Example: Configuring Port Mirroring for Local Monitoring of Employee Resource Use on EX Series Switches
EX Series switches allow you to configure port mirroring to send copies of packets to either a local interface for local monitoring or to a VLAN for remote monitoring. You can use port mirroring to copy these packets:
? ? ?
Packets entering or exiting a port
Packets entering a VLAN on EX2200, EX3200, EX4200, or EX4500 switches Packets exiting a VLAN on EX8200 switches
You can analyze the mirrored traffic using a protocol analyzer application installed on a system connected to the local destination interface (or a running on a remote monitoring station if you are sending mirrored traffic to an analyzer VLAN). This example describes how to configure an EX Series switch to mirror traffic
entering interfaces connected to employee computers to an analyzer output interface on the same switch.
This example describes how to configure local port mirroring:
? ? ? ? ? Requirements Overview and Topology Mirroring All Employee Traffic for Local Analysis Mirroring Employee-to-Web Traffic for Local Analysis Verification Requirements
This example uses the following hardware and software components:
? ?
Junos OS Release 9.0 or later for EX Series switches One EX Series switch
Before you configure port mirroring, be sure you have an understanding of port mirroring concepts.
Overview and Topology
This topic includes two related examples that describe how to mirror traffic entering ports on the switch to a destination interface on the same switch. The first example shows how to mirror all traffic entering the ports connected to employee computers. The second example shows the same scenario, but includes a filter to mirror only the employee traffic going to the Web.
In this example, ge-0/0/0 and ge-0/0/1 serve as connections for employee computers.
In this example, one interface, ge-0/0/10, is reserved for analysis of mirrored traffic. Connect a PC running a protocol analyzer application to the analyzer output interface to analyze the mirrored traffic.
Note: Multiple ports mirrored to one interface can cause buffer overflow and dropped packets.
Figure 1 shows the network topology for this example.
Figure 1: Network Topology for Local Port Mirroring Example
Mirroring All Employee Traffic for Local Analysis
To configure port mirroring for all employee traffic for local analysis, perform these tasks:
CLI Quick Configuration
To quickly configure local port mirroring for ingress traffic to the two ports connected to employee computers, copy the following commands and paste them into the switch terminal window:
[edit]
set interfaces ge-0/0/0 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family inet 192.1.1.1/24
set interfaces ge-0/0/10 unit 0 family ethernet-switching
set ethernet-switching options analyzer employee–monitor input ingress interface ge-0/0/0.0
set ethernet-switching options analyzer employee–monitor input ingress interface ge-0/0/1.0
set ethernet-switching options analyzer employee–monitor output interface ge-0/0/10.0
Step-by-Step Procedure
To configure an analyzer called employee-monitor and specify the input (source) interfaces and the analyzer output interface:
1. Configure each interface connected to employee computers as an input interface for the port-mirror analyzer that
we are calling employee-monitor:
[edit ethernet-switching-options]
user@switch# set analyzer employee-monitor input ingress interface ge–0/0/0.0 user@switch# set analyzer employee-monitor input ingress interface ge–0/0/1.0
2. Configure the output analyzer interface for the employee-monitor analyzer. This will be the destination
interface for the mirrored packets:
[edit ethernet-switching-options]
user@switch# set analyzer employee-monitor output interface ge-0/0/10.0
Results
Check the results of the configuration:
[edit]user@switch# showethernet-switching-options {analyzer
employee-monitor {input {ingress {interface ge-0/0/0.0;interface ge-0/0/1.0;}}output {interface {ge-0/0/10.0;}}}}
Mirroring Employee-to-Web Traffic for Local Analysis
To configure port mirroring for employee to web traffic, perform these tasks: CLI Quick Configuration
To quickly configure local port mirroring of traffic from the two ports connected to employee computers, filtering so that only traffic to the external Web is mirrored, copy the following commands and paste them into the switch terminal window:
[edit]
set ethernet-switching-options analyzer employee–web–monitor output interface ge-0/0/10.0
set firewall family ethernet-switching filter watch-employee term employee-to-corp from destination-address 192.0.2.16/28
set firewall family ethernet-switching filter watch-employee term employee-to-corp from source-address 192.0.2.16/28
set firewall family ethernet-switching filter watch-employee term employee-to-corp then accept