[j-nsp] EX4200 egress analyzer (mirror) bogus 802.1Q tags

Alexandre Snarskii snar at snar.spb.ru
Thu Mar 25 04:35:39 EDT 2010 

On Wed, Mar 24, 2010 at 06:37:58PM -0400, Chuck Anderson wrote:
> EX4200
> JUNOS 10.1R1.8
> 
> Anyone else notice that packets captured by an egress analyzer have 
> bogus 802.1Q tags?  Originally I thought that egress mirroring was 

http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42111.html#rn-junos-ex-limitations

On EX3200 and EX4200 switches, when port mirroring is configured on any 
interface, the mirrored packets leaving a tagged interface might contain 
an incorrect VLAN ID. 


> broken because I saw no output when filtering on what I thought was 
> the correct VLAN ID like this:
> 
> tcpdump -i eth1 -n -s0 -e -v vlan 123
> 
> but in fact after trying every combination and doing no filtering:
> 
> tcpdump -i eth1 -n -s0 -e -v -w test.pcap
> 
> and looking in Wireshark, I have verified that ingress/egress works 
> using individual input interfaces, multiple input interfaces, all 
> input interfaces, ae0 input interface, ingress only, egress only, 
> both, etc. but it is just that any packets that are captured in the 
> egress direction have bogus 802.1Q tags.  Ingress packets are always 
> fine.  Untagged packets are always fine too (of course there is no tag 
> to mess up).
> 
> foo at bar> show configuration ethernet-switching-options analyzer uplink
> input {
>     ingress {
>         interface ae0.0;
>         inactive: interface ge-1/1/0.0;
>         inactive: interface ge-2/1/0.0;
>         inactive: interface all;
>     }
>     egress {
>         interface ae0.0;
>         inactive: interface ge-1/1/0.0;
>         inactive: interface ge-2/1/0.0;
>         inactive: interface all;
>     }
> }
> output {
>     interface {
>         ge-0/0/47.0;
>     }
> }
> 
> And it isn't just "bit-flipped" or soemthing similar.  The values 
> change, but not completely randomly.  I haven't figured out the 
> pattern yet...
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list