<yambe:breadcrumb self="Analyzing traffic on juniper switches">Switch configuration notes|Switch configuration notes</yambe:breadcrumb>

Analyzing traffic on juniper switches

In juniper switches there are two separate concepts:

Analyzer configuration

This is similar to port mirroring on Dell or Cisco. We can select a set of interfaces as source and then a specific interface or VLAN as destination for port-mirroring / analyzer

Port mirroring

This is more advanced version of analyzer where we can write a filter to match against all incoming traffic on all interfaces. Then traffic which passes filter can be mirrored to a specific port or VLAN for analysis.

Setting VLAN as destination for port mirroring or analyzer can help in doing mirroring across different devices (Source machines can be on one switch and Destination analyzer can be on different switch) as long as selected VLAN for mirroring is trunked between the two devices.

Basic analyzer configuration

For basic analyzer configuration we need to remove all configuration from destination port even 'ethernet-switching':

set analyzer <analyzer-name-1> input ingress interface <interface-name-1>
set analyzer <analyzer-name-1> input egress interface <interface-name-1>

set analyzer <analyzer-name-1> output interface <interface-name-2>

In above example all incoming (ingress) and outgoing (egress) traffic from <interface-name-1> would be copied to <interface-name-2> for packet capture via wireshark / tcpdump etc.

Then we can see analyzer configuration via below in operational mode:

show analyzer

Refer:

• https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/port-mirroring-and-analyzers-configuring.html

<yambe:breadcrumb self="Analyzing traffic on juniper switches">Switch configuration notes|Switch configuration notes</yambe:breadcrumb>