[j-nsp] Port mirring on MX80 to tagged interface
Chris Wopat
me at falz.net
Fri Mar 14 11:43:03 EDT 2014
I have configured port mirroring on a few MX80s per this document:
http://www.juniper.net/techpubs/en_US/junos11.4/topics/usage-guidelines/services-configuring-port-mirroring.html
Things worked fine for a few days. One morning the interfaces that are
mirrored began to exhibit odd behavior, troubleshooting showed that it
was actually repeating packets for those interfaces back to the same
interface, as well as towards the mirrored port. I adjusted filter to
be input only, no change.
This happened on one specific MX where I'm mirroring not to a physical
interface, but to a unit w/ a vlan tag. This is operating fine on
another MX80 with same Junos version.
Curious if anyone has run in to this before? Thought I'd ask before
poking JTAC. MX80, 11.4R7.5.
Relevant config portions:
============================================
> show configuration firewall filter PORT-MIRROR
term 1 {
then {
count PORT-MIRROR;
port-mirror;
accept;
}
}
> show configuration forwarding-options port-mirroring
input {
rate 100;
run-length 1;
}
family inet {
output {
interface ge-1/1/9.4001 {
next-hop 10.255.255.2;
}
no-filter-check;
}
}
> show configuration interfaces ge-1/1/9.4001
vlan-id 4001;
family inet {
address 10.255.255.1/30 {
arp 10.255.255.2 mac 02:c1:f0:1f:f7:04;
}
}
> show configuration interfaces ge-1/1/1 unit 0 family inet filter
input PORT-MIRROR;
output PORT-MIRROR;
> show configuration interfaces ge-1/1/2 unit 0 family inet filter
input PORT-MIRROR;
output PORT-MIRROR;
============================================
--Chris
More information about the juniper-nsp
mailing list