Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Configuring native analyzer port for port-mirroring on EX9200 platforms

0

0

Article ID: KB28604 KB Last Updated: 30 Dec 2013Version: 2.0
Summary:

The EX9200 supports native analyzer port for port mirroring from Junos 13.2 and later releases.

This article describes the configuration requirements in Junos 13.2 to support the port mirroring function.

Symptoms:

The EX9200 Platforms, prior to Junos 13.2, do not support native analyzer port.  This feature is supported  from Junos 13.2, and later releases.

Cause:

Solution:
The configuration syntax is similar to other EX platforms, except that in Junos Release 13.2, a dummy vlan is needed to assign to the analyzer port.

The example below is for mirroring traffic (ingress and egress) from interface ge-2/0/2.0 and the mirrored output is sent to interface ge-2/0/0.0 for collection.
  • Ge-2/0/2.0 (Ingress/Egress) mirror traffic from this port
  • ge-2/0/0.0 mirrored output sent to this port

The following output shows that a vlan is needed for the anayzer port, and without it the configuration check-out will fail:


set interfaces ge-2/0/0 unit 0 family ethernet-switching
set interfaces ge-2/0/2 unit 0 family ethernet-switching vlan members v100
set forwarding-options analyzer jtac input ingress interface ge-2/0/2.0
set forwarding-options analyzer jtac input egress interface ge-2/0/2.0
set forwarding-options analyzer jtac output interface ge-2/0/0.0
set protocols lldp interface all
set vlans v100 vlan-id 100

[edit]
root@helen-dut# commit
[edit interfaces ge-2/0/0 unit 0 family]
'ethernet-switching'
For access interface, please ensure vlan members is configured
error: configuration check-out failed

ADD VLAN TO ANALYZER PORT:

set interfaces ge-2/0/0 unit 0 family ethernet-switching vlan members v200
set vlans v200 vlan-id 200
[edit]
root@helen-dut# commit
commit complete

WORKING CONFIG:

set interfaces ge-2/0/0 unit 0 family ethernet-switching vlan members v200
set interfaces ge-2/0/2 unit 0 family ethernet-switching vlan members v100
set forwarding-options analyzer jtac input ingress interface ge-2/0/2.0
set forwarding-options analyzer jtac input egress interface ge-2/0/2.0
set forwarding-options analyzer jtac output interface ge-2/0/0.0
set protocols lldp interface all
set vlans v100 vlan-id 100
set vlans v200 vlan-id 200

VERIFICATION:

A PC running wireshark is connected to ge-2/0/0 to verify that mirroring is working for ge-2/0/2.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search