Port Mirroring Overview | Juniper Networks EX2500 manual

Appendix A

Monitoring Ports with Port Mirroring

This appendix explains port mirroring to help you monitor ports and troubleshoot common problems on the EX2500 switch. The following topics are discussed in this appendix:

Port Mirroring Overview on page 81

Configuring Port Mirroring on page 82

Port Mirroring Overview

The port mirroring feature in the EX2500 switch allows you to copy traffic from specified ports and forward it to another port for monitoring or packet analysis. The port that receives the copied traffic is called the monitor port. The ports being monitored, and the traffic being copied, are considered to be mirrored.

The port mirroring feature can be used as a troubleshooting tool or to enhance the security of your network. You can attach a sniffer, or packet analysis device, to the monitor port and examine the mirrored traffic without disrupting traffic on the mirrored ports. As an example, an IDS server can be connected to the monitor port to detect intruders attacking the network.

The EX2500 switch can mirror all types of Layer 2 and Layer 3 traffic. Up to four monitor ports can be configured. Each monitor port can receive mirrored traffic from multiple switch ports, but each specific switch port is permitted to be mirrored to only one monitor port. For each mirrored port, you can also specify whether to mirror only ingress traffic (traffic entering the switch port), only egress traffic (traffic leaving the switch port), or both.

Figure 15 shows an example of port mirroring.

Figure 15: Monitoring Ports

Regular Switch Port Traffic

SYS

SP

FAN L/A

ST-A	2
ST-B

Ingress	Egress	Ingress	Egress	Ingress	Egress

4 7 10

EX2500

B

A

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

CON RESET MGMT

Monitor Port

Mirrored Traffic

Port Mirroring Overview 81

Image 95

Juniper Networks EX2500 manual „ Port Mirroring Overview on „ Configuring Port Mirroring on

Contents

North Mathilda Avenue Sunnyvale, CA Configuration Guide Ii „ Table of Contents Chapter VLANs Rmon Overview Rmon Group 1-Statistics Rmon Group 2-History Chapter Ports and Trunking Indexes Port Mirroring Overview Configuring Port MirroringAppendixes Port-Based Vlan Assignment Default Vlan SettingsPage List of Tables EX2500 Ethernet Switch Configuration Guide „ List of Tables Supported Platforms About This GuideObjectives Audience Icon Meaning Description Documentation Conventions Requesting Technical Support List of Technical PublicationsDocumentation Feedback Opening a Case with Jtac Self-Help Online Tools and Resources EX2500 Ethernet Switch Applications Page Configuring the Management Interface Accessing the Switch Configure the default gateway. Enable the gateway Dynamic Host Configuration Protocol Using the EX2500 Web Device Manager Using Telnet Configuring EX2500 Web Device Manager Access via Https Configuring EX2500 Web Device Manager Access via Http SNMPv1, SNMPv2 Using Snmp SNMPv3 Default ConfigurationUser Configuration Configure an entry in the notify table Configuring Snmp Trap HostsSNMPv1 Trap Host Configuration SNMPv2 Trap Host Configuration SNMPv3 Trap Host Configuration Securing Access to the Switch Configure the Radius secret Radius Authentication and AuthorizationHow Radius Authentication Works Configuring Radius on the Switch Radius Authentication Features in the EX2500 Switch Radius Attributes for EX2500 User Privileges Switch User Accounts TACACS+ Authentication Features in the EX2500 Switch TACACS+ AuthenticationHow TACACS+ Authentication Works „ starttime „ stoptime „ elapsedtime „ disccause Configure the TACACS+ secret and second secret Command Authorization and LoggingConfiguring TACACS+ Authentication on the Switch SSH Encryption of Management Messages Configuring SSH Features on the SwitchGenerating RSA Host and Server Keys for SSH Access Secure Shell SSH Integration with Radius and TACACS+ Authentication End User Access Control User Access Control Considerations for Configuring End User Accounts Logging In to an End User Account Listing Current Users Vlan Overview VLANs Pvid Numbers „ Port configurationVLANs and Port Vlan ID Numbers Vlan Numbers Vlan Tagging Illustrates the default Vlan settings on the switch Default Vlan Settings Port-Based Vlan Assignment Vlan Topologies and Design Considerations Vlan Configuration Rules Multiple VLANs example in is described in Table Multiple VLANs Configuration Example Enable tagging on uplink ports that support multiple VLANs Private Vlan Ports Private VLANs Verify the configuration Private Vlan Configuration GuidelinesPrivate Vlan Configuration Example Configure a secondary Vlan and map it to the primary Vlan Spanning Tree Overview Spanning Tree Protocol Bridge Priority Bridge Protocol Data Units BPDUsDetermining the Path for Forwarding BPDUs Port Path Cost Spanning Tree Group Configuration GuidelinesChanging the Spanning Tree Mode Port Priority Adding and Removing Ports from STGs Creating a VlanRules for Vlan Tagged Ports Port State Changes Rapid Spanning Tree Protocol Edge Port Rstp Configuration GuidelinesRstp Configuration Example Port Type and Link Type Per Vlan Rapid Spanning Tree Default Spanning Tree ConfigurationWhy Do We Need Multiple Spanning Trees? Configuring Pvrst Pvrst Configuration Guidelines Common Internal Spanning Tree Mstp Configuration GuidelinesMultiple Spanning Tree Protocol Mstp Region Implementing Multiple Spanning Tree Groups Multiple Spanning Tree Groups Configuration Example Vlan Fast Uplink Convergence Configuring Fast Uplink Convergence Configuration Guidelines Statistical Load Distribution Ports and TrunkingTrunking Overview Trunk Group Configuration Rules Built-In Fault ToleranceBefore Configuring Static Trunks Port Trunk Group Configuration Example Port Trunking Configuration Example Follow these steps on the EX2500 switch Define a trunk group „ Destination IP DIP Configurable Trunk Hash AlgorithmLink Aggregation Control Protocol „ Destination MAC Dmac 48 „ Link Aggregation Control Protocol Set the Lacp mode Lacp Configuration GuidelinesConfiguring Lacp Optionally Reducing Lacp Timeout Ex2500config-if# lacp timeout short ex2500config-if# exit QoS Overview Quality of Service COS Using ACL Filters To delete an IP Standard ACL MAC Extended ACLsIP Standard ACLs To delete a MAC Extended ACL To delete an IP Extended ACL IP Extended ACLs TCP/UDP Understanding ACL Priority ACL Example 1-Blocking Traffic to a Host ACL Configuration ExamplesAssigning ACLs to a Port Viewing ACL Statistics Add the ACL to a port ACL Example 3-Blocking Http Traffic Assign the ACLs to a port ACL Example 4-Blocking All Except Certain Packets Broadcast Storms Using Storm Control FiltersConfiguring Storm Control Differentiated Services Concepts Using Dscp Values to Provide QoS Assured Forwarding Drop Precedence Class Per Hop Behavior Dscp Mapping Use the following command to perform Dscp mappingQoS Levels Shows the priority bits in a VLAN-tagged packet Using 802.1p Priority to Provide QoS Queuing and Scheduling Rmon Overview Remote Monitoring Rmon Group 1-Statistics Configure the Rmon statistics on a port Rmon Group 2-History Configuring Rmon HistoryConfigure the Rmon History parameters for a port This configuration enables Rmon History collection on port Configure the Rmon Alarm parameters to track Icmp messages Rmon Group 3-AlarmsAlarm MIB Objects Configuring Rmon Alarms Rmon Group 9-Events Ex2500config# rmon event 110 type log-onlyPage Igmp Snooping Igmp FastLeave IGMPv3 Snooping Igmp Snooping Configuration Example Ex2500# show ip igmp groups Static Multicast Router High Availability Overview High Availability Through Uplink Failure Detection Failure Detection Pair Spanning Tree Protocol with UFD UFD Configuration Guidelines Monitoring UFD UFD Configuration ExamplePage Appendixes EX2500 Ethernet Switch Configuration Guide 80 „ Appendixes Port Mirroring Overview „ Port Mirroring Overview on „ Configuring Port Mirroring on Configuring Port Mirroring „ Index on Indexes EX2500 Ethernet Switch Configuration Guide 84 „ Indexes Numerics Index Internet Group Management Protocol. See Igmp Management interface, configuringMulti-links between switches, port trunking Physical. See switch ports Segmentation. See IP subnets Segments. See IP subnets Quality of Service. See QoSQoS Security Example showing multiple VLANs Virtual Local Area Networks. See VLANs