the packet.
> arp 20.0.0.2 mac 00:01:6c:fa:9c:71;
> }
> }
> }
> }
>
> Regards,
> Samuel
>
> -----Message d'origine-----
> De : juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] De la part de Nick Kraal
> Envoyé : lundi 7 juillet 2008 10:11 À : juniper-nsp at puck.nether.net
> Objet : [j-nsp] M20 port mirroring/
>
> Dear all,
>
> We are trying to create a mirrored port on an M20 for an IPS/IDS to monitor. From information on-line, we have come up with the following configuration. Would appreciate it there is some feedback as we currently do not see packets spit out.
>
> Thanks in advance,
>
> -nick/
> ==============================
> ge-0/3/0 {
> link-mode full-duplex;
> unit 0 {
> family inet {
> filter {
> input mirror_packets;
> }
> address 192.168.100.1/30;
> }
> }
> }
> fe-0/2/3 {
> unit 0 {
> family inet;
> }
> }
> }
> firewall {
> family inet {
> filter mirror_packets {
> term catch_all {
> then {
> port-mirror;
> accept;
> }
> }
> }
> }
> }
> forwarding-options {
> port-mirroring {
> input {
> family inet {
> rate 1;
> }
> }
> output {
> interface fe-0/2/3.0;
> no-filter-check;
> }
> }
> }
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list