Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Layer 2 Port Mirroring with Multiple Instances

    Because you can configure more than one port-mirroring instance, care is required when specifying which instance is meant. This topic contains the following information:

    Example: Configuring Multiple Instances of Layer 2 Port Mirroring

    This configuration example illustrates the configuration of Layer 2 port mirroring at the physical interfaces associated with FPC 2, PIC 0 and at two logical interfaces on one of those ports.

    At the physical interface levels of the router (or switch) chassis, two named instances of port mirroring are configured and then bound to the group of physical ports associated with FPC 2, PIC 0.

    At two of the logical interfaces on physical interface ge-2/0/1, two Layer 2 port-mirroring firewall filters are applied to the input traffic. One filter explicitly references the port mirroring properties specified in one of the named instances of port mirroring. The other filter implicitly references the port mirroring properties in effect on the underlying physical interface ge-2/0/1.

    The resulting configuration is an example of the relationships that can exist between multiple instances of Layer 2 port mirroring applied to an MX Series router or an EX Series switch.

    1. Configure two named instances of Layer 2 port mirroring (pm_instance_1 and pm_instance_2), and include mirror destination properties for VLAN traffic (family ethernet-switching):

      [edit]
      forwarding-options { port-mirroring { instance { pm_instance_1 { input { ... packet-selection-properties-configuration ... } family ethernet-switching { ... mirror-destination-properties-configuration ... } } pm_instance_2 { input { ... packet-selection-properties-configuration ... } family ethernet-switching { ... mirror-destination-properties-configuration ... } } } } }

      Note: In this example, no global port-mirroring properties are configured on the router (or switch).

    2. Apply the Layer 2 port mirroring instances to the same group of ports in the router (or switch) chassis. In this example, the named instances of Layer 2 port mirroring are applied to the same group of physical interfaces specified at the PIC level of the chassis:

      [edit]
      chassis { fpc 2 { pic 0 { port-mirror-instance pm_instance_1; port-mirror-instance pm_instance_2; } } }
      Note that, in this example, two named instances of Layer 2 port mirroring are bound to the PIC level of the chassis at the same group of ports.
    3. Configure two Layer 2 port-mirroring firewall filters, both for VLAN traffic and with one of the filters explicitly referencing one of the named instances of Layer 2 port mirroring:

      • Configure the filter pm_filter_1 to use the Layer 2 port-mirroring properties configured in the named port-mirroring instance pm_instance_1. To refer to the Layer 2 port mirroring properties configured in a particular named instance of port mirroring, use the port-mirror-instance port-mirroring-instance-name statement.
      • Configure the filter pm_filter_2 to use the Layer 2 port mirroring properties in effect on the underlying physical interface of the logical interface to which the filter is applied. To refer to the Layer 2 port mirroring properties in effect on the underlying physical interface, use the port-mirror statement. If two instances of port mirroring are bound to that port, then the firewall filter uses the first instance bound within the [edit chassis fpc slot-number] or [edit chassis fpc slot-number pic slot-number] hierarchy level.
      [edit]
      firewall { family ethernet-switching { filter pm_filter_1 { term pm { then port-mirror-instance pm_instance_1; } } filter pm_filter_2 { term pm { then port-mirror; } } } }

      Note: Because the port-mirror filter action modifier relies on the port-mirroring properties defined at the [edit forwarding-options port-mirroring] hierarchy level, the port-mirror filter action is not supported for logical systems.

    4. Apply the two Layer 2 port-mirroring firewall filters to logical interfaces on interface ge-2/0/1:

      [edit]
      interfaces { ge-2/0/1 { flexible-vlan-tagging; encapsulation ethernet-bridge; unit 0 { vlan-id 201; family ethernet-switching { filter { # Explicitly references a named instance of port mirroring. input pm_filter_1; } } } unit 1 { vlan-id 202; family ethernet-switching { filter { # Implicitly references the underlying port mirroring. input pm_filter_2; } } } } }

    Explicit Reference of a Port Mirroring Instance

    On logical interface ge-2/0/1.0, the port-mirror-instance statement explicitly references the Layer 2 port mirroring properties in the named instance pm_instance_1. In this example, the port mirroring properties specified in pm_instance_1 remain in effect at logical interface ge-2/0/1.0 under the following conditions:

    • The firewall filter pm_filter_1 remains configured (as shown in step 3).
    • The named instance pm_instance_1 remains configured (as shown in step 1).

    Even if the named instance pm_instance_1 is no longer configured or no longer bound to the router (or switch) chassis at FPC 2, PIC 0, the port mirroring properties specified in pm_instance_1 remain in effect at logical interface fe-2/0/1.0 through firewall filter pm_filter_1.

    Implicit Reference of Port Mirroring on the Underlying Physical Interface

    On logical interface ge-2/0/1.1, the port-mirror statement implicitly references the Layer 2 port mirroring properties in effect at the underlying physical interface ge-2/0/1. In this example, the port mirroring properties specified in pm_instance_2 remain in effect at the ports associated with FPC 2, PIC 0 under the following conditions:

    • The firewall filter pm_filter_2 remains configured (as shown in step 3).
    • The named instance pm_instance_2 remains configured (as shown in step 1).
    • The named instance pm_instance_2 remains bound to the router (or switch) chassis at FPC 2, PIC 0 (as shown in step 2).

    If you disable the named instance pm_instance_2 or delete its binding to the physical ports associated with FPC 2, PIC 0, then—if global Layer 2 port mirroring properties had been configured—the global port mirroring properties would be used at logical interface ge-2/0/1.1 through firewall filter pm_filter_2.

    Note: There is a limitation to a Layer 2 port mirroring firewall filter in which you implicitly reference Layer 2 port mirroring properties by including the port-mirror statement. If multiple named instances of Layer 2 port mirroring are bound to the underlying physical interface, then only the first binding in the stanza (or the only binding) is used at the logical interface. This is done mainly for backward compatibility.

    In the example above, filter pmff_bd_filter_2 uses the port-mirror statement, and so the filter action uses the mirroring properties of the first port mirroring instance applied to the router (or switch) chassis at the [edit chassis fpc 2 pic 0] hierarchy level, which is the instance pm_instance_1.

    Modified: 2015-06-01