Hello,
SRX340, my goal is to "port mirror" network traffic to a listening port from Alert Logic device. Alert Logic has refused to assign an IP address to the listening port on Alert Logic device, that I would use as the "next-hop" IP address. Alert Logic says their port is in promiscuous mode, and can't be assigned an IP address.
Now I am stuck.
When testing using a Wireshark computer that has next-hop IP address, the configurations at the end of this message works, i.e. the state of port-mirroring is "up".
However, all other 3 variations listed below didn't work, the port-mirroring state was always "down".
1. not using a "next-hop" ip address;
2. setting the IP address of port GE-0/0/7.0 192.168.9.1 as next-hop
3. removing the IP address on GD-0/0/7.0, and/or, setting it to "family ethernet-switching" mode.
Is there anyway to bring port-mirroring "up" without using a next-hop IP address? Would it possible to set GE-0/0/7 port to promiscuous mode?
At this time, there is no zone assigned for GE-0/0/7.
Thanks a million.
Gary
Working Configuration
Testing using a computer that has Wireshark installed, this port-mirroring configuration works:
[edit forwarding-options port-mirroring]
root@ROUTER1# show
input {
rate 1;
run-length 10;
}
family inet {
output {
interface ge-0/0/7.0 {
next-hop 192.168.9.2;
}
}
}
[edit firewall filter port-mirror]
root@ROUTER1# show
term 1 {
from {
source-address {
0.0.0.0/0;
}
}
then {
port-mirror;
accept;
}
}
[edit interfaces ge-0/0/7 unit 0]
root@ROUTER1# show
family inet {
address 192.168.9.1/24;
}
[edit interfaces ge-0/0/1 unit 0]
root@ROUTER1# show
description ISP-ATT;
family inet {
filter {
input port-mirror;
output port-mirror;
}
address 1.1.1.1/29;
}