Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Enable Passive Monitoring on Ethernet Interfaces

Learn how to configure an interface in passive monitoring mode to drop packets destined for the router, stop transmissions, and enable monitoring for IPv4 with specific statements, while using port mirroring for IPv6.

When you configure an interface in passive monitoring mode, the Packet Forwarding Engine drops packets from that interface destined for the router. This mode prevents the Routing Engine from transmitting any packets through that interface. Packets received from the monitored interface can be forwarded to monitoring interfaces. If you add the passive-monitor-mode statement in the configuration:

  • Gigabit and Fast Ethernet interfaces can support both per-port passive monitoring and per-VLAN passive monitoring. The destination MAC filter on the receive port of the Ethernet interfaces is disabled.

  • Ethernet encapsulation options are not allowed.

  • Ethernet interfaces do not support the stacked-vlan-tagging statement for both IPv4 and IPv6 packets in passive monitor mode.

To enable packet flow monitoring on Ethernet interfaces:

  1. In configuration mode, navigate to the [edit interfaces interface-name] hierarchy level.
  2. Add the passive-monitor-mode statement.

For IPv4 monitoring services interfaces, enable packet flow monitoring by including the family statement at the [edit interfaces mo-fpc/pic/port unit logical-unit-number] hierarchy level, specifying the inet option:

  1. In configuration mode, navigate to the [edit interfaces mo-fpc/pic/port unit logical-unit-number] hierarchy level.

  2. Add the passive-monitor-mode statement.

For conformity with the cflowd record structure, you must add the receive-options-packets and receive-ttl-exceeded statements at the [edit interfaces mo-fpc/pic/port unit logical-unit-number family inet] hierarchy level:

  1. In configuration mode, navigate to the [edit interfaces mo-fpc/pic/port unit logical-unit-number family inet] hierarchy level.

  2. Add the receive-options-packets and receive-ttl-exceeded statements.

IPv6 passive monitoring is not supported on monitoring services PICs. A user must configure port mirroring to forward the packets from the passive monitored ports to other interfaces.

To configure port mirroring, add the port-mirroring statement at the [edit forwarding-options] hierarchy level.

For the monitoring services interface, you can configure multiservice physical interface properties. For more information, see Configuring Multiservice Physical Interface Properties and the Junos OS Services Interfaces Library for Routing Devices.

Related Documentation