Switching

Hi All,

I have a question about port mirror limits on the 4200.  As per the documentation it states you can have a max of one analyzer port ( output port) and up to 256 ingress vlans mirrors but what about physical port mirrors.

I want to mirror X amounts of physical ports and output them to 1 analyzer port.  I cant seem to fine any docs pointing to the limit.  I have configured 3 in the past but I am wondering how high can it take it.

Thanks!

Just woundering it depends on the traffic rates but not the number of pysical ports.....

however, you may need a lab test for that, or someone did that before... 😛

You can port mirror all interfaces.

http://www.juniper.net/techpubs/en_US/junos/topics/task/configuration/port-mirroring-cli.html

Here is some additional information. On yor switch issue the following command

 help topic forwarding-options port-mirroring

When you configure the port-mirroring, I would configure the number of ports to be mirrored and then issue a commit check. That will tellyou if you can configure more or less.

Hi.

I have a question. If I have a topo like this

Server--------->EX-SW-01----------->EX-SW-02----------EX-SW-03--------->Client

Can we configure span port to catach all traffic from CLient and send it to Server? In this case, we need to configure two interfaces (on EX-SW-02) to belong a same remote VLAN. And this is prevented on EX-SW. So, who has a solution for this case?

Hi ,

If you want to capture traffic from client that is sending to server and the output interface is connected to same switch.

Then we can apply a firewall filter on the ingress direction of the port the client connected to filter traffic that is sending to server then forward it to analyser.

[edit]
root@vsa# show firewall
family inet {
    filter hai {
        term 1 {
            from {
                source-address {
                    192.168.1.1/24;
                }
                destination-address {
                    10.1.1.1/24;
                }
            }
            then {
                analyzer forum;
                accept;
            }
        }
    }
}

[edit]
root@vsa# show ethernet-switching-options
analyzer forum {
    output {
        interface {
            ge-0/0/20.0;
        }
    }
}

I hope this helps.

i really wish we could have more destinations ports. one for IDS and one for troubleshooting  - at least!

You can configure no more than one type of output in one port-mirroring configuration. That is, you can use no more than one of the following to complete a set analyzer name outputstatement:

• interface
• ip-address
• vlan

I am not sure if there is any limitations on the number of interfaces that can be in the vlan that you send the traffic to. But you can test it!