[j-nsp] Port-Mirroring on auto-configuration interfaces

Alex D. listensammler at gmx.de
Tue Sep 30 09:18:31 EDT 2014 

Hi guys,

does anybody know if it’s possible to setup a port-mirror for 
autoconfiguration-interfaces or do i need an externel tap device ?
Here’s the configuration of ge-1/0/3 where i would like to see all 
input- and output-traffic (for all VLANs). Dynamic profiles are attached 
below

MX240> show configuration interfaces ge-1/0/3
flexible-vlan-tagging;
auto-configure {
     stacked-vlan-ranges {
         dynamic-profile AUTOVLAN-DEMUX-PROFILE {
             accept any;
             ranges {
                 any,132-132;
                 any,232-232;
                 any,432-432;
                 any,532-532;
             }
         }
         authentication {
             password lab;
             username-include {
                 interface-name;
             }
         }
         access-profile NO-RADIUS-AUTH;
     }
     remove-when-no-subscribers;
}
encapsulation flexible-ethernet-services;

Dynamic profiles:
-----------------------------
AUTOVLAN-DEMUX-PROFILE {
     routing-instances {
         "$junos-routing-instance" {
             interface "$junos-interface-name";
         }
     }
     interfaces {
         demux0 {
             unit "$junos-interface-unit" {
                 demux-source [ inet inet6 ];
                 vlan-tags outer "$junos-stacked-vlan-id" inner 
"$junos-vlan-id";
                 demux-options {
                     underlying-interface "$junos-interface-ifd-name";
                 }
                 family inet {
                     rpf-check fail-filter RPF-PASS-DHCP;
                     unnumbered-address "$junos-loopback-interface";
                 }
                 family inet6 {
                     unnumbered-address "$junos-loopback-interface";
                 }
             }
         }
     }
}

IP-DEMUX-PROFILE {
     routing-instances {
         "$junos-routing-instance" {
             interface "$junos-interface-name" {
                 any;
             }
         }
     }
     interfaces {
         demux0 {
             unit "$junos-interface-unit" {
                 proxy-arp;
                 demux-options {
                     underlying-interface "$junos-underlying-interface";
                 }
                 family inet {
                     demux-source {
                         $junos-subscriber-ip-address;
                     }
                     unnumbered-address "$junos-loopback-interface";
                 }
                 family inet6 {
                     demux-source {
                         "$junos-subscriber-ipv6-multi-address";
                     }
                     unnumbered-address "$junos-loopback-interface";
                 }
             }
         }
     }
     protocols {
         router-advertisement {
             interface "$junos-interface-name" {
                 managed-configuration;
                 other-stateful-configuration;
                 prefix ::/0 {
                     no-on-link;
                     no-autonomous;
                 }
             }
         }
     }
}

Regards,
Alex

More information about the juniper-nsp mailing list