Specifications
3. Use the show policer | match flow statement to verify that the flow-tap filter is
removed from the router:
The following sample shows how to disable mirroring for a specific subscriber by using
the CRITERIA-ID.
DELETE DTCP/0.7
Csource-ID: dtcp1
CRITERIA-ID: 2
Flags: STATIC
Seq: 10
Authentication-Info: 7e84ae871b12f2da023b038774115bb8d955f17e
DTCP/0.7 200 OK
SEQ: 10
CRITERIA-COUNT: 1
TIMESTAMP: 2011-02-13 16:00:02.802
AUTHENTICATION-INFO: 2834ff32ec07d84753a046cfb552e072cc27d50b
•
The following additional information regarding the interoperation of sample actions
in firewall filters and traffic sampling applies to the “Minimum Configuration for Traffic
Sampling” section in the “Configuring Traffic Sampling” topic:
The following prerequisites apply to M Series, MX Series, and T Series routers when
you configure traffic sampling on interfaces and in firewall filters:
•
If you configure a sample action in a firewall filter for an inet or inet6 family on an
interface without configuring the forwarding-options settings, operational problems
might occur if you also configure port mirroring or flow-tap functionalities. In such a
scenario, all the packets that match the firewall filter are incorrectly sent to the
service PIC.
•
If you include the then sample statement at the [edit firewall family inet filter
filter-name term term-name] hierarchy level to specify a sample action in a firewall
filter for IPv4 packets, you must also include the family inet statement at the [edit
forwarding-options sampling] hierarchy level or the instance instance-name family
inet statement at the [edit forwarding-options sampling] hierarchy level. Similarly,
if you include the then sample statement at the [edit firewall family inet6 filter
filter-name term term-name] hierarchy level to specify a sample action in a firewall
filter for IPv6 packets, you must also include the family inet6 statement at the [edit
forwarding-options sampling] hierarchy level or the instance instance-name family
inet6 statement at the [edit forwarding-options sampling] hierarchy level. Otherwise,
a commit error occurs when you attempt to commit the configuration.
•
Also, if you configure traffic sampling on a logical interface by including the sampling
input or sampling output statements at the [edit interface interface-name unit
logical-unit-number] hierarchy level, you must also include the family inet | inet6
statement at the [edit forwarding-options sampling] hierarchy level, or the instance
instance-name family inet | inet6 statement at the [edit forwarding-options sampling]
hierarchy level.
•
The “Configuring Port Mirroring” topic erroneously states that the input statement can
be included under the [edit forwarding-options port-mirroring family (inet | inet6) output]
hierarchy level. Only the output statement is available at the [edit forwarding-options
149Copyright © 2015, Juniper Networks, Inc.
Documentation Updates