[an error occurred while processing this directive][an error occurred while processing this directive]

Defining a Next-Hop Group for Layer 2 Port Mirroring

On MX Series routers, you can mirror tunnel interface input traffic to multiple destinations. To this form of multipacket port mirroring, you specify two or more additional destinations in a next-hop group, define a firewall filter that references the next-hop group as the filter action, and then apply the filter to a logical tunnel interface (lt-) or virtual tunnel interface (vt-) on the MX Series router.

Note: This topic describes how to define a next-hop group for Layer 2 port mirroring to multiple destinations. For detailed information about defining a firewall filter for Layer 2 port mirroring to multiple destinations, see Defining a Layer 2 Port-Mirroring Firewall Filter.

To define a next-hop group for a Layer 2 port-mirroring firewall filter action:

  1. Enable configuration of Layer 2 forwarding options.

  2. Enable configuration of a next-hop-group for Layer 2 port mirroring:

    [edit forwarding-options port-mirroring ... family (ccc | vpls) output]user@host# edit next-hop-group pm-next-hop-group-name
  3. Specify the type of addresses to be used in the next-hop group configuration. By default, the next-hop group is specified using Layer 3 addresses (group-type inet). To specify the next-hop group using Layer 2 addresses instead, you must include the group-type layer-2 statement:

    [edit forwarding-options port-mirroring ... family (ccc | vpls) output next-hop-group pm-next-hop-group-name]user@host# set group-type layer-2
  4. Specify the logical interfaces of the next-hop router:

    [edit forwarding-options port-mirroring ... family (ccc | vpls) output next-hop-group pm-next-hop-group-name]user@host# set interface logical-interface-name-1user@host# set interface logical-interface-name-2
    The MX Series router supports up to 30 next-hop groups. Each next-hop group supports up to 16 next-hop addresses. Each next-hop group must specify at least two addresses.
  5. Verify the configuration of the next-hop group:

    [edit forwarding-options port-mirroring ... family (ccc | vpls) output next-hop-group pm-next-hop-group-name]user@host# top[edit]user@host# show forwarding-options ...next-hop-group pm-next-hop-group-name { # Next-hop group on a bridge domain.group-type layer-2;interface logical-interface-name-1;interface logical-interface-name-2;}...

Published: 2010-05-11

[an error occurred while processing this directive]