RSPAN (Remote Port mirroring) can support cisco & Juniper Switch.
If any body know the configuration. please let me know the configurations.
juniper switch junos Version 10.1R1.8
I think this link can help.
It is unbelievable how many restrictions there are in Juniper compared to Cisco:
- Ex4300 RSPAN Vlan destination is supported, but traffic is sent out only on _one_ interface. Which one is not deterministic. RSPAN vlan ist NOT flooded to all ports.
- Ex4200: RSPAN Vlan destination is supported, but not on aggregated ethernet.
- Ex4300/Ex4200: Even in a Vlan configured with no-mac-learning (all show commands show "mac * -> Flood", no MAC addressed, a.s.o): if a second port will receive frame with same MAC address, only one of the two frames is forwarded! *)
- Ex4300 (the Ex4200 can have only one active analyzer!): Two analyzers cannot have the same destination Vlan. Why not? Not the same port might make sense, but Vlan?
- Ex4300: destionation option "no-tag" is only possible on destination vlan? What's that for? It would be reasonable, if it strips the inner Vlan - but it stripps the outer (the RSPAN) tag! IMHO this is just a bug. Having no-tag would be a great option on destionation interface!
- Still (up to current releases) there is that typo: "Removes extra RSAPN tag from mirrored packets". Or do I just not understand what an RSAPN tag is?
*) Scenario: host X is sending to upstream A and B. Port mirror on link to A and B because we want to prove that it is sent out! If A and B is on two different switches, you will see only one stream on the destination switch for the RSPAN vlan.
I'm working hard for 4 weeks now to find a suitable concept permanentely mirror my plattform and feed that into our traffic analyzer as we did with the Ciscos before. I'm considering reinstall the Ciscos for the mirror traffic distribution. Can that be?
Greetings, this is possible here is a sample of the configuration that would do the job:
Configuring Port Mirroring for Remote Traffic Analysis (ELS)To mirror traffic that is traversing interfaces or a VLAN on the switch to a VLAN for analysis from a remote location:
Configure a VLAN to carry the mirrored traffic. This VLAN is called remote-analyzer and given the ID of 999 by convention in this KB:
user@switch# set vlans remote-analyzer vlan-id 999Set the uplink module interface that is connected to the distribution switch to trunk mode and associate it with the remote-analyzer VLAN:
user@switch# set interfaces ge-0/1/1 unit 0 family ethernet-switching port-mode trunk vlan members 999Configure the analyzer. Choose a name and set the loss priority to high. Loss priority should always be set to high when configuring for remote port mirroring:[edit forwarding-options]user@switch# set analyzer employee-monitor loss-priority highSpecify the traffic to be mirrored- in this example the packets entering ports ge-0/0/0 and ge–0/0/1:
[edit forwarding-options]user@switch#set analyzer employee-monitor input ingress interface ge-0/0/0.0user@switch#set analyzer employee-monitor input ingress interface ge-0/0/1.0Specify the remote-analyzer VLAN as the output for the analyzer:
[edit forwarding-options]user@switch#set analyzer employee-monitor output vlan 999Optionally, you can specify a statistical sampling of the packets by setting a ratio:[edit forwarding-options]user@switch# set analyzer employee-monitor ratio 200When the ratio is set to 200, 1 out of every 200 packets is mirrored to the analyzer. You can use this to reduce the volume of mirrored traffic as a very high volume of mirrored traffic can be performance intensive for the switch.
If you are missing some traffic or you need this traffic to be untagged please use this knob: no-tag
set forwarding-options analyzer PAN-Test output vlan 999 no-tag
If you are trying another variation, please check the for RSPAN limitations:
If you are using Wireshark as the analyzer software you might get the packets marked as ERSPAN which Wireshark reports them as fake ERSPAN.
> you can decode the following.> -----------------------------------> select menu:> Edit -> preferences -> protocol -> ERSPAN>> Check:> "FORCE to decade fake ERSPAN frame:".> you can decode the following.> -----------------------------------> select menu:> Edit -> preferences -> protcol -> ERSPAN>> Check:> "FORCE to decade fake ERSPAN frame:".
Regards,Lil Dexx JNCIE-ENT#863
If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/
I've been having all sorts of drama trying to set up the same thing. We have a 10G wireless link between 2 buildings that works on Layer 2. We have a bunch of VLANs being spanned across this link. I recently tried to set up an analyzer VLAN to be added to the list of VLANs going across this link and configure remote port mirroring.
What ends up happening is that if I enable an analyzer on our EX4300s at either side of the link and output to the analyzer VLAN I lose the ability to ping traffic that should be going across ONE of the other VLANs. Depending on which side of the link the messed up VLAN will be different for each side.
The most frustrating thing is that other VLANs on this trunk are not affected and can still ping. I am starting to believe that Juniper won't allow you to put the analyzer traffic on the same link as the monitored VLANs but the results I get also make me think it should be possible.
Just to share, don't bother trying RSPAN over Cisco through Juniper or vice versa. It won't work,
Do note the limitations on the EX3200/4200 and EX8200 using SPAN. If you use more than 2 analyzers (up to 7) on the EX8200 you need to use filrewall filters for the 2nd analyzer onwards.
The configuration is more of less covered in the previous post.