[j-nsp] Port-Mirroring on auto-configuration interfaces

Tue, 30 Sep 2014 06:34:08 -0700 

Hi guys,
does anybody know if it’s possible to setup a port-mirror for autoconfiguration-interfaces or do i need an externel tap device ? Here’s the configuration of ge-1/0/3 where i would like to see all input- and output-traffic (for all VLANs). Dynamic profiles are attached below 

MX240> show configuration interfaces ge-1/0/3
flexible-vlan-tagging;
auto-configure {
    stacked-vlan-ranges {
        dynamic-profile AUTOVLAN-DEMUX-PROFILE {
            accept any;
            ranges {
                any,132-132;
                any,232-232;
                any,432-432;
                any,532-532;
            }
        }
        authentication {
            password lab;
            username-include {
                interface-name;
            }
        }
        access-profile NO-RADIUS-AUTH;
    }
    remove-when-no-subscribers;
}
encapsulation flexible-ethernet-services;

Dynamic profiles:
-----------------------------
AUTOVLAN-DEMUX-PROFILE {
    routing-instances {
        "$junos-routing-instance" {
            interface "$junos-interface-name";
        }
    }
    interfaces {
        demux0 {
            unit "$junos-interface-unit" {
                demux-source [ inet inet6 ];

                vlan-tags outer "$junos-stacked-vlan-id" inner 
"$junos-vlan-id";

                demux-options {
                    underlying-interface "$junos-interface-ifd-name";
                }
                family inet {
                    rpf-check fail-filter RPF-PASS-DHCP;
                    unnumbered-address "$junos-loopback-interface";
                }
                family inet6 {
                    unnumbered-address "$junos-loopback-interface";
                }
            }
        }
    }
}

IP-DEMUX-PROFILE {
    routing-instances {
        "$junos-routing-instance" {
            interface "$junos-interface-name" {
                any;
            }
        }
    }
    interfaces {
        demux0 {
            unit "$junos-interface-unit" {
                proxy-arp;
                demux-options {
                    underlying-interface "$junos-underlying-interface";
                }
                family inet {
                    demux-source {
                        $junos-subscriber-ip-address;
                    }
                    unnumbered-address "$junos-loopback-interface";
                }
                family inet6 {
                    demux-source {
                        "$junos-subscriber-ipv6-multi-address";
                    }
                    unnumbered-address "$junos-loopback-interface";
                }
            }
        }
    }
    protocols {
        router-advertisement {
            interface "$junos-interface-name" {
                managed-configuration;
                other-stateful-configuration;
                prefix ::/0 {
                    no-on-link;
                    no-autonomous;
                }
            }
        }
    }
}

Regards,
Alex
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp













    











					Reply via email to