Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Applying Layer 2 Port Mirroring to Traffic Forwarded or Flooded to a Bridge Domain

    You can apply a Layer 2 port-mirroring firewall filter to traffic being forwarded or flooded to a bridge domain. Only packets of the specified family type and forwarded or flooded to that bridge domain are mirrored.

    Before you begin, complete the following task:

    • Define a Layer 2 port-mirroring firewall filter to be applied to the traffic being forwarded to a bridge domain or flooded to a bridge domain. For details, see Defining a Layer 2 Port-Mirroring Firewall Filter.

      Note: This configuration task shows two Layer_2 port-mirroring firewall filters: one filter applied to the bridge domain forwarding table ingress traffic, and one filter applied to the bridge domain flood table ingress traffic.

    To apply a Layer 2 port-mirroring firewall filter to the forwarding table or flood table of a bridge domain:

    1. Enable configuration of the bridge domain bridge-domain-name to which you want to apply a Layer 2 port-mirroring firewall filter for forwarded or flooded traffic:

      • For a bridge domain:

        [edit]user@host# edit bridge-domains bridge-domain-name

      • For a bridge domain under a routing instance:

        [edit]user@host# edit routing-instances routing-instance-name bridge-domains bridge-domain-nameuser@host# set instance-type virtual-switch
        For more detailed configuration information, see Configuring a VPLS Routing Instance.

    2. Configure the bridge domain:

      [edit]user@host# set domain-type bridgeuser@host# set interface interface-nameuser@host# set routing-interface routing-interface-name
      For more detailed configuration information, see Configuring a Bridge Domain and Configuring VLAN Identifiers for Bridge Domains and VPLS Routing Instances.

    3. Enable configuration of traffic forwarding on the bridge domain:

      [edit ... bridge-domains bridge-domain-name]user@host# edit forwarding-options

    4. Apply a Layer 2 port-mirroring firewall filter to the bridge domain forwarding table or flood table.

      • To mirror packets being forwarded to the bridge domain:

        [edit ... bridge-domains bridge-domain-name forwarding-options]user@host# set filter input pm-filter-for-bd-ingress-forwarded

      • To mirror packets being flooded to the bridge domain:

        [edit ... bridge-domains bridge-domain-name forwarding-options]user@host# set flood input pm-filter-for-bd-ingress-flooded

    5. Verify the minimum configuration for applying a Layer 2 port-mirroring firewall filter to the forwarding table or flood table of the bridge domain.

      1. Navigate to the hierarchy level at which the bridge domain is configured:

        • [edit]
        • [edit routing-instances routing-instance-name]

      2. Display the bridge domain configurations:

        user@host# show bridge domains bridge-domains {bridge-domain-name {instance-type virtual-switch; # For a bridge domain under a routing instance.domain-type bridge;interface interface-name;forwarding-options {filter { # Mirror ingress forwarded trafficinput pm-filter-for-bd-ingress-forwarded;}flood { # Mirror ingress flooded trafficinput pm-filter-for-bd-ingress-flooded;}}}}
     

    Related Documentation

     

    Published: 2012-11-26

    Previous Page Next Page