JUNOSe 7.2.x Policy Management Configuration Guide
160 ! Configuring CLI-Based Packet Mirroring
! Secure policies do not support classification. Therefore, the only classifier group
you can use is classifier-group *.
! If you modify the rules in the classifier group while the secure policy is attached
to one or more interfaces, the modified policy takes effect when you exit Policy
Configuration mode.
! Example
host1(config)#secure ip policy-list securePolicyIp4
host1(config-policy-list)#classifier-group *
host1(config-policy-list-classifier group)#
! Use the no version to remove the rule from the classifier group and restore the
default rule, which disables packet mirroring.
ip analyzer
! Use to configure an interface as an analyzer port.
! You can use the default keyword to configure an interface as the virtual router’s
default analyzer port; it is then used when an analyzer port is not explicitly
specified in the ip mirror command. You cannot configure multiaccess
interfaces, such as IP over Ethernet, as default analyzer ports.
! You can configure any type of IP interface on the E-series router as an analyzer
port, except for special interfaces such as SRP interfaces, null interfaces, and
loopback interfaces.
! An interface cannot be both an analyzer port and a mirrored interface at the
same time.
! A single analyzer port can serve multiple mirrored sessions.
! The receive side of an analyzer port is disabled; all traffic attempting to access
the router through an analyzer port is dropped.
! Analyzer ports drop all nonmirrored traffic.
! Policies are not supported on analyzer ports. When you configure an analyzer
port, existing policies are disabled, and no new policies are accepted.
! Example
host1(config-if)#ip analyzer default
! Use the no version to remove the analyzer port configuration from the
interface.
ip mirror
! Use to enable mirroring on the specified interface and to direct the mirrored
traffic to the analyzer port.
! You can configure any type of IP interface on the E-series router as a mirrored
interface, except for special interfaces such as SRP interfaces, null interfaces,
and loopback interfaces.
NOTE: This command is deprecated and might be removed completely in a future
release. The function provided by this command has been replaced by the ip
policy command used with the secure-input and secure-output keywords.
To Next Page
Loading...
Need help?
General
