JUNOSe 7.2.x Policy Management Configuration Guide
152 ! Configuring CLI-Based Packet Mirroring
Figure 8: CLI-Based Interface Mirroring
Enabling and Securing CLI-Based Packet Mirroring
The JUNOSe software enables you to create a secure environment for your packet
mirroring operation by restricting access to the packet mirroring CLI commands
and information. For example, when dealing with a critical diagnostic or
troubleshooting procedure, you might want the packet mirroring feature to be
available and visible to a subset of your network operations group. Or, if you are
monitoring confidential traffic from a particular user, you might want the
configuration and results of the mirroring operation to be available only to a unique
group, such as the management group of the analyzer device.
By default, the packet mirroring configuration commands are hidden from all users.
You must use the mirror-enable command to make the commands visible, which
then enables you to configure the packet mirroring environment. The command
applies only to the current CLI session. When you log off the current session and
then log on again, the packet mirroring commands are no longer visible,
Analyzer
interface
Port-mirroring
interface
Interface
CE
E-series router
Destination
CE
Port-mirroring
interface
Interface
Analyzer
interface
Ingress mirrored interface
Egress mirrored interface
g013226
E-series router
Analyzer
device
Analyzer
device
NOTE: The no mirror-enable command makes the packet mirroring commands
no longer visible. However, any active mirroring sessions are unaffected and traffic
continues to be mirrored.
To Next Page
Loading...
Need help?
General
