Passive Monitoring on Ethernet Interfaces
Learn how to enable passive monitoring of IPv4 traffic using monitoring services I and II PICs on various Ethernet interfaces.
What is Passive Monitoring?
Passive monitoring, a type of network monitoring, passively captures traffic from monitoring interfaces.
When you enable passive monitoring, the device accepts and monitors traffic on the interface, then forwards it to monitoring tools such as IDS servers, packet analyzers, or other devices like routers or end hosts. It provides filtering capabilities for monitoring ingress and egress traffic at the Internet point of presence (PoP) where security networks are attached.
IPv4 traffic that supports only IPv4-only PICs, support 10-port Gigabit Ethernet PIC with SFPs, 2-port Gigabit Ethernet PIC with SFPs and 1-port 10-Gigabit Ethernet PIC.
Use Feature Explorer to confirm platform and release support for specific features.
Review the Platform-Specific DDoS Protection Behavior section for notes related to your platform.
Passive Monitoring Configuration Guidelines
-
You can only configure passive monitoring at the interface level. The system does not support configuration per VLAN or logical interface.
-
An aggregated Ethernet (AE) interface cannot function as a passive monitoring interface.
-
Monitoring tools or devices must be directly connected to the switch or router.
-
The system drops packets that carry more than two MPLS labels and more than two VLAN tags.
-
Exception packets such as IP packet options, router alert, and TTL expiry packets are treated as regular traffic.
-
We do not support Ethernet encapsulation and Link Aggregation Control Protocol (LACP) on the AE bundle connected to the monitoring tool or device.
Platform-Specific DDoS Protection Behavior
Use Feature Explorer to confirm platform and release support for specific features.
Use the following table to review platform-specific behaviors for your platform:
Platform |
Difference |
---|---|
MX Series |
|