Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] Example - Enabling redundant port mirroring to send mirrored packets to two servers simultaneously

0

0

Article ID: KB31763 KB Last Updated: 20 Aug 2018Version: 2.0
Summary:

Some customers may request to simultaneously send port-mirrored traffic to two analyzing/sniffing servers that connect to two switches, for recording. The purpose of this setup is to mirror packets that traverse two EX4300 switches to reach two servers that connect to port ge-0/0/13, respectively, on the switches at the same time.

This article uses an example (server 1 and server 2 that connect to port ge-0/0/13 on EX4300-1 and EX4300-2, respectively) to demonstrate this setup.

Note: The traffic being mirrored is within a VLAN.

 

Solution:

Topology

 

 

Explanation

  • 10.1.1.1/24 and 10.1.1.2/24 are two clients that connect to 2x EX4300 switches (EX4300-1 and EX4300-2), which are located within the same VLAN.

  • Ports xe-0/2/0 and xe-0/0/32 are trunk ports on the two EX4300 switches.

  • Ports ge-0/0/20 and ge-0/0/21 on the two switches are connected by a physical RJ45 cable in order to form physical loops.

  • Ports ge-0/0/13 on both the switches connect to sniffing or analyzing servers, respectively.

  • VLAN 100 is used for normal traffic, such as Internet Control Message Protocol (ICMP) in this example.

  • VLAN 901 is used to flood mirrored packets to the two servers on both the switches.

 

Commands

 
EX4300-1
 
  1. Map ge-0/0/11 to VLAN 100 to receive normal traffic.
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members v100
  1. Configure ge-0/0/13 as "trunk" and allow VLAN 901 to send flooded mirrored traffic to server 1.
set interfaces ge-0/0/13 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members v901
  1. Map ge-0/0/20 to VLAN 901 to receive mirrored traffic.
set interfaces ge-0/0/20 unit 0 family ethernet-switching vlan members v901
  1. Port ge-0/0/21 need not be mapped to any VLANs.
set interfaces ge-0/0/21 unit 0 family ethernet-switching
  1. Configure xe-0/2/0 as "trunk" and allow VLAN 100 and VLAN 901 to send flooded mirrored traffic to server 2 and allow normal ICMP traffic simultaneously.
set interfaces xe-0/2/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/2/0 unit 0 family ethernet-switching vlan members v100
set interfaces xe-0/2/0 unit 0 family ethernet-switching vlan members v901
  1. Set up the necessary VLANs.
set vlans v100 vlan-id 100
set vlans v100 l3-interface irb.100
set vlans v901 vlan-id 901
  1. Disable MAC learning on VLAN 901 in order to enable flooding of mirrored traffic.
set vlans v901 switch-options no-mac-learning
  1. Enable Analyzer to send mirrored traffic to ge-0/0/21.
set forwarding-options analyzer RSPAN_Test input ingress interface ge-0/0/11.0
set forwarding-options analyzer RSPAN_Test input egress interface ge-0/0/11.0
set forwarding-options analyzer RSPAN_Test output interface ge-0/0/21.0
  1. Disable Rapid Spanning Tree Protocol (RSTP) on both ge-0/0/20 and ge-0/0/21 (looped interfaces).
set protocols rstp interface ge-0/0/20 disable
set protocols rstp interface ge-0/0/21 disable
 
EX4300-2
 
  1. Map ge-0/0/11 to VLAN 100 to receive normal traffic.
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members v100
  1. Configure ge-0/0/13 as "trunk" and allow VLAN 901 to send flooded mirrored traffic to server 2.
set interfaces ge-0/0/13 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members v901
  1. Map ge-0/0/20 to VLAN 901 to receive mirrored traffic.
set interfaces ge-0/0/20 unit 0 family ethernet-switching vlan members v901
  1. Port ge-0/0/21 need not be mapped to any VLANs.
set interfaces ge-0/0/21 unit 0 family ethernet-switching
  1. Configure xe-0/0/32 as "trunk" and allow VLAN 100 and VLAN 901 to send flooded mirrored traffic to server 2 and allow normal ICMP traffic simultaneously.
set interfaces xe-0/0/32 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/32 unit 0 family ethernet-switching vlan members v100
set interfaces xe-0/0/32 unit 0 family ethernet-switching vlan members v901
  1. Set up the necessary VLANs.
set vlans v100 vlan-id 100
set vlans v100 l3-interface irb.100
set vlans v901 vlan-id 901
  1. Disable MAC learning on VLAN 901 in order to enable flooding of mirrored traffic.
set vlans v901 switch-options no-mac-learning
  1. Enable Analyzer to send mirrored traffic to ge-0/0/21.
set forwarding-options analyzer RSPAN_Test input ingress interface ge-0/0/11.0
set forwarding-options analyzer RSPAN_Test input egress interface ge-0/0/11.0
set forwarding-options analyzer RSPAN_Test output interface ge-0/0/21.0
  1. Disable RSTP on both ge-0/0/20 and ge-0/0/21.
set protocols rstp interface ge-0/0/20 disable
set protocols rstp interface ge-0/0/21 disable

 

Modification History:

2018-08-20: Re-organized step 1 and 2 in Solution section

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search