Search My Techie Guy

Friday, June 17, 2016

How to configure port mirroring on juniper MX series routers?

Summary: 

 How to configure port mirroring on juniper MX series routers?

 Problem or Goal:

 You are in a situation where you want to capture and analyse live traffic in/out of a juniper MX series router interface. The most common network analyzer tool is wireshark.

 Cause:

 There are so many scenarios why you might want to capture and analyze network traffic at protocol level, in many cases you would be troubleshooting an application or network problem.

 Solution:

 In this example, a laptop with a network analyzer tool (Wireshark) is connected to port ge-1/1/2 of the router.
The traffic of interest is in/out of interfaces ge-1/1/0 and ge-1/1/1, i.e. from the clients laptops towards the webserver, two-way. 

Port Mirroring on Juniper MX series routers
1. Configure the interface where you are going to connect the wireshark laptop

 set interface ge-1/1/2 description to_wireshark_laptop 
set interface ge-1/1/2 unit 0 family inet address 192.168.0.1/30
set interfaces ge-1/1/2 unit 0 family inet address 192.168.0.1/30 arp 192.168.0.2 mac A0:1D:48:B3:A1:26

2. Create the filter for example this filter is called "wireshark_capture"

 set firewall filter wireshark_capture term 1 from source-address 0.0.0.0/0
set firewall filter wireshark_capture  term 1 from destination-address 0.0.0.0/0
set firewall filter wireshark_capture term 1 then port-mirror
set firewall filter wireshark_capture term 1 then count output-pm
set firewall filter wireshark_capture term 1 then accept

 set firewall filter wireshark_capture term allow-all-else then accept

 3. Apply the filter to the interfaces carrying the traffic of interest

 set interfaces ge-1/1/0  unit 0 family inet filter output wireshark_capture 
set interfaces ge-1/1/0  unit 0 family inet filter input wireshark_capture 
set interfaces ge-1/1/1  unit 0 family inet filter output wireshark_capture 
set interfaces ge-1/1/1  unit 0 family inet filter input wireshark_capture 

 4. Configure the port mirror

 set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring input run-length 1
set forwarding-options port-mirroring family inet output interface ge-1/1/2.0 next-hop 192.168.0.2
set forwarding-options port-mirroring family inet output no-filter-check

5. Commit the configuration

 #commit check
#commit
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)