[j-nsp] Layer 2 port mirroring on MX960

Ben Hammadi, Kayssar (NSN - TN/Tunis) kayssar.ben_hammadi at nsn.com
Thu Jan 10 04:59:22 EST 2013 

Hi, 

  Does junos have the cisco limitation of 2 SPAN session per plateform ?


Br.
Kayssar

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of ext Terry
Jones
Sent: Thursday, January 10, 2013 4:02 AM
To: Sivasankar Subbiah
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Layer 2 port mirroring on MX960

Thank you much Siva,

That does explain the missing bridge option. A lot of the documentation
I
looked at included the bridge option in the 'forwarding-options
port-mirroring' section, but I am using the vpls option with no success.

I didn't post the mirror interface information as I had nothing
configured
under it. After my email, I configured it under 'family bridge
interface-type access' and added the same vlan-id as the monitor port
and I
started seeing traffic. However, I'm not sure that this traffic is being
forwarded traffic from the firewall filter, but rather traffic on the
vlan
as if the interface is in promiscuous mode. Makes me concerned as it
doesn't
seem that I'm seeing all the packets. Also, from the examples and
documentation I've read, it doesn't show configuring the mirror port as
such.

Terry

From:  Sivasankar Subbiah <sivasankar.tce at gmail.com>
Date:  Wednesday, January 9, 2013 3:18 PM
To:  Terry Jones <terry.jones at war-eagle.me>
Cc:  <juniper-nsp at puck.nether.net>
Subject:  Re: [j-nsp] Layer 2 port mirroring on MX960

Hi,

as per the Juniper documentation,

Note: Under the [edit forwarding-options port-mirroring instance
pm-instance-name] hierarchy level, the protocol family statement family
bridge is an alias for family vpls. The CLI displays Layer 2
port-mirroring
configurations as family vpls, even for Layer 2 port-mirroring
configured as
family bridge.


Cheers
Siva

On 9 January 2013 22:44, Terry Jones <terry.jones at war-eagle.me> wrote:
> Greetings All,
> 
> 
> 
> I am trying to get a port mirror working with no success. I want to
> port-mirror ge-1/0/0 interfaces that is interface-type access.
> 
> 
> 
> When I configure the forwarding-options, there is no longer a bridge
> option.only ccc, inet and vpls. Even though not showing, when I
configure
> 'forwarding-options port-mirroring instance wireshark9 family bridge',
it
> takes it, but changes it to 'forwarding-options port-mirroring
instance
> wireshark9 family vpls'.
> 
> 
> 
> The port-mirror output shows down on the output, but I do see the
counters
> increment.
> 
> 
> 
> Any thoughts, ideas or tips would be appreciated.
> 
> 
> 
> tjones at crsw01.cn.sb2# show forwarding-options port-mirroring instance
> wireshark9 | display set
> 
> set forwarding-options port-mirroring instance wireshark9 input rate 1
> 
> set forwarding-options port-mirroring instance wireshark9 family vpls
output
> interface xe-5/2/1.0
> 
> set forwarding-options port-mirroring instance wireshark9 family vpls
output
> no-filter-check
> 
> 
> 
> tjones at crsw01.cn.sb2# show interfaces ge-1/0/0 | display set
> 
> set interfaces ge-1/0/0 unit 0 family bridge filter input wireshark9
> 
> set interfaces ge-1/0/0 unit 0 family bridge filter output wireshark9
> 
> set interfaces ge-1/0/0 unit 0 family bridge interface-mode access
> 
> set interfaces ge-1/0/0 unit 0 family bridge vlan-id 802
> 
> 
> 
> tjones at crsw01.cn.sb2# show firewall family bridge filter wireshark9 |
> display set
> 
> set firewall family bridge filter wireshark9 term 1 then count
wireshark9
> 
> set firewall family bridge filter wireshark9 term 1 then accept
> 
> set firewall family bridge filter wireshark9 term 1 then
> port-mirror-instance wireshark9
> 
> 
> 
> tjones at crsw01.cn.sb2# run show forwarding-options port-mirroring
wireshark9
> 
> Instance Name: wireshark9
> 
>   Instance Id: 11
> 
>   Input parameters:
> 
>     Rate                  : 1
> 
>     Run-length            : 0
> 
>     Maximum-packet-length : 0
> 
>   Output parameters:
> 
>     Family      State     Destination          Next-hop
> 
>     vpls        down      xe-5/2/1.0
> 
> 
> 
> tjones at crsw01.cn.sb2# run show firewall counter wireshark9 filter
wireshark9
> 
> 
> 
> Filter: wireshark9
> 
> Counters:
> 
> Name                                                Bytes
> Packets
> 
> wireshark9                                          80634
> 744
> 
> 
> 
> Thanks,
> 
> Terry
> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list