This lab will discuss and demonstrate the configuration and verification of port mirroring used to replicate traffic on a specific port to another switchport which is commonly used for troubleshooting and packet capture using wireshark.
Fortunately, this lab is going to be extremely self explanatory. If you have ever worked with Cisco switches than you may be familiar with the Session Port Analyzer configuration known as a SPAN. The basic principal is port mirroring where you’re taking traffic being sent and/or received on a specific interface and replicating that traffic to another interface for the use of packet analysis, troubleshooting and compliance logging.
As like all network vendors, they all call the same technology something different. Cisco calls it SPAN’s, Juniper calls it analyzer.
This lab will focus on configuring port mirroring (analyzer) on the Juniper EX Series switches with R1 simulating network traffic and R2 the port mirror destination.
This simple 2 step process starts with defining the analyzer name followed by the input and direction of traffic followed by the interface. An example is given below;
root@SW1# set ethernet-switching-options analyzer PORT_MIRROR_1 input ingress interface ge-0/0/0
Next up we need to define the output (destination) interface which traffic coming in on Ge-0/0/0 will be replicated to. This is done using a simaliar command where you define the output interface as shown below;
root@SW1# set ethernet-switching-options analyzer PORT_MIRROR_1 output interface ge-0/0/1
Once this has been commited you can than verify the configuration using the show analyzer command as demonstrated below;
root@SW1> show analyzer Analyzer name : PORT_MIRROR_1 Output interface : ge-0/0/1.0 Mirror ratio : 1 Loss priority : Low Ingress monitored interfaces : ge-0/0/0.0 root@SW1>
Unlike Cisco you have additional capabilities on the Juniper switch such as defining a ratio of packets to mirror known as sampling. This ratio basically makes the analyzer replicate 1 packet out of configured variable number between 1 and 2047. So for example a ratio was configured to 100, 1 packet out of 100 would be mirrored. Example configuration below;
root@SW1# set ethernet-switching-options analyzer PORT_MIRROR_1 ratio 100
So why would you want to use port mirror sampling? Lets say you have a 10Gbps interface and you want to monitor it but your laptop only has a 1Gbps interface. In this case you can sample the 10Gbps traffic at 1 packet per 25 and not overload the output port or your laptop. While you may notice not all traffic is mirrored and you may lose valuable packet information, this of course is up to your discrimination.
Another cool feature you have available to you on Juniper but not Cisco is loss priority. Loss priority is a feature that determines which traffic takes priority. By default the switch applies a lower priority to all mirrored traffic thus giving regular traffic priority. With this in mind traffic that is mirrored with a low priority would be dropped before higher priority traffic. The traffic analyzer can be set so that mirrored traffic is a higher priority than regular traffic using the following command;
root@SW1# set ethernet-switching-options analyzer PORT_MIRROR_1 loss-priority high
Also note that Juniper router(s) also support traffic analyzer(s) however other restrictions may apply such as firewall policy configuration or hardware limitations.
The following logical topology is used in all labs found through out Section 4 of the Junos Workbook;
To view the physical cabling topology please visit the Topology page.
Prior to starting this lab please zeroize R1, R2, R3 and SW1. Afterwards, log in to the lab devices using the root account and start a CLI session and load the following initial configuration(s) by copying and pasting them into the device console.
This lab requires that you have access to real Juniper EX Series Switches and cannot be completed using the vSRX platform. If you do not have Juniper switches or you cannot
afford to purchase them than you can rent lab time on the Juno Lab provided by Junos Workbook where you have access to four EX3200-24 Switches and four J2320 routers which can
be used to complete this lab.
In this lab you will complete the following objectives.
It is recommended that you attempt to complete these lab objectives the first time without looking at the Lab Instruction section.
If you are a student preparing for the Juniper JNCIA Certification Exam than you are more likely to remember how to complete these objectives if you attempt to complete them the
first time on your own with the use of the core knowledge section found in this lab. You should only resort to the Lab Instruction section to verify your work.
The follow lab instruction is performed on the Juno Lab provided by Junos Workbook which use real Juniper EX3200-24T switches. This lab cannot be performed on vSRX due to the lack of switching support.