set interfaces ge-0/0/0 unit 0 description "Source Port"
set interfaces ge-0/0/0 unit 0 family inet filter input mirror
set interfaces ge-0/0/0 unit 0 family inet filter output mirror
set interfaces ge-0/0/0 unit 0 family inet address 172.16.20.1/30
set interfaces ge-7/0/0 unit 0 description "Result Port (TCPdump/Wireshark)"
set interfaces ge-7/0/0 unit 0 family inet address 192.168.0.1/30
set forwarding-options port-mirroring mirror-once
set forwarding-options port-mirroring family inet input rate 1
set forwarding-options port-mirroring family inet output interface ge-7/0/0.0 next-hop 192.168.0.2
set forwarding-options port-mirroring family inet output no-filter-check
set firewall filter mirror term Mirror then port-mirror
set firewall filter mirror term Mirror then accept
ref.
Cisco IOS Port Mirroring for Packet Capture
Cisco IOS embedded packet capture
3 comments:
You should add a static ARP entry for the output interface.
Hi Sivi92, thanks for comment.
As my experience about that, several time I have used port mirror with that config, it's never add a static ARP.
But I ever got problem same with you, add static ARP entry for connectivity with JunOS device. Every time I connect with JunOS, ARP is not learn automaticly, and must add static ARP, after reboot device, ARP can learn again :-)
Post a Comment