Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Flow Mirroring on ACX5000 Series Routers

    This section shows the various methods to configure flow mirroring on ACX5000 line of routers.

    The following are the various methods to configure flow mirroring on ACX5000 line of routers:

    Configure flow mirroring for the ethernet-switching family and specify Layer 2 logical interface as the output.

    1. Configure the output as logical interface.
      [edit forwarding-options]
      port-mirroring {family ethernet-switching {output {interface logical-interface-name;}}}
    2. Configure the firewall filter and specify the action as mirror.
      [edit firewall]
      family ethernet-switching {filter filter-name {term rule-name {from {match-conditions;}then port-mirror;}}}
    3. Attach the firewall filter to the logical interface.
      [edit interfaces]
      interface-name {unit interface-unit-number {family ethernet-switching {filter {input filter-name;}vlan-id number;encapsulation vlan-bridge;}}}

    Configure flow mirroring for the ethernet-switching family and specify a VLAN (VLAN name or VLAN ID) as the output.

    1. Configure the output as VLAN (VLAN name or VLAN ID).
      [edit forwarding-options]
      port-mirroring {family ethernet-switching {output {vlan vlan-name;}}}
    2. Configure the firewall filter and specify the action as mirror.
      [edit firewall]
      family ethernet-switching {filter filter-name {term rule-name {from {match-conditions;}then port-mirror;}}}
    3. Attach the firewall filter to the VLAN.
      [edit interfaces]
      interface-name {unit interface-unit-number {family ethernet-switching {filter {input filter-name;}vlan-id number;encapsulation vlan-bridge;}}}

    Configure flow mirroring with a no-tag option.

    1. Configure the input as VLAN (VLAN name or VLAN ID) and output as VLAN without any additional VLAN (bridge domain) tag. In this method, the mirrored packet will not have any VLAN tags associated with the packet.
      [edit forwarding-options]
      port-mirroring {family ethernet-switching {output {vlan vlan-name; {no-tag;}}}}
    2. Configure the firewall filter and specify the action as mirror or mirroring instance.
      [edit firewall]
      family ethernet-switching {filter filter-name {term rule-name {from {match-conditions;}then (port-mirror | port-mirror-instance instance-name);}}}
    3. Attach the firewall filter to the VLAN.
      [edit interfaces]
      interface-name {unit interface-unit-number {family ethernet-switching {filter {input filter-name;}vlan-id number;encapsulation vlan-bridge;}}}

    Configure flow mirroring for the inet family and specify the next-hop IP address as the output.

    1. Configure the output as the next-hop IP address.
      [edit forwarding-options]
      port-mirroring {family inet {output {ip-address ip-address;}}}
    2. Configure the firewall filter and specify the action as mirror.
      [edit firewall]
      family inet {filter filter-name {term rule-name {from {match-conditions;}then port-mirror;}}}
    3. Attach the firewall filter to the IP address of the packets in the inet family.
      [edit interfaces]
      interface-name {unit interface-unit-number {vlan-id number;family inet {ip-address ip-address; filter {input filter-name;}}}}
     

    Related Documentation

     

    Modified: 2017-01-24

    Previous Page Next Page