Port Mirroring Overview


Port mirroring enables you to analyze traffic on your Juniper Networks EX Series switch on a packet level. You might use port mirroring when monitoring switch traffic for such purposes as enforcing policies concerning network usage and file sharing. You might also use port mirroring to identify sources of problems on your network by locating abnormal or heavy bandwidth usage by particular stations or applications.

EX Series switches enable you to configure port mirroring to send copies of packets to either a local interface for local monitoring or to a VLAN for remote monitoring. You can analyze the mirrored traffic using a protocol analyzer application running on the remote monitoring station if you are sending mirrored traffic to an analyzer VLAN. Port mirroring supports the copying of the following packets:

  • Packets entering or exiting a port

  • Packets entering a VLAN on EX2200, EX3200, EX3300, EX4200, EX4500, EX4550, or EX6200 switches

  • Packets exiting a VLAN on EX8200 switches

Port mirroring might be needed for traffic analysis on a switch because a switch, unlike a hub, does not broadcast packets to every port on the destination device. The switch sends packets only to the port to which the destination device is connected. You can configure an analyzer to mirror bridged packets (Layer 2 packets). To mirror routed packets (Layer 3 packets), you must configure a firewall filter in which the family statement is set to inet or inet6.

You can configure port mirroring to define the input traffic and the destination to which this input traffic must be mirrored to, in the same port mirroring configuration. The input traffic to be analyzed can be either traffic that enters or traffic that exits an interface or VLAN. The port mirroring configuration enables you to send this traffic to an output interface, instance, next-hop group, or VLAN. You can define the port mirroring configuration at the [edit ethernet-switching-options analyzer] hierarchy level.