Services on the QFX Series - Juniper.net

More documents

Recommendations

Info

<strong>Services</strong> on the QFX Series Requirements This example uses the following hardware and software components: • Junos OS Release 12.1 for the QFX Series • A switch Overview and Topology This topic includes two related examples that describe how to mirror traffic entering ports on the switch to an analyzer VLAN so that you can perform analysis using a remote device. The first example shows how to mirror all traffic sent by employee computers to the switch. The second example includes a filter to mirror only the employee traffic going to the Web. In this example: • Interfaces ge-0/0/0 and ge-0/0/1 are Layer 2 interfaces that connect to employee computers. • Interface ge-0/0/10 is a Layer 2 interface that connects to another switch. • VLAN remote-analyzer is configured on all switches in the topology to carry the mirrored traffic. NOTE: In addition to performing the configuration steps described here, you must also configure the analyzer VLAN (remote-analyzer in this example) on the other switches that are used to connect the source switch (the one in this configuration) to the one that the monitoring station is connected to. Mirroring All Employee Traffic for Remote Analysis CLI Quick Configuration To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the edit hierarchy level: [edit] set vlans remote-analyzer vlan-id 999 set interfaces ge-0/0/10 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members 999 set ethernet-switching-options analyzer employee-monitor input ingress interface ge-0/0/0.0 set ethernet-switching-options analyzer employee-monitor input ingress interface ge-0/0/1.0 set ethernet-switching-options analyzer employee-monitor output vlan remote-analyzer 18 Copyright © 2013, Juniper Networks, Inc.
Chapter 3: Configuration Examples Step-by-Step Procedure To configure basic remote port mirroring: 1. Configure the analyzer VLAN (called remote-analyzer in this example): [edit vlans] user@switch# set vlans remote-analyzer vlan-id 999 2. Configure the interface connected to another switch for trunk mode and associate it with the remote-analyzer VLAN: [edit interfaces] user@switch# set ge-0/0/10 unit 0 family ethernet-switching port-mode trunk user@switch# set ge-0/0/10 unit 0 family ethernet-switching vlan members 999 3. Configure the employee-monitor analyzer: [edit ethernet-switching-options] user@switch# set analyzer employee–monitor user@switch# set analyzer employee-monitor input ingress interface ge-0/0/0.0 user@switch# set analyzer employee-monitor input ingress interface ge-0/0/1.0 user@switch# set analyzer employee-monitor output vlan remote-analyzer 4. Configure the remote-analyzer VLAN on the switches that connect this switch to the monitoring workstation. Results Check the results of the configuration: [edit] user@switch# show ethernet-switching-options { analyzer employee-monitor { input { ingress { interface ge-0/0/0.0; interface ge-0/0/1.0; } } output { vlan { remote-analyzer; } } } } Mirroring Employee-to-Web Traffic for Remote Analysis CLI Quick Configuration To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the edit hierarchy level: [edit] set vlans remote-analyzer vlan-id 999 set interfaces ge-0/0/10 unit 0 family ethernet-switching port mode trunk set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members 999set ethernet-switching-options analyzer employee-web-monitor loss-priority high output vlan 999 set firewall family ethernet-switching filter watch-employee term employee-to-web from destination-port 80 Copyright © 2013, Juniper Networks, Inc. 19
Page 1 and 2: Services on the QF
Page 3 and 4: Table of Contents About the Documen
Page 5 and 6: Table of Contents Part 3 Administra
Page 7 and 8: List of Figures Part 2 Configuratio
Page 9 and 10: List of Tables About the Documentat
Page 11 and 12: About the Documentation Documentati
Page 13 and 14: About the Documentation [edit] user
Page 15 and 16: About the Documentation https://www
Page 17 and 18: PART 1 Overview • Port Mirroring
Page 19 and 20: CHAPTER 1 Port Mirroring Understand
Page 21 and 22: Chapter 1: Port Mirroring Table 3:
Page 23 and 24: Chapter 1: Port Mirroring • CPU-g
Page 25 and 26: CHAPTER 2 DHCP Relay DHCP and BOOTP
Page 27 and 28: PART 2 Configuration • Configurat
Page 29 and 30: CHAPTER 3 Configuration Examples
Page 31 and 32: Chapter 3: Configuration Examples u
Page 33: Chapter 3: Configuration Examples V
Page 37 and 38: Chapter 3: Configuration Examples }
Page 39 and 40: CHAPTER 4 Configuration Tasks Confi
Page 41 and 42: Chapter 4: Configuration Tasks c. S
Page 43 and 44: Chapter 4: Configuration Tasks rela
Page 45 and 46: CHAPTER 5 Configuration Statements
Page 47 and 48: Chapter 5: Configuration Statements
Page 85 and 86:
PART 3 Administration • Monitorin
Page 87 and 88:
CHAPTER 8 Monitoring Commands for P
Page 89 and 90:
Chapter 8: Monitoring Commands for
Page 91 and 92:
PART 4 Troubleshooting • Troubles
Page 93 and 94:
CHAPTER 9 Troubleshooting Procedure
Page 95 and 96:
Chapter 9: Troubleshooting Procedur
show all

Services on the QFX Series - Juniper.net

Create successful ePaper yourself

Delete template?

Save as template?