Ethernet Switching
Highlighted
Ethernet Switching

Port Mirroring FireEye device on EX4600 VC

‎11-15-2019 01:41 PM

We have a EX4600 VC Core, and our Infosec team wants to get a span port on each CORE, capturing all interfaces on each CORE.

Core-1 NIC1 using port ge-0/2/6, Core-2 NIC2 ge-1/2/6.

 

I tried using the ae interfaces in the config, to simplify the number of interface lines, but it does not allow analyzer 1 to monitor the same Uplink ae ports as analyzer 2.  Switched to a interface based config.  Still seems conflicted.  Here's what I have:

 

CORE-1
set interfaces xe-0/2/6 unit 0 family ethernet-switching
set interfaces xe-0/2/6 description “The Eye NIC1”
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/2
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/3
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/6
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/7
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/8
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/9
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/10
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/11
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/13
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/21
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/22
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface ge-0/0/23
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface xe-0/1/0
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface xe-0/1/6
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface xe-0/2/0
set forwarding-options analyzer TheEye-NIC1-monitor input ingress interface xe-0/2/1
set forwarding-options analyzer TheEye-NIC1-monitor output interface xe-0/2/6

CORE-2
set interfaces xe-1/2/6 unit 0 family ethernet-switching
set interfaces xe-1/2/6 description “The Eye NIC2”
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/2
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/3
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/6
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/7
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/8
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/9
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/10
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/11
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/13
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/21
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/22
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface ge-1/0/23
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface xe-1/1/0
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface xe-1/1/6
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface xe-1/2/0
set forwarding-options analyzer TheEye-NIC2-monitor input ingress interface xe-1/2/1
set forwarding-options analyzer TheEye-NIC2-monitor output interface xe-1/2/6

 

Any ideas as to what I did incorrectly?  First time doing one of these SPAN ports on Juniper gear.

1 REPLY 1
Highlighted
Ethernet Switching

Re: Port Mirroring FireEye device on EX4600 VC

‎11-15-2019 08:11 PM

Well of course they do. Your below config commits fine on my test box, what issue are you seeing?