ON THIS PAGE
Configuring Port Mirroring
You use port mirroring to copy packets and send the copies to a device running an application such as a network analyzer or intrusion detection application so that you can analyze traffic without delaying it. We recommend that you disable port mirroring when you are not using it. To avoid creating a performance issue If you do enable port mirroring, we recommend that you select specific input interfaces instead of using the all keyword. You can also limit the amount of mirrored traffic by using a firewall filter.
Configuring a Port Mirroring Instance
To configure port mirroring, you configure a port-mirroring instance and direct traffic to it by using a firewall filter. You do not specify an input for this instance. Instead, you create a firewall filter that specifies the required traffic and directs it to the instance. You also do not specify a name for this instance. (A name is not required because you can create no more than one port mirroring instance.)
To configure port mirroring:
- Configure an IPv4 (family inet) port-mirroring instance.
Configure only the output. For example, enter:
You cannot configure input to this instance.
- Create an IPv4 (family inet) firewall filter using any
of the available match conditions.
In a from term, specify the interfaces that you will apply the filter to—that is, the interfaces for which you want to mirror traffic.
When specifying the interfaces for which you want to mirror traffic, you must specify the unit. For example, enter from interface xe-/0/0/47.0.
In a then term, specify include the action modifier port-mirror.
- Apply the firewall filter to the interfaces:
user@switch# set interfaces interface-name unit 0 family inet filter input filter-name