Junos OS

Hi everybody,

Can we use traceoption to log transit traffic on MX5 the way we can do on SRX?  Or Traceoption on MX5 only used for exceptional traffic i.e traffic bound for RE?

Thanks and have a good weekend!!

Trace options are designed to gather troubleshooting information not logging.

Can you show the example of what you are trying to migrate from SRX to MX?

Thanks for your response.

I am not migrating MX to SRX.  Basically, I stumbled upon this link which shows how trace options can be used to troubleshoot transit traffic on SRX.

https://www.safaribooksonline.com/library/view/junos-security/9781449381721/ch04s08.html

I was wondering if similar thing can be done with trace options for transit traffic on MX

Hi,

If you want to see transit traffic, firewall filter can be used and log can be captured like below. For the live traffic to and from the device "monitor traffic interface extensive" can be used on the desired interface.

https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-firewall-log.html

user@host> show firewall log extensive

Time of Log: 2016-01-17 22:16:21 PST, Filter: pfe, Filter action: accept, Name of interface: xe-0/0/1.0
Name of protocol: UDP, Packet Length: 98, Source address: 203.0.113.1, Destination address: 203.0.113.1
 :  00-0F: 00 01 03 ee ee ff 00 01 - 09 22 55 ee 81 00 02 58
 :  10-1F: 08 00 45 00 00 62 00 00 - 00 00 40 11 77 8a 01 00

Hi

Could you please share the SRX configuration referred in your query? You can use a firewall filter to capture transit traffic on MX5 interfaces. Usually protocol traceoptions are configured to capture protocol operation.

Arer you refering to the below interface traceoption configuration on MX. If yes, it is supported on MX.

Configure the traceoptions statement.

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-tracing-operations-of-the-interface-process.html

Regards,

Rahul

Please mark my solution as accepted if it helped.