Chuck, On 20/10/12 6:00 PM, juniper-nsp-requ...@puck.nether.net wrote: > What I do is plug the monitor (output) port into a switch with a > separate monitoring VLAN and then set the destination MAC address to > an unknown one like 02:02:02:02:02:02--the switch will forward all the > unknown traffic to all ports in the monitoring VLAN. Works great with > an EX4200 (on which I'm also using other ports for "normal" traffic):
I followed your example, but doing this on the MX80 itself: First we setup a virtual switch: mx80> show configuration routing-instances analyzers-vs { instance-type virtual-switch; bridge-domains { analyzers-bd { interface ge-1/2/8.0; interface ge-1/2/9.0; interface ge-1/2/10.0; } } } ge-1/2/8 is cross-connected to ge-1/3/5, and ports ge-1/2/9 and ge-1/2/10 are connected to the analyzer hosts. The port-mirror config: mx80> show configuration forwarding-options port-mirroring input { rate 1; run-length 1; } family inet { output { interface ge-1/3/5.0 { next-hop 192.168.12.2; } } } family inet6 { output { interface ge-1/3/5.0 { next-hop fdcf:1adc:6b61:919e::2; } no-filter-check; } } This port is connected to the virtual switch: mx80> show configuration interfaces ge-1/3/5 description "self:ge-1/2/8 (to virtual switch)"; unit 0 { family inet { no-redirects; no-neighbor-learn; address 192.168.12.1/30 { arp 192.168.12.2 mac 02:02:02:02:02:02; } } family inet6 { no-neighbor-learn; address fdcf:1adc:6b61:919e::1/126 { ndp fdcf:1adc:6b61:919e::2 mac 02:02:02:02:02:02; } } } mx80> show forwarding-options port-mirroring Instance Name: &global_instance Instance Id: 1 Input parameters: Rate : 1 Run-length : 1 Maximum-packet-length : 0 Output parameters: Family State Destination Next-hop inet up ge-1/3/5.0 192.168.12.2 inet6 up ge-1/3/5.0 fdcf:1adc:6b61:919e::2 After a week of stumbling about with config, this hardware based solution seems to be the most elegant, and at the cost of only one patch cable ;-) Thanks! ~paul _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp