[Contents] [Prev] [Next] [Index] [Report an Error]

Applying a Layer 2 Port-Mirroring Filter to a Logical Interface

If you apply a Layer 2 port-mirroring firewall filter to a logical interface, only packets received on that logical interface are mirrored. To apply a port-mirroring firewall filter to an input or output logical interface, include the input or output statement at the [edit interfaces interface-name unit logical-unit-number family (bridge | vpls) filter] hierarchy level.

If the filter is to be evaluated when packets are received on the interface, include the input filter-name statement.
If the filter is to be evaluated when packets are sent on the interface, include the output filter-name statement.

Note: A port-mirroring firewall filter can also be applied to an aggregated-Ethernet logical interface.



[edit]
interfaces {



interface-name {
vlan-tagging;
encapsulation extended-vlan-bridge;


unit number { # Apply a filter to
the input of this interface

vlan-id number;


family (bridge | vpls) {


filter {
input pm-filter-name-a;
}


}


}




unit number { # Apply a filter to
the output of this interface 

vlan-id number;


family (bridge | vpls) {


filter {
output pm-filter-name-b;
}


}


}


}


}

If port-mirroring firewall filters are applied at both the input and output of a logical interface, two copies of each packet are mirrored. To prevent the router from forwarding duplicate packets to the same destination, include the optional mirror-once statement at the [edit forwarding-options] hierarchy level.

[Contents] [Prev] [Next] [Index] [Report an Error]