Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Examples: Configuring Port Mirroring for Local Analysis

 

Use port mirroring to send traffic to applications that analyze traffic for purposes such as monitoring compliance, enforcing policies, detecting intrusions, monitoring and predicting traffic patterns, correlating events, and so on. Port mirroring copies packets entering or exiting an interface or entering a VLAN and sends the copies to a local interface for local monitoring.

Note

This example uses the Enhanced Layer 2 Software (ELS) configuration style. For ELS details, see Getting Started with Enhanced Layer 2 Software.

This example describes how to configure port mirroring to copy traffic sent by employee computers to a switch to an access interface on the same switch.

Requirements

This example uses the following hardware and software components:

  • Junos OS Release 18.1

  • An NFX Series device

Overview and Topology

This topic includes two related examples that describe how to mirror traffic entering interfaces on the switch to an access interface on the same switch. The first example shows how to mirror all traffic sent by employee computers to the switch. The second example includes a filter to mirror only the employee traffic going to the Web.

In this example, ge-0/0/0 and ge-0/0/1 serve as connections for employee computers. Interface ge-0/0/2 is connected to a device running an analyzer application.

Note

Multiple ports mirrored to one interface can cause buffer overflow and dropped packets.

Figure 1 shows the network topology for this example.

Figure 1: Network Topology for Local Port Mirroring Example
Network
Topology for Local Port Mirroring Example

Example: Mirroring All Employee Traffic for Local Analysis

To configure port mirroring for all traffic sent by employee computers for local analysis, perform the tasks explained in this section.

CLI Quick Configuration

To quickly configure local port mirroring for ingress traffic to the two ports connected to employee computers, copy the following commands and paste them into a switch terminal window:

[edit]
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/2 unit 0 family ethernet-switching
set forwarding-options analyzer employee-monitor input ingress interface ge-0/0/0.0
set forwarding-options analyzer employee-monitor input ingress interface ge-0/0/1.0
set forwarding-options analyzer employee-monitor output interface ge-0/0/2.0

Step-by-Step Procedure

To configure an analyzer called employee-monitor and specify the input (source) interfaces and the output interface:

  1. Configure the interfaces connected to employee computers as input interfaces for the port-mirror analyzer employee-monitor:
    [edit forwarding-options]

    user@switch# set analyzer employee-monitor input ingress interface ge–0/0/0.0

    user@switch# set analyzer employee-monitor input ingress interface ge–0/0/1.0

  2. Configure the output analyzer interface for the employee-monitor analyzer. This will be the destination interface for the mirrored packets:
    [edit forwarding-options]

    user@switch# set analyzer employee-monitor output interface ge-0/0/2.0

Results

Check the results of the configuration: