Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to do port mirroring on J-series and SRX branch devices

0

0

Article ID: KB21833 KB Last Updated: 03 Oct 2011Version: 3.0
Summary:
This article explains how port mirroring feature can be configured on an SRX device.
Symptoms:
Sometimes we may need to examine the traffic on an interface. This can be accomplished by taking a packet capture on the interface or mirroring the interface.
Cause:

Solution:
Step 1: Configure port mirroring in the forwarding options hierarchy:
[edit forwarding-options]

port-mirroring {
    input {
        rate 1;
        run-length 10;
    }
    family inet {
        output {
            interface ge-0/0/1.0 {
                next-hop 2.2.2.1;
            }
        }
    }
}

Step 2: Configure firewall filter to port mirror
[edit firewall]

filter port-mirror {
    term 1 {
        from {
            source-address {
                0.0.0.0/0;
            }
        }
        then {
            port-mirror;
            accept;
        }
    }
}
Step 3: Apply the filter on an interface that is to be mirrored

[edit interfaces]
    ge-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input port-mirror;
                    output port-mirror;
                }
                address 1.1.1.1/24;
            }
        }
    }

The following is a sample configuration for port mirroring.

In this example, a copy of the traffic that that comes into or goes out of the ge-0/0/0 interface can be sent to a monitoring system from ge-0/0/1 interface where it can be captured and analyzed.
system {
    root-authentication {
        encrypted-password "$1$9UsjE5u5$tb1.O6wtCosLwVBEWmsYP."; ## SECRET-DATA
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input port-mirror;
                    output port-mirror;
                }
                address 1.1.1.1/24;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
             family inet {
                 address 2.2.2.2/24;
             }
        }
    }
}
forwarding-options {
    port-mirroring {
        input {
            rate 1;
            run-length 10;
        }
        family inet {
            output {
                interface ge-0/0/1.0 {
                    next-hop 2.2.2.1;
                }
            }
        }
   }
}
security {
    policies {
        default-policy {
            permit-all;
        }
    }
    zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                all;
            }
        }
    }
}
firewall {
    filter port-mirror {
        term 1 {
            from {
                source-address {
                    0.0.0.0/0;
                }
            }
            then {
                port-mirror;
                    accept;
            }
        }
    }
}
Note: Port mirroring with ethernet-switching is not supported.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search