Junos Cup 2014
Junos Cup 2014

Tie Breaker Challenge: Antarctica Port Mirroring

[ Edited ]
‎07-15-2014 01:24 PM

The competition is officially closed so no prizes will be awarded for the solution but feel free to test your skills on this tie-breaker challenge. 


Challenge Author: Alexander Arseniev

Country Flag: Antarctica

Type: Enterprise Difficulty: High (2 points)


Technical Description:

With just one set configuration command at the router of your choice, ensure that when you ping from R1 to the ge-­‐0/0/2 interface of R3, the ICMP echo reply packets are mirrored towards H.






Challenge Instructions:


For this challenge, you need to start the topology called: “ANTARCTICA – Port Mirroring”.


Run ping from R1 towards the ge-­‐0/0/2 interface of R3:


juniper@R1> ping     


Initially, it fails with message “No route to host”. You need to fix it so that:


-­‐     The ping command succeeds.

-­‐     R3 actually answers with ICMP echo replies.

-­‐     R1 mirrors the echo reply packets towards H


Once the issue is fixed, you should see the ICMP reply packets arriving at H:


juniper@SNIFFER> show firewall log     Log :

Time     Filter   Action Interface    Protocol       Src Addr                        Dest Addr 03:51:06 pfe      A     ge-­‐0/0/1.0   ICMP            

03:51:06 pfe      A     ge-­‐0/0/1.0   ICMP            

03:51:06 pfe      A     ge-­‐0/0/1.0   ICMP            

03:51:05 pfe      A     ge-­‐0/0/1.0   ICMP            



You need to accomplish the task above with just one set command on one router (you need to figure out which one):



set <command1> commit and-­‐quit

/* You may need to wait for some time after commit, */

/* from a few seconds up to 2 or 3 minutes       */


Make sure that you log in with username juniper, and respect its privilege limitations (some parts of the configuration are neither accessible nor visible).


You must meet the following conditions:


-­‐     The solution must be permanent. Once it is fixed, it remains fixed with no user intervention for an unlimited amount of time.

-­‐     Any configuration added/removed on SNIFFER does not count towards the solution.

-­‐     You are not allowed to use wildcards, configuration groups, or op/event/commit-­‐ scripts.


Julie Wider
Advocacy Manager
Twitter: @JNetCommunity & @jawider