02-27-2009 07:41 AM
In a word: yes ;-)
See this documentation for example:
Is there something specific that you tried and has not worked ?
03-01-2009 01:06 AM
I was trying to monitor port as you do in switches - sending traffic from source to destination as it is, with no IP addresses configured.
I understand it is not possible in T640 routers.
03-02-2009 12:08 AM
Sorry, my link to the documentation was incomplete: Configuring Port Mirroring
It's true that port monitoring on a router will be a bit different than on a switch since a switch will replicate the exact packet including layer 2 overhead whereas, on a router, we will only mirror the layer 3 content.
From the doc:
"The interface used to send the packets to the analyzer is the output interface configured above at the [edit forwarding-options port-mirroring output] hierarchy level. You can use any physical interface type, including generic routing encapsulation (GRE) tunnel interfaces. The next-hop address specifies the destination address; this statement is mandatory for non point-to-point interfaces, such as Ethernet interfaces."
So you do not need to specify the next-hop address if the outgoing (towards analyzer) is p2p but if it is an ethernet interface (which is typical) you need to specify a next-hop address and probably a static ARP for that address (unless your analyzer is configured with an IP address and responds to ARPs).
You cannot preserve the L2 overhead since this is stripped on ingress by the router (ie: this is not a switch).