Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Configuring Mirroring on EX9200 Switches to Analyze Traffic (CLI Procedure)

EX9200 switches enable you to configure mirroring to send copies of packets to either a local interface for local monitoring or to a VLAN for remote monitoring. You can use mirroring to copy the following packets:

  • Packets entering or exiting a port
  • Packets entering or exiting a VLAN

Best Practice: Mirror only necessary packets to reduce potential performance impact. We recommend that you:

  • Disable the analyzers that you have configured when you are not using them.
  • Specify individual interfaces as input to analyzers rather than specifying all interfaces as input.
  • Limit the amount of mirrored traffic by:
    • Using statistical sampling.
    • Setting ratios to select statistical samples.
    • Using firewall filters.

Note: If you want to create additional analyzers without deleting the existing analyzers, then disable the existing analyzers by using the disable analyzer analyzer-name statement from the command-line-interface (CLI) or from the J-Web configuration page for mirroring.

Note: Interfaces used as output for an analyzer must be configured under the ethernet-switching family.

Configuring an Analyzer for Local Traffic Analysis

To mirror interface traffic or VLAN traffic on the switch to an interface on the switch by using analyzers:

  1. Choose a name for the analyzer and specify the input:
    [edit forwarding-options]
    user@switch# set analyzer analyzer-name input ingress interface interface-name

    For example, create an analyzer called employee-monitor for which the input traffic comprises packets entering interfaces ge-0/0/0.0 and ge-0/0/1.0:

    [edit forwarding-options]
    user@switch# set analyzer employee-monitor input ingress interface ge–0/0/0.0
    [edit forwarding-options]
    user@switch# set analyzer employee-monitor input ingress interface ge–0/0/1.0
  2. Configure the destination interface for the mirrored packets:
    [edit forwarding-options]
    user@switch# set analyzer analyzer-name output interface interface-name

    For example, configure ge-0/0/10.0 as the destination interface for the employee-monitor analyzer:

    [edit forwarding-options]
    user@switch# set analyzer employee-monitor output interface ge-0/0/10.0

Configuring an Analyzer for Remote Traffic Analysis

To mirror traffic that is traversing interfaces or a VLAN on the switch to a VLAN for analysis from a remote location (by using analyzers):

  1. Configure a VLAN to carry the mirrored traffic:
    [edit]
    user@switch# set vlans analyzer-name vlan-id vlan-ID

    For example, define an analyzer VLAN called remote-analyzer and assign it the VLAN ID 999:

    [edit]
    user@switch# set vlans remote-analyzer vlan-id 999
  2. Set the uplink module interface that is connected to the distribution switch to access mode and associate it with the analyzer VLAN:
    [edit]
    user@switch# set interfaces interface-name unit 0 family ethernet-switching interface-mode access vlan members vlan-ID

    For example, set the interface ge-0/1/1 to access mode and associate it with the analyzer VLAN ID 999:

    [edit]
    user@switch# set interfaces ge-0/1/1 unit 0 family ethernet-switching interface-mode access vlan members 999
  3. Configure the analyzer:
    1. Define an analyzer and specify the traffic to be mirrored:
      [edit forwarding-options]
      user@switch# set analyzer analyzer-name input ingress interface interface-name

      For example, define the employee-monitor analyzer for which traffic to be mirrored comprises packets entering interfaces ge-0/0/0.0 and ge-0/0/1.0:

      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input ingress interface ge-0/0/0.0
      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input ingress interface ge-0/0/1.0
    2. Specify the analyzer VLAN as the output for the analyzer:
      [edit forwarding-options]
      user@switch# set analyzer analyzer-name output vlan vlan-ID

      For example, specify the remote-analyzer VLAN as the output analyzer for the employee-monitor analyzer:

      [edit forwarding-options]
      user@switch# set analyzer employee-monitor output vlan 999

Configuring a Statistical Analyzer for Local Traffic Analysis

To mirror interface traffic or VLAN traffic on the switch to an interface on the switch by using a statistical analyzer:

  1. Choose a name for the analyzer and specify the input interfaces:
    [edit forwarding-options]
    user@switch# set analyzer analyzer-name input ingress interface interface-name
    [edit forwarding-options]
    user@switch# set analyzer employee-monitor input ingress interface ge–0/0/1.0

    For example, specify an analyzer called employee-monitor and specify the input interfaces ge-0/0/0 and ge-0/0/1:

    [edit forwarding-options]
    user@switch# set analyzer employee-monitor input ingress interface ge–0/0/0.0
    [edit forwarding-options]
    user@switch# set analyzer employee-monitor input ingress interface ge–0/0/1.0
  2. Configure the destination interface for the mirrored packets:
    [edit forwarding-options]
    user@switch# set analyzer employee-monitor output interface interface-name

    For example, configure ge-0/0/10.0 as the destination interface for the mirrored packets:

    [edit forwarding-options]
    user@switch# set analyzer employee-monitor output interface ge-0/0/10.0
  3. Specify mirroring properties.
    1. Specify the mirroring rate—that is, the number of packets to be mirrored per second:
      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input rate number

      The valid range is 1 through 65,535.

    2. Specify the length to which mirrored packets are to be truncated:
      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input maximum-packet-length number

    The valid range is 0 through 9216. The default value is 0, which indicates that mirrored packets are not truncated.

Configuring a Statistical Analyzer for Remote Traffic Analysis

To mirror traffic that is traversing interfaces or a VLAN on the switch to a VLAN for analysis from a remote location by using a statistical analyzer:

  1. Configure a VLAN to carry the mirrored traffic:
    [edit]
    user@switch# set vlans vlan-name vlan-id vlan-ID

    For example, configure a VLAN called remote-analyzer with VLAN ID 999:

    [edit]
    user@switch# set vlans remote-analyzer vlan-id 999
  2. Set the uplink module interface that is connected to the distribution switch to access mode and associate it with the VLAN:
    [edit]
    user@switch# set interfaces interface-name unit 0 family ethernet-switching interface-mode access vlan members vlan-ID

    For example, set the uplink module interface ge-0/1/1.0 that is connected to the distribution switch to access mode and associate it with the remote-analyzer VLAN:

    [edit]
    user@switch# set interfaces ge-0/1/1.0 unit 0 family ethernet-switching interface-mode access vlan members 999
  3. Configure the statistical analyzer:
    1. Specify the traffic to be mirrored:
      [edit forwarding-options]
      user@switch# set analyzer analyzer-name input ingress interface interface-name

      For example, specify the packets entering ports ge-0/0/0.0 and ge-0/0/1.0 to be mirrored:

      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input ingress interface ge-0/0/0.0
      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input ingress interface ge-0/0/1.0
    2. Specify an output for the analyzer:
      [edit forwarding-options]
      user@switch# set analyzer analyzer-name output vlan vlan-ID

      For example, specify the remote-analyzer VLAN as the output for the analyzer:

      [edit forwarding-options]
      user@switch# set analyzer employee-monitor output vlan 999
  4. Specify mirroring properties.
    1. Specify the mirroring rate—that is, the number of packets to be mirrored per second:
      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input rate number

      The valid range is 1 through 65,535.

    2. Specify the length to which mirrored packets are to be truncated:
      [edit forwarding-options]
      user@switch# set analyzer employee-monitor input maximum-packet-length number

    The valid range is 0 through 9216. The default value is 0, which means the mirrored packets are not truncated.

Binding Statistical Analyzers to Ports Grouped at the FPC Level

You can bind a statistical analyzer to a specific FPC in the switch, that is, you can bind the statistical analyzer instance at the FPC level of the switch. The mirroring properties specified in the statistical analyzer are applied to all physical ports associated with all Packet Forwarding Engines on the specified FPC.

To bind a named instance of Layer 2 analyzer to an FPC:

  1. Enable configuration of switch chassis properties:
    [edit]
    user@switch# edit chassis
  2. Enable configuration of an FPC (and its installed PICs):
    [edit chassis]
    user@switch# edit fpc slot-number
  3. Bind a statistical analyzer instance to the FPC:
    [edit chassis fpc slot-number]
    user@switch# set port-mirror-instance stats_analyzer-1
  4. (Optional) To bind a second statistical analyzer instance of Layer 2 mirroring to the same FPC, repeat Step 3 and specify a different statistical analyzer name:
    [edit chassis fpc slot-number]
    user@switch# set port-mirror-instance stats_analyzer-2
  5. Verify the minimum configuration of the binding:
    [edit chassis fpc slot-number port-mirror-instance analyzer_name]
    user@switch# top
    [edit]
    user@switch# show chassis
    chassis { 
   fpc slot-number { # Bind two statistical analyzers or port mirroring 
                       named instances at the FPC level. 
   port-mirror-instance stats_analyzer-1; 
   port-mirror-instance stats_analyzer-2; 
                    } 
                }

Note: On binding a second instance (stats_analyzer-2 in this example), the mirroring properties of this session, if configured, overrides any default analyzer.

Configuring an Analyzer with Multiple Destinations by Using Next-Hop Groups

On EX9200 switches, you can mirror traffic to multiple destinations by configuring next-hop groups as analyzer output. The mirroring of packets to multiple destinations is also known as multipacket port mirroring.

To mirror interface traffic or VLAN traffic on the switch to an interface on the switch (by using analyzers):

  1. Choose a name for the analyzer and specify the input:
    [edit forwarding-options]
    user@switch# set analyzer analyzer-name input ingress interface interface-name

    For example, create an analyzer called employee-monitor for which the input traffic comprises packets entering interfaces ge-0/0/0.0 and ge-0/0/1.0:

    [edit forwarding-options]
    user@switch# set analyzer employee-monitor input ingress interface ge–0/0/0.0
    [edit forwarding-options]
    user@switch# set analyzer employee-monitor input ingress interface ge–0/0/1.0
  2. Configure the destination interface for the mirrored packets:
    [edit forwarding-options]
    user@switch# set analyzer analyzer-name output next-hop-group next-hop-group-name

    For example, configure the next-hop group nhg as the destination for the employee-monitor analyzer:

    [edit forwarding-options]
    user@switch# set analyzer employee-monitor output next-hop-group nhg

Defining a Next-Hop Group for Layer 2 Mirroring

On EX9200 switches, the next-hop group configuration at the [edit forwarding-options] configuration level enables you to define a next-hop group name, the type of addresses to be used in the next-hop group, and the logical interfaces that form the multiple destinations to which traffic can be mirrored. By default, the next-hop group is specified using Layer 3 addresses using the [edit forwarding-options next-hop-group next-hop-group-name group-type inet] statement. To specify a next-hop group using Layer 2 addresses instead, include the [edit forwarding-options next-hop-group next-hop-group-name group-type layer-2] statement.

To define a next-hop group for Layer 2 mirroring:

  1. Enable configuration of a next-hop group for Layer 2 mirroring:
    [edit forwarding-options ]
    user@switch# set next-hop-group next-hop-group-name

    For example, configure next-hop-group with name nhg:

    [edit forwarding-options]
    user@switch# set next-hop-group nhg
  2. Specify the type of addresses to be used in the next-hop group configuration:
    [edit forwarding-options next-hop-group next-hop-group-name]
    user@switch# set group-type layer-2

    For example, configure next-hop-group type as layer-2 because the analyzer output must be layer-2 only:

    [edit forwarding-options]
    user@switch# set next-hop-group nhg group-type layer-2
  3. Specify the logical interfaces of the next-hop group:
    [edit forwarding-options next-hop-group next-hop-group-name]
    user@switch# set interface logical-interface-name-1
    user@switch# set interface logical-interface-name-2

    For example, to specify ge-0/0/10.0 and ge-0/0/11.0 as the logical interfaces of the next-hop group nhg:

    [edit forwarding-options]
    user@switch# set next-hop-group nhg interface ge-0/0/10.0
    user@switch# set next-hop-group nhg interface ge-0/0/11.0
 

Related Documentation

 

Published: 2013-08-28

Previous Page Next Page