Hi everybody,
Is it possible to obtain switched traffic statistics in a port+vlan aspect via SNMP on Juniper QFX switches?
For example, Extreme switches have a 'vlan monitor' feature:
configure ports all monitor vlan <vlan_name>
then its counters are available by OID .1.3.6.1.4.1.1916.1.2.8.2.1.8 and .1.3.6.1.4.1.1916.1.2.8.2.1.7
Does anyone know if Juniper has a similar feature?
On a different vendor (Brocade) we used to work around that by putting a rate-limiter onto a vlan and polling the rate-limit counter, not sure if that’d work on a QFX as well though.
Jeroen Wunnink
IP Engineering manager
office: +31.208.200.622 ext. 1011
Amsterdam Office
www.gtt.net <http://www.gtt.net/>
I'll just leave the solution here in case that anybody else needs it:
Firewall rule:
firewall {
family ethernet-switching {
filter vlan-counters {
interface-specific;
term vlan-14 {
from {
dot1q-tag 14;
}
then {
accept;
count vlan-14;
}
}
term vlan-571 {
from {
dot1q-tag 571;
}
then {
accept;
count vlan-571;
}
}
term vlan-572 {
from {
dot1q-tag 572;
}
then {
accept;
count vlan-572;
}
}
term default {
then accept;
}
}
}
}
Applying it:
set interfaces ae0.0 family ethernet-switching filter input vlan-counters
set interfaces ae0.0 family ethernet-switching filter output vlan-counters
Checking the show firewall output:
Filter: vlan-counters-ae1.0-i
Counters:
Name Bytes Packets
vlan-14-ae1.0-i 7474383 8504
vlan-571-ae1.0-i 0 0
vlan-572-ae1.0-i 0 0
Filter: vlan-counters-ae1.0-o
Counters:
Name Bytes Packets
vlan-14-ae1.0-o 2651051 4919
vlan-571-ae1.0-o 2057853 14731
vlan-572-ae1.0-o 644 10
Now, SNMP get:
$ snmpget -v2c -cpublic 10.1.2.3 'JUNIPER-FIREWALL-MIB::jnxFWCounterByteCount."vlan-counters-ae1.0-o"."vlan-571-ae1.0-o".counter
JUNIPER-FIREWALL-MIB::jnxFWCounterByteCount."vlan-counters-ae1.0-o"."vlan-571-ae1.0-o".counter = Counter64: 298848
Thanks Luke Guillory for the solution!
Stanislaw писал 2017-02-22 11:33: