Srx Port Mirroring

How to do port mirroring on J-series and SRX branch devices [KB21833] Show KB Properties

SUMMARY:

ASK THE KB Question or KB ID: Ask

This article explains how port mirroring feature can be configured on an SRX device.

PROBLEM OR GOAL: Sometimes we may need to examine the traffic on an interface. This can be accomplished by taking a packet capture on the interface or mirroring the interface.

CAUSE:

Knowledge Center Home Browse Popular Content

SOLUTION: Step 1: Configure port mirroring in the forwarding options hierarchy: [edit forwarding-options]

Browse Recently Updated Browse All Knowledge Center News

port-mirroring { input { rate 1; run-length 10; } family inet { output { interface ge-0/0/1.0 { next-hop 2.2.2.1; } } } } Step 2: Configure firewall filter to port mirror [edit firewall] filter port-mirror { term 1 { from { source-address { 0.0.0.0/0; } } then { port-mirror; accept; } } } Step 3: Apply the filter on an interface that is to be mirrored [edit interfaces] ge-0/0/0 { unit 0 { family inet { filter { input port-mirror; output port-mirror; } address 1.1.1.1/24; } } } The following is a sample configuration for port mirroring. In this example, a copy of the traffic that that comes into or goes out of the ge-0/0/0 interface can be sent to a monitoring system from ge-0/0/1 interface where it can be captured and analyzed. system { root-authentication { encrypted-password "$1$9UsjE5u5$tb1.O6wtCosLwVBEWmsYP."; ## SECRET-DATA } } interfaces { ge-0/0/0 {

J-Net Search PR Search Create a Support Case Knowledge Center Feedback Report a Security Vulnerability

unit 0 { family inet { filter { input port-mirror; output port-mirror; } address 1.1.1.1/24; } } } ge-0/0/1 { unit 0 { family inet { address 2.2.2.2/24; } } } } forwarding-options { port-mirroring { input { rate 1; run-length 10; } family inet { output { interface ge-0/0/1.0 { next-hop 2.2.2.1; } } } } } security { policies { default-policy { permit-all; } } zones { security-zone trust { host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { all; } } } } firewall { filter port-mirror { term 1 { from { source-address { 0.0.0.0/0; } } then { port-mirror; accept; } } } } Note: Port mirroring with ethernet-switching is not supported.

PURPOSE: Troubleshooting

RELATED LINKS: Site Map / RSS Feeds / Careers / Accessibility / Feedback / Privacy & Policy / Legal Notices

Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.