http://www.juniper.net/techpubs/en_US/junos13.2/topics/task/configuration/port-mirroring-cli.html
However, I'll TL;DR that for you here...
First, you need to setup your analyzer (the port mirror):
Set the analyzer up, "employee_monitor" is just the name of the analyzer...from there, input the port your trying to mirror, and make sure you get the packets coming in (ingress), going out (egress), or both (see below).
set ethernet-switching-options analyzer employee_monitor input ingress interface ge-0/0/47.0
set ethernet-switching-options analyzer employee_monitor input egress interface ge-0/0/47.0
Also, tell it what port you're pushing the traffic to (output).
Next, you set the firewall up to tell the packets to go to the analyzer. This is REQUIRED for the port mirror to work properly.
set firewall family ethernet-switching filter employee_monitor term to-analyzer from interface ge-0/0/47.0
set firewall family ethernet-switching filter employee_monitor term to-analyzer then accept
set firewall family ethernet-switching filter employee_monitor term to-analyzer then analyzer employee_monitor
After that, you need to tell the port that it is an analyzer port now...
set interfaces ge-0/0/46 unit 0 family ethernet-switching filter input employee_monitor
That's it. Now you can setup something like Security Onion to monitor all your traffic!
Aaron
No comments:
Post a Comment