Specify Port Mirroring Input and Output

This step works in conjunction with the action specified by the port-mirror statement configured at the [edit firewall family inet filter filter-name term term-name then] hierarchy level. At this point, you select input and output statements to determine where the copies of the packets are sent. To configure, include the input and output statements at the [edit forwarding-options port-mirroring] hierarchy level. The traffic to be monitored is copied, port-mirrored, and sent to the packet analyzer for analysis.

The port-mirrored copy of the traffic can travel only to a single next hop. As a result, only one type of analysis can be performed if the packets are sent to a packet analyzer through a physical next hop. If more than one type of analysis is desired, a tunnel interface must be used as the next hop for port mirroring. When the mirrored copy of the traffic arrives at the virtual tunnel interface, it can be filtered, split into groups, and redirected to multiple exit interfaces and packet analyzers.

For your input requirements, include the rate and run-length statements at the [edit forwarding-options port-mirroring input family inet] hierarchy level. For your output requirements, specify the target interface with the interface statement at the [edit forwarding-options sampling output] hierarchy level. By default, a filter cannot be applied to an interface where port-mirrored traffic is received. To allow the Tunnel Services interface to be used as a filtered next hop, include the no-filter-check statement at the [edit forwarding-options port-mirroring output] hierarchy level.

[edit]

forwarding-options {

    port-mirroring {

        input {

            family inet {

                rate 1; 

            }

        }

        output {

            interface vt-0/2/0.0; 

            no-filter-check; 

        } 

    } 

}