Configure Input Interfaces, Monitoring Services Interfaces, and Export Interfaces
Configure the interfaces where traffic will enter the router. To enable passive flow monitoring for SONET/SDH input interfaces, include the
passive-monitor-modestatement at the [edit interfaces so-fpc/pic/portunitunit-number] hierarchy level. This mode disables the router from participating in the network as an active device. For SONET/SDH interfaces, passive monitor mode suppresses SONET keepalives.For ATM2 IQ interfaces, passive monitor mode suppresses the sending and receiving of ATM Operations, Administration, and Maintenance (OAM) and Integrated Local Management Interface (ILMI) control messages. To enable passive flow monitoring for ATM2 IQ input interfaces, include the
passive-monitor-modestatement at the [edit interfaces at-fpc/pic/port] hierarchy level. ATM passive monitoring supports the following interface encapsulation types: Cisco-compatible ATM Network Layer Protocol ID (NLPID) (atm-cisco-nlpid), ATM NLPID (atm-nlpid), ATM Point-to-Point Protocol (PPP) over ATM Adaptation Layer 5 (AAL5)/ logical link control (LLC) (atm-ppp-llc), ATM PPP over raw AAL5 (atm-ppp-vc-mux), ATM LLC/ subnetwork attachment point (SNAP) (atm-snap), and ATM virtual circuit (VC) multiplexing (atm-vc-mux).In addition to passive monitor mode, apply the previously defined firewall filter to the interface with the
filterstatement at the [edit interfaces so-fpc/pic/portunitunit-numberfamily inet] hierarchy level.[edit]interfaces {so-0/0/0 {description "SONET/SDH input interface";encapsulation ppp;unit 0 {passive-monitor-mode;family inet {filter {inputinput-monitoring-filter;}}}}}at-0/1/0 {description "ATM2 IQ input interface";passive-monitor-mode;atm-options {pic-type atm2;vpi 0 {maximum-vcs 255;}}unit 0 {encapsulation atm-snap;vci 0.100;family inet {filter {inputinput-monitoring-filter;}}}}}Configure the interfaces on the Monitoring Services PIC or Monitoring Services II PIC with the
family inetstatement at the [edit interfaces mo-fpc/pic/portunitunit-number] hierarchy level. The statement allows the interfaces to process IPv4 traffic received from the input interfaces.When you use VRF instances, you need to configure two logical interfaces. The first (
unit 0) is part of the inet.0 routing table and sources the flow packets. The second (unit 1) is configured as part of the VRF instance so the monitoring services interface can serve as a valid next hop for packets received in the instance.You can also capture options packets and time-to-live (TTL) exceeded information when the monitoring services interface processes cflowd records. To configure, include the
receive-options-packetsandreceive-ttl-exceededstatements at the [edit interfaces mo-fpc/pic/portunitunit-numberfamily inet] hierarchy level.[edit]interfacesmo-4/0/0 {unit 0 {family inet {receive-options-packets;receive-ttl-exceeded;}}unit 1 {family inet;}}mo-4/1/0 {unit 0 {family inet;}unit 1 {family inet;}}mo-4/2/0 {unit 0 {family inet;}unit 1 {family inet;}}mo-4/3/0 {unit 0 {family inet;}unit 1 {family inet;}}}You must also configure the export interface where cflowd packets exit the monitoring station and are sent to the cflowd server.
[edit]interfacesfe-3/0/0 {description "export interface to cflowd server";unit 0 {family inet;address 192.168.245.1/30}}}