Port mirroring in EX switches and SRX

If you want to mirror traffic entering and exiting a specific port (e.g ge-0/0/11.0) you can use the following configuration to mirror the traffic to any other port (e.g ge-0/0/10.0)

Here is the configuration I wrote in an ex2200 switch.

Port mirroring in EX switches

Port mirroring is pretty simple in EX switches compared to SRX series. You just specify input interface and direction of the traffic (ingress,egress) then the output interface which will receive the mirrored traffic.

Port Mirroring in SRX firewalls

By its nature, SRX is more complex and it seems port mirroring isn’t supported in switching interfaces either. Below are the steps that I took to mirror my fe-0/0/0 traffic to a device having IP 172.16.1.2 connected to fe-0/0/6.0 interface. In a nutshell;

Source interface: fe-0/0/0.0
Destination interface: fe-0/0/6.0 (with ip 172.16.1.2)

1) Configure port-mirroring options

2) Configure firewall filter (specify the traffic you are interested)

3) Apply the filter step 2 to the interface (from which you want to mirror traffic)

fe-0/0/6.0 configuration (destination interface)

Warning: Be careful and don’t leave the port mirroring on after you finish your work.

3 thoughts on “Port mirroring in EX switches and SRX

You have a feedback?