Specify Sampling Input and Port Mirroring

This step works in conjunction with the action specified by the sample statement configured at the [edit firewall family inet filter filter-name term term-name then] hierarchy level. At this point, you select sampling input and output statements to determine where the copies of the packets are sent. To configure, include the input and output statements at the [edit forwarding-options sampling] hierarchy level. The traffic to be monitored is copied, port-mirrored, and sent to the packet analyzer for analysis.

The port-mirrored copy of the traffic can travel only to a single next hop. As a result, only one type of analysis can be performed if the packets are sent to a packet analyzer through a physical next hop. If more than one type of analysis is desired, a Tunnel PIC interface must be used as the next hop for port mirroring. When the mirrored copy of the traffic arrives at the virtual tunnel interface, it can be filtered, split into groups, and redirected to multiple exit interfaces and packet analyzers.

For your input requirements, include the rate and run-length statements at the [edit forwarding-options sampling input family inet] hierarchy level. For your output requirements, enable port mirroring at the [edit forwarding-options sampling output] hierarchy level. By default, a filter cannot be applied to an interface where port mirrored traffic is received. To allow the Tunnel PIC interface to be used as a filtered next hop, include the no-filter-check and interface statements at the [edit forwarding-options sampling output port-mirroring] hierarchy level.

[edit]

forwarding-options {

    sampling {

        input {

            family inet {

                rate 1; 

                run-length 1;

            }

        }

        output {

            port-mirroring {

                interface vt-0/2/0.0; 

                no-filter-check; 

            } 

        } 

    } 

}