Juniper Switch do port mirroring

A device that analyzes traffic has been deployed in the previous period and needs to mirror the port's traffic to a single copy of the server's NIC.

Because the Juniper Operation command is unfamiliar, the online command is also relatively few. So write a blog record.

EXthe port mirroring of the switch allows the port to be in traffic, or the outbound traffic is mirrored separately, andethernet-switchingof theFirewall Filter, you can specify that eligible traffic is mirrored, such as specifyingIPaddress orMACaddress, or specify the protocol(For exampleHttp)image of the traffic.

Operation Steps:

(1) Create a port image name and specify the port to mirror, and the same mirror name can specify multiple ports to mirror.

(2) after creating the image name, specify the output port that you want to mirror, and then take a sniffer on the output port to crawl the mirrored traffic.

#" Edit the image name parameter, Port_monitor is the name of the mirror and creates a new one if it does not exist "

[Edit]

[Email protected]# editethernet-switching-options Analyzer Port_monitor

[Editethernet-switching-options Analyzer Port_monitor]

[Email protected]# Set Inputegress interface ge-0/0/10.0 # " define the port output traffic to mirror

[Email protected]# Set Inputingress interface ge-0/0/10.0 # " define the port input traffic to mirror

[Email protected]# set Outputinterface ge-0/0/1.0 # " define the output port (the port to which the sniffer is connected) "

[Email protected]#

You can also define Fireware-based port mirroring.

# setting the mirrored output port

[Email protected]# Top

[Edit]

[Email protected]# Set Ethernet-switching-options Analyzer Port_monitor Output interfacege-0/0/10.0

#" set the filter conditions, please refer to the specific conditions JUNOS of the Filter Setup Instructions "

[Email protected]# Edit Firewall Family ethernet-switching filter Mirror_filter # "Mirror_filter to be Policy name "             

[Edit Firewall familyethernet-switching filter Mirror_filter]

[Email protected]#

[ email protected]# set   term 1 from destination-address 192.0.2.16/28  # " first entry term 1 ip address "

[ email protected]# set  term 1 fromsource-address 192.0.2.16/28  # " Specify the source ip address "

[Email protected]# Set term 1 fromdestination-port # " Specify destination Port "

# " match the conditions for mirroring action, Port_monitor is the image name defined above "

[Email protected]# Set Term 1 then analyzer Port_monitor

[Email protected]# set Term 2 then accept # " generate the second article Term entry, specifying that no other traffic is mirrored "

# setting the port that requires mirroring Filter Parameters

[Email protected]# Top

[Email protected]# Delete INTERFACESGE-0/0/1 Unit 0

[Email protected]# setinterfaces GE-0/0/1 Unit 0 Family ethernet-switching

[Email protected]# set interfaces ge-0/0/0 Unit 0 Family ethernet-switchingfilter input mirror_filter

Juniper Switch do port mirroring