• Downloads
• Applying Layer 2 Port Mirroring to Traffic Forwarded or Flooded to a Bridge Domain    

• Related Topics
• Layer 2 Port Mirroring Overview
• Layer 2 Port Mirroring Firewall Filters
• Defining a Layer 2 Port-Mirroring Firewall Filter
• Applying Layer 2 Port Mirroring to a Logical Interface
• Applying Layer 2 Port Mirroring to Traffic Forwarded or Flooded to a VPLS Routing Instance
• Example: Layer 2 Port Mirroring at a Logical Interface
• Example: Layer 2 Port Mirroring for a Layer 2 VPN
• Example: Layer 2 Port Mirroring for a Layer 2 VPN with LAG Links

Applying Layer 2 Port Mirroring to Traffic Forwarded or Flooded to a Bridge Domain

You can apply a Layer 2 port-mirroring firewall filter to traffic being forwarded or flooded to a bridge domain. Only packets of the specified family type and forwarded or flooded to that bridge domain are mirrored.

Before you begin, complete the following task:

• Define a Layer 2 port-mirroring firewall filter to be applied to the traffic being forwarded to a bridge domain or flooded to a bridge domain. For details, see Defining a Layer 2 Port-Mirroring Firewall Filter.

  Note: This configuration task shows two Layer_2 port-mirroring firewall filters: one filter applied to the bridge domain forwarding table ingress traffic, and one filter applied to the bridge domain flood table ingress traffic.

To apply a Layer 2 port-mirroring firewall filter to the forwarding table or flood table of a bridge domain:

1. Enable configuration of the bridge domain bridge-domain-name to which you want to apply a Layer 2 port-mirroring firewall filter for forwarded or flooded traffic:

   • For a bridge domain:

     [edit]user@host# edit bridge-domains bridge-domain-name

   • For a bridge domain under a routing instance:

     [edit]user@host# edit routing-instances routing-instance-name bridge-domains bridge-domain-nameuser@host# set instance-type vpls
     For more detailed configuration information, see Configuring a VPLS Routing Instance.

2. Configure the bridge domain:

   [edit]user@host# set domain-type bridgeuser@host# set interface interface-nameuser@host# set routing-interface routing-interface-name
   For more detailed configuration information, see Configuring a Bridge Domain and Configuring VLAN Identifiers for Bridge Domains and VPLS Routing Instances.

3. Enable configuration of traffic forwarding on the bridge domain:

   [edit ... bridge-domains bridge-domain-name]user@host# edit forwarding-options

4. Apply a Layer 2 port-mirroring firewall filter to the bridge domain forwarding table or flood table.

   • To mirror packets being forwarded to the bridge domain:

     [edit ... bridge-domains bridge-domain-name forwarding-options]user@host# set filter input pm-filter-for-bd-ingress-forwarded

   • To mirror packets being flooded to the bridge domain:

     [edit ... bridge-domains bridge-domain-name forwarding-options]user@host# set flood input pm-filter-for-bd-ingress-flooded

5. Verify the minimum configuration for applying a Layer 2 port-mirroring firewall filter to the forwarding table or flood table of the bridge domain.

   1. Navigate to the hierarchy level at which the bridge domain is configured:

      • [edit]
      • [edit routing-instances routing-instance-name]

   2. Display the bridge domain configurations:

      user@host# show bridge domains bridge-domains {bridge-domain-name {instance-type vpls; # For a bridge domain under a routing instance.domain-type bridge;interface interface-name;forwarding-options {filter { # Mirror ingress forwarded trafficinput pm-filter-for-bd-ingress-forwarded;}flood { # Mirror ingress flooded trafficinput pm-filter-for-bd-ingress-flooded;}}}}