Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Defining a Next-Hop Group for Layer 2 Port Mirroring

 

On MX Series routers and EX Series switches, you can mirror tunnel interface input traffic to multiple destinations. To this form of multipacket port mirroring, you specify two or more additional destinations in a next-hop group, define a firewall filter that references the next-hop group as the filter action, and then apply the filter to a logical tunnel interface (lt-) or virtual tunnel interfaces (vt-) on the MX Series router and on an EX Series switch.

Note

This topic describes how to define a next-hop group for Layer 2 port mirroring to multiple destinations. For detailed information about defining a firewall filter for Layer 2 port mirroring to multiple destinations, see Defining a Layer 2 Port-Mirroring Firewall Filter.

To define a next-hop group for a Layer 2 port-mirroring firewall filter action:

  1. Enable configuration of Layer 2 forwarding options.

    • To enable Layer 2 forwarding options at the top level:

    • To enable Layer 2 forwarding options for a routing instance:

  2. Enable configuration of a next-hop-group for Layer 2 port mirroring:

  3. Specify the type of addresses to be used in the next-hop group configuration. By default, the next-hop group is specified using Layer 3 addresses (group-type inet). To specify the next-hop group using Layer 2 addresses instead, you must include the group-type layer-2 statement:

  4. Specify the logical interfaces of the next-hop route (or switch):

    The MX Series router and the EX Series switch supports up to 30 next-hop groups. Each next-hop group supports up to 16 next-hop addresses. Each next-hop group must specify at least two addresses.
  5. Verify the configuration of the next-hop group: