Switching

Expand all | Collapse all

Remote port mirror configuration for JUNIPER EX-switch and Cisco switch

  • 1.  Remote port mirror configuration for JUNIPER EX-switch and Cisco switch

    Posted 11-08-2010 03:14

     

    Hi,

     

    RSPAN (Remote Port mirroring) can support cisco & Juniper Switch.

     

    If any body know the configuration. please let me know the configurations.

     

    juniper switch junos Version 10.1R1.8

     



  • 2.  RE: Remote port mirror configuration for JUNIPER EX-switch and Cisco switch

    Posted 11-10-2010 05:55


  • 3.  RE: Remote port mirror configuration for JUNIPER EX-switch and Cisco switch

    Posted 06-24-2014 01:26
    The remote-span 'S output when it sent to trunk link. Has it got limitation that trunk is only permit only one vlan? I configured as per weblink. But it doesn't work , I think on juniper might permit only one vlan per trunk link.


  • 4.  RE: Remote port mirror configuration for JUNIPER EX-switch and Cisco switch

    Posted 02-21-2017 06:44

    It is unbelievable how many restrictions there are in Juniper compared to Cisco:

     

    - Ex4300 RSPAN Vlan destination is supported, but traffic is sent out only on _one_ interface. Which one is not deterministic. RSPAN vlan ist NOT flooded to all ports.

    - Ex4200: RSPAN Vlan destination is supported, but not on aggregated ethernet.

    - Ex4300/Ex4200: Even in a Vlan configured with no-mac-learning (all show commands show "mac * -> Flood", no MAC addressed, a.s.o): if a second port will receive frame with same MAC address, only one of the two frames is forwarded! *)

    - Ex4300 (the Ex4200 can have only one active analyzer!): Two analyzers cannot have the same destination Vlan. Why not? Not the same port might make sense, but Vlan?

    - Ex4300: destionation option "no-tag" is only possible on destination vlan? What's that for? It would be reasonable, if it strips the inner Vlan - but it stripps the outer (the RSPAN) tag! IMHO this is just a bug. Having no-tag would be a great option on destionation interface!

    - Still (up to current releases) there is that typo: "Removes extra RSAPN tag from mirrored packets". Or do I just not understand what an RSAPN tag is?

     

    *) Scenario: host X is sending to upstream A and B. Port mirror on link to A and B because we want to prove that it is sent out! If A and B is on two different switches, you will see only one stream on the destination switch for the RSPAN vlan.

     

    I'm working hard for 4 weeks now to find a suitable concept permanentely mirror my plattform and feed that into our traffic analyzer as we did with the Ciscos before. I'm considering reinstall the Ciscos for the mirror traffic distribution. Can that be?

     

    br

    Walter



  • 5.  RE: Remote port mirror configuration for JUNIPER EX-switch and Cisco switch

     
    Posted 01-29-2020 14:08

    Hi schoberw,

     

     

    Greetings, this is possible here is a sample of the configuration that would do the job:

     

    Configuring Port Mirroring for Remote Traffic Analysis (ELS)
    To mirror traffic that is traversing interfaces or a VLAN on the switch to a VLAN for analysis from a remote location:

    Configure a VLAN to carry the mirrored traffic. This VLAN is called remote-analyzer and given the ID of 999 by convention in this KB:

    [edit]
    user@switch# set vlans remote-analyzer vlan-id 999
    Set the uplink module interface that is connected to the distribution switch to trunk mode and associate it with the remote-analyzer VLAN:

    [edit]
    user@switch# set interfaces ge-0/1/1 unit 0 family ethernet-switching port-mode trunk vlan members 999
    Configure the analyzer. Choose a name and set the loss priority to high. Loss priority should always be set to high when configuring for remote port mirroring:
    [edit forwarding-options]
    user@switch# set analyzer employee-monitor loss-priority high
    Specify the traffic to be mirrored- in this example the packets entering ports ge-0/0/0 and ge–0/0/1:

    [edit forwarding-options]
    user@switch#set analyzer employee-monitor input ingress interface ge-0/0/0.0
    user@switch#set analyzer employee-monitor input ingress interface ge-0/0/1.0
    Specify the remote-analyzer VLAN as the output for the analyzer:

    [edit forwarding-options]
    user@switch#set analyzer employee-monitor output vlan 999
    Optionally, you can specify a statistical sampling of the packets by setting a ratio:
    [edit forwarding-options]
    user@switch# set analyzer employee-monitor ratio 200
    When the ratio is set to 200, 1 out of every 200 packets is mirrored to the analyzer. You can use this to reduce the volume of mirrored traffic as a very high volume of mirrored traffic can be performance intensive for the switch.

     

    Source: https://kb.juniper.net/InfoCenter/index?page=content&id=KB10878&cat=SWITCH_PRODUCTS&actp=LIST

     

    If you are missing some traffic or you need this traffic to be untagged  please use this knob: no-tag

    e.i

     

    set forwarding-options analyzer PAN-Test output vlan 999 no-tag

     

    If you are trying another variation, please check the for RSPAN limitations:

     

    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/port-mirroring-limitations-qfx-series.html

     

     


    If you are using Wireshark as the analyzer software you might get the packets marked as ERSPAN which Wireshark reports them as fake ERSPAN.


    > you can decode the following.
    > -----------------------------------
    > select menu:
    > Edit -> preferences -> protocol -> ERSPAN
    >
    > Check:
    > "FORCE to decade fake ERSPAN frame:".
    > you can decode the following.
    > -----------------------------------
    > select menu:
    > Edit -> preferences -> protcol -> ERSPAN
    >
    > Check:
    > "FORCE to decade fake ERSPAN frame:".

     

     

    Regards,
    Lil Dexx JNCIE-ENT#863

     

    If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

     

     

     

     



  • 6.  RE: Remote port mirror configuration for JUNIPER EX-switch and Cisco switch

    Posted 03-10-2020 21:26

    I've been having all sorts of drama trying to set up the same thing.  We have a 10G wireless link between 2 buildings that works on Layer 2.  We have a bunch of VLANs being spanned across this link.  I recently tried to set up an analyzer VLAN to be added to the list of VLANs going across this link and configure remote port mirroring.

     

    What ends up happening is that if I enable an analyzer on our EX4300s at either side of the link and output to the analyzer VLAN I lose the ability to ping traffic that should be going across ONE of the other VLANs.  Depending on which side of the link the messed up VLAN will be different for each side.

     

    The most frustrating thing is that other VLANs on this trunk are not affected and can still ping.  I am starting to believe that Juniper won't allow you to put the analyzer traffic on the same link as the monitored VLANs but the results I get also make me think it should be possible.



  • 7.  RE: Remote port mirror configuration for JUNIPER EX-switch and Cisco switch

    Posted 11-14-2010 17:58

    Just to share, don't bother trying RSPAN over Cisco through Juniper or vice versa. It won't work, 

     

    Do note the limitations on the EX3200/4200 and EX8200 using SPAN. If you use more than 2 analyzers (up to 7) on the EX8200 you need to use filrewall filters for the 2nd analyzer onwards.

     

    The configuration is more of less covered in the previous post.