[j-nsp] EX4200 egress analyzer (mirror) bogus 802.1Q tags
Chuck Anderson
cra at WPI.EDU
Wed Mar 24 18:37:58 EDT 2010
EX4200
JUNOS 10.1R1.8
Anyone else notice that packets captured by an egress analyzer have
bogus 802.1Q tags? Originally I thought that egress mirroring was
broken because I saw no output when filtering on what I thought was
the correct VLAN ID like this:
tcpdump -i eth1 -n -s0 -e -v vlan 123
but in fact after trying every combination and doing no filtering:
tcpdump -i eth1 -n -s0 -e -v -w test.pcap
and looking in Wireshark, I have verified that ingress/egress works
using individual input interfaces, multiple input interfaces, all
input interfaces, ae0 input interface, ingress only, egress only,
both, etc. but it is just that any packets that are captured in the
egress direction have bogus 802.1Q tags. Ingress packets are always
fine. Untagged packets are always fine too (of course there is no tag
to mess up).
foo at bar> show configuration ethernet-switching-options analyzer uplink
input {
ingress {
interface ae0.0;
inactive: interface ge-1/1/0.0;
inactive: interface ge-2/1/0.0;
inactive: interface all;
}
egress {
interface ae0.0;
inactive: interface ge-1/1/0.0;
inactive: interface ge-2/1/0.0;
inactive: interface all;
}
}
output {
interface {
ge-0/0/47.0;
}
}
And it isn't just "bit-flipped" or soemthing similar. The values
change, but not completely randomly. I haven't figured out the
pattern yet...
More information about the juniper-nsp
mailing list