[j-nsp] MX80 port-mirror config

David Lockuan dlockuan at gmail.com
Sat May 31 14:16:16 EDT 2014 

Hi Mattew,

You are using port-mirror for layer3 traffic (in your filter you are using
family inet) , if you want to do mirroring to layer2 traffic, you need to
use bridge-domain and put the filter in the family bridge.

In the next link, you can check differents type of layer2 mirroring.

http://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/layer-2-services-port-mirroring-application.html

I hope to help you.

Best regards,

---
David


On Sat, May 31, 2014 at 11:15 AM, Matthew Crocker <matthew at corp.crocker.com>
wrote:

>
>
> Hello,
>
>  I’m trying to setup a port-mirror to see the traffic in/out on a XE
> interface of my MX80.  The port-mirror is working but it is only showing
> layer 3, not layer 2 data.    I would like to be able to see the VLAN & MAC
> addresses used in the original packets.  Right now the Ethernet frame info
> is Juniper -> Wireshark
>
> Anyone know what I can do to make this show all the data?
>
> interface ge-1/3/3 {
> description "Wireshark port-mirror destination";
> enable;
> mtu 9192;
> unit 0 {
>     family inet {
>         address 192.168.10.10/24;
>     }
> }
>
> interfaces xe-0/0/2 {
> enable;
> flexible-vlan-tagging;
> mtu 9192;
> unit 1155 {
>     vlan-id 1155;
>     family inet {
>         filter {
>             input port-mirror;
>             output port-mirror;
>         }
>         address A.B.C.D/25;
>     }
> }
>
> port-mirroring {
>     input {
>         rate 1;
>         maximum-packet-length 9216;
>     }
>     family inet {
>         output {
>             interface ge-1/3/3.0 {
>                 next-hop 192.168.10.2;   <— IP of linux machine running
> tcpdump/wireshark
>             }
>         }
>     }
> }
>
> firewall {
> family inet {
>   filter port-mirror {
>         term pcap {
>             then {
>                 port-mirror;
>                 accept;
>             }
>         }
>     }
> }
>
>
>
> --
> Matthew S. Crocker
> President
> Crocker Communications, Inc.
> PO BOX 710
> Greenfield, MA 01302-0710
>
> E: matthew at crocker.com
> P: (413) 746-2760
> F: (413) 746-3704
> W: http://www.crocker.com
>
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list