    Configuring the Global Instance of Layer 2 Port Mirroring

    On an MX Series router, you can configure a set of Layer 2 port-mirroring properties that implicitly apply to packets received on all ports in the router chassis.

    To configure the global instance of Layer 2 port mirroring on an MX Series router:

    1. Enable configuration of the Layer 2 port mirroring:

      user@host# edit forwarding-options port-mirroring
    2. Enable configuration of the packet-selection properties:

      [edit forwarding-options port-mirroring]
      user@host# edit input
    3. Specify global-level packet-selection properties.

      1. Specify the number of packets to select:

        [edit forwarding-options port-mirroring input]
        user@host# set rate number
        The valid range is 1 through 65535.
      2. Specify the number of packets to mirror from each selection:

        [edit forwarding-options port-mirroring input]
        user@host# set run-length number
        The valid range is 0 through 20. The default value is 0.
      3. Specify the length to which mirrored packets are to be truncated:

        [edit forwarding-options port-mirroring input]
        user@host# set maximum-packet-length number
        For MX-Series devices with Modular Port Concentrators (MPCs), port-mirrored or sampled packets can be truncated (or clipped) to any length in the range of 1 to 255 bytes. Only 1 to 255 are valid values for packet truncation on these devices. For other devices, the range is from 0 to 9216. A maximum-packet-length value of zero represents that truncation is disabled, and the entire packet is mirrored or sampled.
    4. Specify the global-level Layer 2 address-type family from which traffic is to be selected for mirroring:

      [edit forwarding-options port-mirroring input]
      user@host# up
      [edit forwarding-options port-mirroring]
      user@host# edit family family
      The value of the family option can be bridge, ccc, or vpls.

      Note: Under the [edit forwarding-options port-mirroring] hierarchy level, the protocol family statement family bridge is an alias for family vpls. The command-line interface (CLI) displays Layer 2 port-mirroring configurations as family vpls, even for Layer 2 port-mirroring configured as family bridge. Use family bridge when the physical interface is configured with encapsulation ethernet-bridge.

    5. Enable configuration of global-level mirror destination properties for this address family:

      [edit forwarding-options port-mirroring family family]
      user@host# edit output
    6. Specify global-level mirror destination properties for this address family.

      1. Specify the physical interface on which to send the mirrored packets:

        [edit forwarding-options port-mirroring family family output]
        user@host# set interface interface-name
        You can also specify an integrated routing and bridging (IRB) interface as the output interface.
      2. (Optional) Allow configuration of filters on the destination interface for the named port-mirroring instance:

        [edit forwarding-options port-mirroring family family output]
        user@host# set no-filter-check
    7. (Optional) Specify that any packets selected for mirroring are to be mirrored only once to any mirroring destination:

      [edit forwarding-options port-mirroring family family output]
      user@host# up 2
      [edit forwarding-options port-mirroring]
      user@host# set mirror-once

      Tip: Enable the mirror-once option when an MX Series router is configured to perform Layer 2 port mirroring at both ingress and egress interfaces, which could result in sending duplicate packets to the same destination (which would complicate the analysis of the mirrored traffic).

    8. Verify the minimum configuration of the global instance of Layer 2 port mirroring:

      [edit forwarding-options ... ]
      user@host# top
      user@host# show forwarding-options
      forwarding-options {
      port-mirroring {
      input { # Global packet-selection properties.
      maximum-packet-length number; # Default is 0.
      rate number;
      run-length number;
      family (ccc | vpls) { # Address- type ’bridge’ displays as ’vpls’.
      output { # Global mirror destination properties.
      interface interface-name;
      no-filter-check; # Optional. Allow filters on interface.
      mirror-once; # Optional. Mirror destinations do not receive duplicate packets.

    Modified: 2017-09-13