Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Example: Configuring Mirroring for Remote Monitoring of Employee Resource Use on EX9200 Switches

EX9200 switches allow you to configure mirroring to send copies of packets to either a local interface for local monitoring or to a VLAN for remote monitoring. You can use mirroring to copy these packets:

  • Packets entering or exiting a port
  • Packets entering or exiting a VLAN

You can analyze the mirrored traffic using a protocol analyzer application running on a remote monitoring station if you are sending mirrored traffic to an analyzer VLAN.

Best Practice: Mirror only necessary packets to reduce potential performance impact. We recommend that you:

  • Disable your configured mirroring sessions when you are not using them.
  • Specify individual interfaces as input to analyzers rather than specifying all interfaces as input.
  • Limit the amount of mirrored traffic by:
    • Using statistical sampling.
    • Setting ratios to select statistical samples.
    • Using firewall filters.

The examples in this topic describe how to configure remote mirroring:

Requirements

The examples use the following hardware and software components:

  • EX9200 switch connected to another EX9200 switch
  • Junos OS Release 13.2 or later for EX Series switches

Before you configure remote mirroring, be sure that:

Overview and Topology

This topic includes two related examples that describe how to configure mirroring to a remote analyzer VLAN so that analysis can be performed from a remote monitoring station. The first example shows how to configure a switch to mirror all traffic from employee computers. The second example assumes the same scenario, but the setup includes a filter to mirror only the employee traffic going to the Web.

Figure 1 shows the network topology for both these example scenarios.

Figure 1: Network Topology for Remote Mirroring

Network Topology for Remote Mirroring

In this example:

  • Interface ge-0/0/0 is a Layer 2 interface, and interface ge-0/0/1 is a Layer 3 interface (both interfaces on the source switch) that serve as connections for employee computers.
  • Interface ge-0/0/10 is a Layer 2 interface that connects the source switch to the destination switch.
  • Interface ge-0/0/5 is a Layer 2 interface that connects the destination switch to the remote monitoring station.
  • The analyzer VLAN, remote-analyzer, is configured on all switches in the topology to carry the mirrored traffic.

Mirroring Employee Traffic for Remote Analysis by Using a Statistical Analyzer

To configure a statistical analyzer for remote traffic analysis for all incoming and outgoing employee traffic, perform these tasks:

CLI Quick Configuration

To quickly configure a statistical analyzer for remote traffic analysis for incoming and outgoing employee traffic, copy the following commands and paste them into the switch terminal window:

  • Copy and paste the following commands in the source switch terminal window:
    [edit]
    set vlans remote-analyzer vlan-id 999
    set interfaces ge-0/0/10 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members 999
    set forwarding-options analyzer employee-monitor input ingress interface ge-0/0/0.0
    set forwarding-options analyzer employee-monitor input ingress interface ge-0/0/1.0
    set forwarding-options analyzer employee-monitor input egress interface ge-0/0/0.0
    set forwarding-options analyzer employee-monitor input egress interface ge-0/0/1.0
    set forwarding-options analyzer employee-monitor output vlan remote-analyzer
    set forwarding-options analyzer employee-monitor input rate 2
    set forwarding-options analyzer employee-monitor input maximum-packet-length 128
    set chassis fpc 0 port-mirror-instance employee-monitor
  • Copy and paste the following commands in the destination switch terminal window:
    [edit]
    set vlans remote-analyzer vlan-id 999
    set interfaces ge-0/0/10 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members 999
    set interfaces ge-0/0/5 unit 0 family ethernet-switching interface-mode access
    set forwarding-options analyzer employee-monitor input ingress vlan remote-analyzer
    set forwarding-options analyzer employee-monitor output interface ge-0/0/5.0

Step-by-Step Procedure

To configure basic remote mirroring:

  1. On the source switch:
    • Configure the VLAN ID for the remote-analyzer VLAN:
      [edit vlans]
      user@switch# set remote-analyzer vlan-id 999
    • Configure the interface on the network port connected to the destination switch for access mode and associate it with the remote-analyzer VLAN:
      [edit interfaces]
      user@switch# set ge-0/0/10 unit 0 family ethernet-switching interface-mode access
      user@switch# set ge-0/0/10 unit 0 family ethernet-switching vlan members 999
    • Configure the statistical analyzer employee-monitor:
      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input ingress interface ge-0/0/0.0
      user@switch# set analyzer employee-monitor input ingress interface ge-0/0/1.0
      user@switch# set instance employee-monitor input egress interface ge-0/0/0.0
      user@switch# set analyzer employee-monitor input egress interface ge-0/0/1.0
      user@switch# set analyzer employee-monitor output vlan remote-analyzer

      user@switch# set forwarding-options analyzer employee-monitor input rate 2
      user@switch# set forwarding-options analyzer employee-monitor input maximum-packet-length 128
    • Bind the statistical analyzer to the FPC that contains the input interface:
      [edit]
      user@switch# set chassis fpc 0 port-mirror-instance employee-monitor
  2. On the destination switch:
    • Configure the VLAN ID for the remote-analyzer VLAN:
      [edit vlans]
      user@switch# set remote-analyzer vlan-id 999
    • Configure the interface on the destination switch for access mode and associate it with the remote-analyzer VLAN:
      [edit interfaces]
      user@switch# set ge-0/0/10 unit 0 family ethernet-switching interface-mode access
      user@switch# set ge-0/0/10 unit 0 family ethernet-switching vlan members 999
    • Configure the interface connected to the destination switch for access mode:
      [edit interfaces]
      user@switch# set ge-0/0/5 unit 0 family ethernet-switching interface-mode access
    • Configure the employee-monitor analyzer:
      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input ingress vlan remote-analyzer
      user@switch# set analyzer employee-monitor output interface ge-0/0/5.0
    • Specify mirroring parameters such as rate and the maximum packet length for the employee-monitor analyzer:
      [edit]
      user@switch# set forwarding-options analyzer employee–monitor input rate 2
      user@switch# set forwarding-options analyzer employee–monitor input maximum-packet-length 128
    • Bind the employee-monitor to the FPC containing the input ports:
      [edit]
      user@switch# set chassis fpc 0 port-mirror-instance employee–monitor

Results

Check the results of the configuration on the source switch:

[edit] user@switch> show
forwarding-options {analyzer employee-monitor {input {maximum-packet-length 128;rate 2;ingress {interface ge-0/0/0.0;interface ge-0/0/1.0;}egress {interface ge-0/0/0.0;interface ge-0/0/1.0;}}output {vlan {remote-analyzer;}}}}
interfaces {ge-0/0/10 {unit 0 {family ethernet-switching {interface-mode access;vlan {members 999;}}}}}
vlans {remote-analyzer {vlan-id 999;interface {ge-0/0/10.0}}}}

Check the results of the configuration on the destination switch:

[edit] user@switch# show
interfaces {ge0/0/5 {unit 0 {family ethernet-switching {interface-mode access;}}}ge-0/0/10 {unit 0 {family ethernet-switching {interface-mode access;vlan {members 999;}}}}}
vlans {remote-analyzer {vlan-id 999;interface {ge-0/0/10.0}}}}
forwarding-options {analyzer employee-monitor {input {ingress {vlan remote-analyzer;}}output {interface {ge-0/0/5.0;}}}}

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying That the Analyzer Has Been Correctly Created

Purpose

Verify that the analyzer named employee-monitor has been created on the switch with the appropriate input interfaces and appropriate output interface.

Action

You can verify the analyzer is configured as expected by using the show forwarding-options analyzer command.

To verify that the analyzer is configured as expected while monitoring all employee traffic on the source switch, run the show forwarding-options analyzer command on the source switch. The following output is displayed for this configuration example:

user@switch> show forwarding-options analyzer
  Analyzer name                    : employee-monitor
  Mirror rate                     	   : 2
  Maximum packet length        : 128
  State                           	   : up
  Ingress monitored interfaces     : ge-0/0/0.0
  Ingress monitored interfaces     : ge-0/0/1.0
  Egress monitored interfaces     : ge-0/0/0.0
  Egress monitored interfaces     : ge-0/0/1.0
  Output VLAN                        : default-switch/remote-analyzer

Meaning

This output shows that the employee-monitor instance has a ratio of 2 (mirroring every packet, the default), the maximum size of the original packet that were mirrored is 128, the state of the configuration is up, which indicates proper state and that the analyzer is programmed, and the analyzer is mirroring the traffic entering ge-0/0/0.0 and ge-0/0/1.0, and is sending the mirrored traffic to the VLAN called remote-analyzer. If the state of the output interface is down or if the output interface is not configured, the value of state will be down and the analyzer will not be able to mirror traffic.

 

Related Documentation

 

Published: 2013-08-28

Previous Page Next Page