• Supported Platforms
• M Series
• MX Series
• T Series

• Related Topics
• Layer 2 Port Mirroring Overview
• Restrictions on Layer 2 Port Mirroring
• Application of Layer 2 Port Mirroring Types

Layer 2 Port Mirroring Properties

Packet-Selection Properties

The packet-selection properties of Layer 2 port-mirroring specify how the sampled packets are to be selected for mirroring:

• The number of packets in each sample.
• The number of packets to mirror from each sample.
• The length to which mirrored packets are to be truncated.

Packet Address Family

The packet address family type specifies the type of traffic to be mirrored. In a Layer 2 environment, MX Series routers support port mirroring for the following packet address families:

• Family type bridge—For mirroring VPLS traffic when the physical interface is configured with encapsulation type ethernet-bridge.
• Family type ccc—For mirroring Layer 2 VPN traffic.
• Family type vpls—For mirroring VPLS traffic.

Note: In typical applications, you send mirrored packets directly to an analyzer or a workstation for analysis, not to another router. If you must send mirrored packets over a network, you should use tunnels. For Layer 2 VPN implementations, you can use the Layer 2 VPN routing instance type l2vpn to tunnel the packets to a remote destination.

For information about configuring a routing instance for Layer 2 VPN, see the Junos VPNs Configuration Guide. For a detailed Layer 2 VPN example configuration, see the Junos Feature Guide. For information about tunnel interfaces, see the Junos Network Interfaces Configuration Guide.

Mirror Destination Properties

For a given packet address family, the mirror destination properties of a Layer 2 port-mirroring instance specify how the selected packets are to be sent on a particular physical interface:

• The physical interface on which to send the selected packets.
• Whether filter checking is to be disabled for the mirror destination interface. By default, filter checking is enabled on all

  Note: If you apply a filter to an interface that is also a Layer 2 port-mirroring destination, a commit failure occurs unless you have disabled filter checking for that mirror destination interface.

Mirror-Once Option

If port mirroring is enabled at both ingress and egress interfaces, you can prevent the MX Series router from sending duplicate packets to the same destination (which would complicate the analysis of the mirrored traffic).

Note: The mirror-once port-mirroring option is a global setting. The option is independent of the packet selection properties and the packet family type-specific mirror destination properties.