Remote Port Mirroring pada SRX
SRX240
set version 11.2R3.3
set system root-authentication encrypted-password “$1$30Ol6yfh$OSmecgoNol8tcw0rKtOyQ/”
set system name-server 208.67.222.222
set system name-server 208.67.220.220
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.1/24
set interfaces ge-0/0/2 unit 0 family inet filter input port-mirror
set interfaces ge-0/0/2 unit 0 family inet filter output port-mirror
set interfaces ge-0/0/2 unit 0 family inet address 1.1.1.1/24
set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring input run-length 10
set forwarding-options port-mirroring family inet output interface ge-0/0/1.0 next-hop 2.2.2.2
set protocols stp
set security forwarding-options family mpls mode packet-based
set firewall filter port-mirror term 1 from source-address 0.0.0.0/0
set firewall filter port-mirror term 1 then port-mirror
set firewall filter port-mirror term 1 then accept
EX4200
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family ethernet-switching filter input filter_monitoring
set interfaces vlan unit 10 family inet address 2.2.2.2/24
set interfaces vlan unit 20 family inet address 3.3.3.1/24
set firewall family ethernet-switching filter filter_monitoring term 1 from source-address 0.0.0.0/0
set firewall family ethernet-switching filter filter_monitoring term 1 from destination-address 0.0.0.0/0
set firewall family ethernet-switching filter filter_monitoring term 1 then accept
set firewall family ethernet-switching filter filter_monitoring term 1 then analyzer test_monitor
set ethernet-switching-options analyzer test_monitor loss-priority high
set ethernet-switching-options analyzer test_monitor input ingress interface ge-0/0/1.0
set ethernet-switching-options analyzer test_monitor input egress interface ge-0/0/1.0
set ethernet-switching-options analyzer test_monitor output vlan vlan_monitor
set ethernet-switching-options storm-control interface all
set vlans vlan_monitor vlan-id 20
set vlans vlan_monitor interface ge-0/0/0.0
set vlans vlan_monitor l3-interface vlan.20
set vlans vlan_client vlan-id 10
set vlans vlan_client interface ge-0/0/1.0
set vlans vlan_client l3-interface vlan.10
Tri [ Net Camp ] 
Posted on June 11, 2012
0