Switching

Expand all | Collapse all

EX 4600 Making port only transmit

Jump to Best Answer
  • 1.  EX 4600 Making port only transmit

    Posted 02-13-2020 18:57

    Hi everyone,

    Please consider the following example:

    Traffic -g0/0/1- EXSW-ge0/0/2---IDS

    Above we are port mirroring all traffic entering/exiting ge0/0/1 and sending output to ge0/0/2 where IDS is connected.

    To avoid all traffic coming back from IDS into ge0/0/2 ( say NIC on IDS is faulty), we can do following:

     Apply a filter inbound on ge0/0/2 that denies all traffic.

    In Cisco, we can simply configure the port ge0/0/2 to transmit only thus no filter is needed.

    Do we have such funtionaility on EX 4600 SW where EX swicth ge-0/0/2 can only tranmsit.

    Thanks and have a good night!!

     

     

     

     



  • 2.  RE: EX 4600 Making port only transmit

     
    Posted 02-13-2020 22:42
    Hello Sarah,

    There is a "unidirectional" link-mode feature available for some MX platforms, however this isn't supported on EX4600.

    Feature description:
    https://www.juniper.net/documentation/en_US/junos/topics/concept/ethernet-unidirectional-flow-on-physical-interfaces.html
    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-enabling-unidirectional-traffic-flow-on-physical-interfaces.html

    Support for this feature:
    https://apps.juniper.net/feature-explorer/feature-info.html?fKey=3134&fn=Unidirectional%20link%20support

    Hope this helps.

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).


  • 3.  RE: EX 4600 Making port only transmit
    Best Answer

    Posted 02-14-2020 00:22

    Hi ,

     

    In case of junos it does support unidirectional flow refer to the below link :

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/ethernet-unidirectional-flow-on-physical-interfaces.html

    But is it supported only in models 

    • 4–port 10–Gigabit Ethernet DPC on the MX960 router

    • 10–Gigabit Ethernet IQ2 PIC and 10–Gigabit Ethernet IQ2E PIC on the T Series router

    As your using a EX4600 it does not support unidirectional flow 

     

    To answer your question :

    > Do we have such funtionaility on EX 4600 SW where EX swicth ge-0/0/2 can only tranmsit?

     

    when a port is used as a destination port in port mirroring , 

    the traffic from the source port is dumped on the destination port

    the server connected on the destination port and the switch port there is no control traffic passed between them , there is only egress of traffic from the switch port to server 

    there is no ingress traffic from the server to the switch 

    hence no filter is required 

     

    > incase the NIC card on the server goes down , the port on the switch side also goes down 

    that will trigger a syslog message 

     



  • 4.  RE: EX 4600 Making port only transmit

     
    Posted 02-14-2020 01:36

    Hello Sharanya,

     

    Thanks for chiming in.  Just note that in the question the situation or need where we might expect traffic back from server is mentioned i.e. "To avoid all traffic coming back from IDS into ge0/0/2 ( say NIC on IDS is faulty)".  Hence using a firewall filter is the right/possible way to avoid such traffic back from the server.

     

    Hope this helps.

     

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).

     



  • 5.  RE: EX 4600 Making port only transmit

    Posted 02-14-2020 02:08

    Hi Mriyaz ,

     

    I agree with you firewall filter with discard should do it 

     

    Regards 

    Sharanya



  • 6.  RE: EX 4600 Making port only transmit

    Posted 02-14-2020 11:11

    when a port is used as a destination port in port mirroring , 

    the traffic from the source port is dumped on the destination port

    the server connected on the destination port and the switch port there is no control traffic passed between them , there is only egress of traffic from the switch port to server 

    there is no ingress traffic from the server to the switch 

    hence no filter is required 

    ##########################################################

    Yes,  normally, but if traffic is looped back, because of faulty NIC,  connected to destinaion port, filter can overcome such issue.

     

    Appreciated !!

     

    Have a good weekend!!

     

     



  • 7.  RE: EX 4600 Making port only transmit

    Posted 02-14-2020 11:11

    Hello Sarah,

     

    I agreed with Mriyaz as well, firewall filter should do the trick…I just want to bring this limitation to you, so you can be aware of it.

     

    True egress mirroring is defined as mirroring the exact number of copies and the exact packet modifications that went out the egress switched port. Because the processor on QFX5xxx (including QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210) and EX4600 (including EX4600 and EX4650) switches implements egress mirroring in the ingress pipeline, those switches do not provide accurate egress packet modifications, so egress mirrored traffic can carry incorrect VLAN tags that differ from the tags in the original traffic.

     

    If this solves your problem, please mark this post as "Accepted Solution" so we can help others too 😄

     

    Warm regards,

    Pablo Restrepo -