Junos
Reply
ziv
Regular Visitor
ziv
Posts: 5
Registered: ‎08-05-2008
0
Accepted Solution

Port Monitor on T640 router

Is it possible to configure port mirror/monitor on T-series or MX-series as in switches?

Thanks,

Ziv

Super Contributor
davidjdv
Posts: 113
Registered: ‎02-26-2008
0

Re: Port Monitor on T640 router

Hello Ziv,

 

In a word: yes ;-)

See this documentation for example:

 http://www.juniper.net/techpubs/software/junos/junos93/swconfig-services/frameset.html

 

Is there something specific that you tried and has not worked ?

 

Regards,

/david 

ziv
Regular Visitor
ziv
Posts: 5
Registered: ‎08-05-2008
0

Re: Port Monitor on T640 router

I was trying to monitor port as you do in switches - sending traffic from source to destination as it is, with no IP addresses configured.

 

I understand it is not possible in T640 routers.

Super Contributor
davidjdv
Posts: 113
Registered: ‎02-26-2008

Re: Port Monitor on T640 router

Sorry, my link to the documentation was incomplete: Configuring Port Mirroring 

 

It's true that port monitoring on a router will be a bit different than on a switch since a switch will replicate the exact packet including layer 2 overhead whereas, on a router, we will only mirror the layer 3 content.

 

From the doc:

"The interface used to send the packets to the analyzer is the output interface configured above at the [edit forwarding-options port-mirroring output] hierarchy level. You can use any physical interface type, including generic routing encapsulation (GRE) tunnel interfaces. The next-hop address specifies the destination address; this statement is mandatory for non point-to-point interfaces, such as Ethernet interfaces."

 

So you do not need to specify the next-hop address if the outgoing (towards analyzer) is p2p but if it is an ethernet interface (which is typical) you need to specify a next-hop address and probably a static ARP for that address (unless your analyzer is configured with an IP address and responds to ARPs).

 

You cannot preserve the L2 overhead since this is stripped on ingress by the router (ie: this is not a switch).

 

HTH,

/david 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.