[j-nsp] EX4200 egress analyzer (mirror) bogus 802.1Q tags

[Chuck Anderson]

EX4200
JUNOS 10.1R1.8

Anyone else notice that packets captured by an egress analyzer have 
bogus 802.1Q tags?  Originally I thought that egress mirroring was 
broken because I saw no output when filtering on what I thought was 
the correct VLAN ID like this:

tcpdump -i eth1 -n -s0 -e -v vlan 123

but in fact after trying every combination and doing no filtering:

tcpdump -i eth1 -n -s0 -e -v -w test.pcap

and looking in Wireshark, I have verified that ingress/egress works 
using individual input interfaces, multiple input interfaces, all 
input interfaces, ae0 input interface, ingress only, egress only, 
both, etc. but it is just that any packets that are captured in the 
egress direction have bogus 802.1Q tags.  Ingress packets are always 
fine.  Untagged packets are always fine too (of course there is no tag 
to mess up).

foo at bar> show configuration ethernet-switching-options analyzer uplink
input {
    ingress {
        interface ae0.0;
        inactive: interface ge-1/1/0.0;
        inactive: interface ge-2/1/0.0;
        inactive: interface all;
    }
    egress {
        interface ae0.0;
        inactive: interface ge-1/1/0.0;
        inactive: interface ge-2/1/0.0;
        inactive: interface all;
    }
}
output {
    interface {
        ge-0/0/47.0;
    }
}

And it isn't just "bit-flipped" or soemthing similar.  The values 
change, but not completely randomly.  I haven't figured out the 
pattern yet...