Ethernet Switching
Highlighted
Ethernet Switching

Port-Mirror Over IP network on EX switch or SRX

‎12-09-2019 11:56 AM

Hello, 

 

I need to do some port-mirroring over an IP network. Is this possible on EX switches. I've seen some documents in regards to MX setup using firewall filter. 

 

If the switch cannot do it, is it possible to do it on SRX?

 

My environment is EX --> SRX--> WAN--> SRX--> EX

 

Thanks Lou

 

 

 

6 REPLIES 6
Highlighted
Ethernet Switching

Re: Port-Mirror Over IP network on EX switch or SRX

‎12-09-2019 07:18 PM

Hi Lou,

 

Port mirroring is possible both on EX and SRX series.

 

Please refer to https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/port-mirroring-cli-els.h... , https://kb.juniper.net/InfoCenter/index?page=content&id=KB10878 for more information and configuration related to port mirroring on EX series.

 

For SRX, https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/configuring-port-mirrori...https://kb.juniper.net/InfoCenter/index?page=content&id=KB21842

 

Hope this helps.

 

Thanks and Regards,

Pradeep Kumar M

Highlighted
Ethernet Switching

Re: Port-Mirror Over IP network on EX switch or SRX

‎12-10-2019 08:31 AM

Thanks for the input, but this doesn't help me. I currenlty have a port analyzer in many locations. However, I need to do one over an IP network to a remote location. Any input on that? For example, over GRE. I know that on the MX I can do over GRE using firewall filter. However, i'm tyring to see if it can be done on EX switches, or SRX. 

Highlighted
Ethernet Switching

Re: Port-Mirror Over IP network on EX switch or SRX

‎12-10-2019 04:13 PM

Hi Poliberte,

 

You can configure the next-hop IP address as the output interface for remote SPAN (ERSPAN) feature:

 

root@ex3400-24t-r2# set forwarding-options analyzer test output ?                                                                                                     

Possible completions:                                                                                                                                                         

+ apply-groups         Groups from which to inherit configuration data                                                                                                         

+ apply-groups-except  Don't inherit configuration data from these groups                                                                                                      

  interface            Outgoing port for mirrored packets                                                                                                                     

  ip-address           ERSPAN Destination IP Address  <<<<<<<<<<<<<<<<<<<<<<<<<<<                                                                         

> routing-instance     Routing instances                                                                                                                                       

> vlan                 Outgoing VLAN for mirrored packets

 

 

Hope this helps.

 

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated :).

 

Highlighted
Ethernet Switching

Re: Port-Mirror Over IP network on EX switch or SRX

‎12-16-2019 10:36 AM

Hello, 

 

Would you be able to point me to some documentation? or scample config?

Would this be possible on a EX2200? Looks like I might need to upgrade my switch as set fowarding-options analyzer is not an option on my switch. 

 

Are you saying I can just use my packet capture system as the next-hop and let routing due the work?

 

Thanks, 

Lou

Highlighted
Ethernet Switching

Re: Port-Mirror Over IP network on EX switch or SRX

‎12-16-2019 11:21 AM

Hi Lou,

 

There is no need for you to upgrade your switch, if you are not seeing "forwarding-options" in the hierarchy it simply means that you are running JunOS without ELS(Enhanced Layer 2 Software). But this should not stop you from port-mirroring capabilities.

 

Instead of using analyzer in front of "forwarding-options" try the same like below:

set ethernet-switching-options analyzer employee-monitor <>

 

Please refer the below KB article for more information:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB10878&cat=SWITCH_PRODUCTS&actp=LIST

 

If this worked for you please hit "accept as a solution" as this helps the community members with same query redirect to this post.

Kudos + "accept as a solution" -- star, you are!

 

//Nex

Highlighted
Ethernet Switching

Re: Port-Mirror Over IP network on EX switch or SRX

‎12-16-2019 11:53 AM

EX2200 does not support remote port mirroring. You need a newer generation of switches to do this via ip. Supported platforms can be seen here:

https://apps.juniper.net/feature-explorer/feature-info.html?fKey=4034&fn=Remote%20port%20mirroring

 

Regarding SRX i'm not sure a remote port-mirror is a feature. You have several ways to collect wireshark dump of data travelling trough with specific src/dst IP + port... but the output is limited to a file destination.

 

You also have "security forwarding-options mirror-filter" but this output is also to a local port.

 

What is the usecase you are trying to solve? Maybe there is another way. And please let us know which type of SRX/EX's you have and their respetive Junos versions. This make it easier to suggest solutions.

 

 


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Feedback