[j-nsp] Layer 2 port mirroring on MX960

Sivasankar Subbiah sivasankar.tce at gmail.com
Thu Jan 10 07:37:08 EST 2013 

Hi ,

I have no exact idea about the number of instances you can configure in
each platform(juniper).but i read it is 2 instances on mx960 on the same
ports;only 1 instance at global level.

Any experts please confirm the number of port-mirroring instances on
juniper devices or atleast on mx960.?


Cheers
Siva

On 10 January 2013 09:59, Ben Hammadi, Kayssar (NSN - TN/Tunis) <
kayssar.ben_hammadi at nsn.com> wrote:

> Hi,
>
>   Does junos have the cisco limitation of 2 SPAN session per plateform ?
>
>
> Br.
> Kayssar
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of ext Terry
> Jones
> Sent: Thursday, January 10, 2013 4:02 AM
> To: Sivasankar Subbiah
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Layer 2 port mirroring on MX960
>
> Thank you much Siva,
>
> That does explain the missing bridge option. A lot of the documentation
> I
> looked at included the bridge option in the 'forwarding-options
> port-mirroring' section, but I am using the vpls option with no success.
>
> I didn't post the mirror interface information as I had nothing
> configured
> under it. After my email, I configured it under 'family bridge
> interface-type access' and added the same vlan-id as the monitor port
> and I
> started seeing traffic. However, I'm not sure that this traffic is being
> forwarded traffic from the firewall filter, but rather traffic on the
> vlan
> as if the interface is in promiscuous mode. Makes me concerned as it
> doesn't
> seem that I'm seeing all the packets. Also, from the examples and
> documentation I've read, it doesn't show configuring the mirror port as
> such.
>
> Terry
>
> From:  Sivasankar Subbiah <sivasankar.tce at gmail.com>
> Date:  Wednesday, January 9, 2013 3:18 PM
> To:  Terry Jones <terry.jones at war-eagle.me>
> Cc:  <juniper-nsp at puck.nether.net>
> Subject:  Re: [j-nsp] Layer 2 port mirroring on MX960
>
> Hi,
>
> as per the Juniper documentation,
>
> Note: Under the [edit forwarding-options port-mirroring instance
> pm-instance-name] hierarchy level, the protocol family statement family
> bridge is an alias for family vpls. The CLI displays Layer 2
> port-mirroring
> configurations as family vpls, even for Layer 2 port-mirroring
> configured as
> family bridge.
>
>
> Cheers
> Siva
>
> On 9 January 2013 22:44, Terry Jones <terry.jones at war-eagle.me> wrote:
> > Greetings All,
> >
> >
> >
> > I am trying to get a port mirror working with no success. I want to
> > port-mirror ge-1/0/0 interfaces that is interface-type access.
> >
> >
> >
> > When I configure the forwarding-options, there is no longer a bridge
> > option.only ccc, inet and vpls. Even though not showing, when I
> configure
> > 'forwarding-options port-mirroring instance wireshark9 family bridge',
> it
> > takes it, but changes it to 'forwarding-options port-mirroring
> instance
> > wireshark9 family vpls'.
> >
> >
> >
> > The port-mirror output shows down on the output, but I do see the
> counters
> > increment.
> >
> >
> >
> > Any thoughts, ideas or tips would be appreciated.
> >
> >
> >
> > tjones at crsw01.cn.sb2# show forwarding-options port-mirroring instance
> > wireshark9 | display set
> >
> > set forwarding-options port-mirroring instance wireshark9 input rate 1
> >
> > set forwarding-options port-mirroring instance wireshark9 family vpls
> output
> > interface xe-5/2/1.0
> >
> > set forwarding-options port-mirroring instance wireshark9 family vpls
> output
> > no-filter-check
> >
> >
> >
> > tjones at crsw01.cn.sb2# show interfaces ge-1/0/0 | display set
> >
> > set interfaces ge-1/0/0 unit 0 family bridge filter input wireshark9
> >
> > set interfaces ge-1/0/0 unit 0 family bridge filter output wireshark9
> >
> > set interfaces ge-1/0/0 unit 0 family bridge interface-mode access
> >
> > set interfaces ge-1/0/0 unit 0 family bridge vlan-id 802
> >
> >
> >
> > tjones at crsw01.cn.sb2# show firewall family bridge filter wireshark9 |
> > display set
> >
> > set firewall family bridge filter wireshark9 term 1 then count
> wireshark9
> >
> > set firewall family bridge filter wireshark9 term 1 then accept
> >
> > set firewall family bridge filter wireshark9 term 1 then
> > port-mirror-instance wireshark9
> >
> >
> >
> > tjones at crsw01.cn.sb2# run show forwarding-options port-mirroring
> wireshark9
> >
> > Instance Name: wireshark9
> >
> >   Instance Id: 11
> >
> >   Input parameters:
> >
> >     Rate                  : 1
> >
> >     Run-length            : 0
> >
> >     Maximum-packet-length : 0
> >
> >   Output parameters:
> >
> >     Family      State     Destination          Next-hop
> >
> >     vpls        down      xe-5/2/1.0
> >
> >
> >
> > tjones at crsw01.cn.sb2# run show firewall counter wireshark9 filter
> wireshark9
> >
> >
> >
> > Filter: wireshark9
> >
> > Counters:
> >
> > Name                                                Bytes
> > Packets
> >
> > wireshark9                                          80634
> > 744
> >
> >
> >
> > Thanks,
> >
> > Terry
> >
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list