Cisco Cisco IOS Software Release 12.4(11)T
Router IP Traffic Export Packet Capture Enhancements
Restrictions for IP Traffic Export
2
Cisco IOS Release 12.4(11)T
Restrictions for IP Traffic Export
Platform Restrictions
IP traffic export is intended only for software switching platforms; distributed architectures are not
supported.
supported.
IP traffic capture is supported only on the Cisco 1841, Cisco 2800 series, and Cisco 3800 series
integrated services routers.
integrated services routers.
IP Packet Forwarding Performance Impact
When IP traffic export is enabled, a delay is incurred on the outbound interface when packets are
captured and transmitted across the interface. Performance delays increase with the increased number of
interfaces that are monitored and the increased number of destination hosts.
captured and transmitted across the interface. Performance delays increase with the increased number of
interfaces that are monitored and the increased number of destination hosts.
Exported Traffic Limitation
•
The MAC address of the device that is receiving the exported traffic must be on the same VLAN or
directly connected to one of the router interfaces. (Use the show arp command to determine the
MAC address of device that is directly connected to an interface.)
directly connected to one of the router interfaces. (Use the show arp command to determine the
MAC address of device that is directly connected to an interface.)
•
The outgoing interface for exported traffic must be Ethernet (10/100/1000). (Incoming (monitored)
traffic can traverse any interface.)
traffic can traverse any interface.)
Information About IP Traffic Export
To use the IP traffic export, you should understand the following concept:
•
Benefits of IP Traffic Export
Simplified Cisco IDS Deployment
Without the ability to export IP traffic, the Cisco Intrusion Detection System (Cisco IDS) probe must be
inline with the network device to monitor traffic flow. IP traffic export eliminates the probe placement
limitation, allowing users to place a Cisco IDS probe in any location within their network or direct all
exported traffic to a VLAN that is dedicated for network monitoring. Allowing users to choose the
optimal location of their Cisco IDS probe reduces processing burdens.
inline with the network device to monitor traffic flow. IP traffic export eliminates the probe placement
limitation, allowing users to place a Cisco IDS probe in any location within their network or direct all
exported traffic to a VLAN that is dedicated for network monitoring. Allowing users to choose the
optimal location of their Cisco IDS probe reduces processing burdens.
Also, because packet processing that was performed on the network device can now be performed away
from the network device, the need to enable Cisco IDS with the Cisco IOS software is eliminated.
from the network device, the need to enable Cisco IDS with the Cisco IOS software is eliminated.
IP Traffic Export Functionality Benefits
Users can configure their router to perform the following tasks:
•
Filter copied packets using an access control list (ACL)
•
Filter copied packets via sampling, which allows you to export one in every few packets in which
you are interested. Use this option when you do not need to export all incoming traffic. Also,
sampling is useful when a monitored ingress interface can send traffic faster than the egress interface
can transmit it.
you are interested. Use this option when you do not need to export all incoming traffic. Also,
sampling is useful when a monitored ingress interface can send traffic faster than the egress interface
can transmit it.
•
Configure bidirectional traffic on an interface. (By default, only incoming traffic is exported or
captured.)
captured.)