Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Applying Layer 2 Port Mirroring to Traffic Forwarded or Flooded to a VLAN

    You can apply a Layer 2 port-mirroring firewall filter to traffic being forwarded or flooded to a VLAN. Only packets of the specified family type and forwarded or flooded to that VLAN are mirrored.

    Before you begin, complete the following task:

    • Define a Layer 2 port-mirroring firewall filter to be applied to the traffic being forwarded to a VLAN or flooded to a VLAN. For details, see Defining a Layer 2 Port-Mirroring Firewall Filter.

      Note: This configuration task shows two Layer_2 port-mirroring firewall filters: one filter applied to the VLAN forwarding table ingress traffic, and one filter applied to the VLAN flood table ingress traffic.

    To apply a Layer 2 port-mirroring firewall filter to the forwarding table or flood table of a VLAN:

    1. Enable configuration of the VLAN bridge-domain-name to which you want to apply a Layer 2 port-mirroring firewall filter for forwarded or flooded traffic:

      • For a VLAN:

        [edit]user@host# edit bridge-domains bridge-domain-name

      • For a VLAN under a routing instance:

        [edit]user@host# edit routing-instances routing-instance-name bridge-domains bridge-domain-nameuser@host# set instance-type virtual-switch
        For more detailed configuration information, see Configuring a VPLS Routing Instance.

    2. Configure the VLAN:

      [edit]user@host# set domain-type bridgeuser@host# set interface interface-nameuser@host# set routing-interface routing-interface-name
      For more detailed configuration information, see Configuring a Bridge Domain and Configuring VLAN Identifiers for Bridge Domains and VPLS Routing Instances.

    3. Enable configuration of traffic forwarding on the VLAN:

      [edit ... bridge-domains bridge-domain-name]user@host# edit forwarding-options

    4. Apply a Layer 2 port-mirroring firewall filter to the VLAN forwarding table or flood table.

      • To mirror packets being forwarded to the VLAN:

        [edit ... bridge-domains bridge-domain-name forwarding-options]user@host# set filter input pm-filter-for-bd-ingress-forwarded

      • To mirror packets being flooded to the VLAN:

        [edit ... bridge-domains bridge-domain-name forwarding-options]user@host# set flood input pm-filter-for-bd-ingress-flooded

    5. Verify the minimum configuration for applying a Layer 2 port-mirroring firewall filter to the forwarding table or flood table of the VLAN.

      1. Navigate to the hierarchy level at which the VLAN is configured:

        • [edit]
        • [edit routing-instances routing-instance-name]

      2. Display the VLAN configurations:

        user@host# show vlans 
        vlans {vlan-name {instance-type virtual-switch; # For a bridge domain under a routing instance.domain-type bridge;interface interface-name;forwarding-options {filter { # Mirror ingress forwarded trafficinput pm-filter-for-bd-ingress-forwarded;}flood { # Mirror ingress flooded trafficinput pm-filter-for-bd-ingress-flooded;}}}}
     

    Related Documentation

     

    Published: 2013-04-09

    Previous Page Next Page