Cisco IOS Software Releases 12.3 T

Table Of Contents

IP Traffic Export

Contents

Restrictions for IP Traffic Export

Information About IP Traffic Export

Benefits of IP Traffic Export

How to Use IP Traffic Export

Configuring IP Traffic Export

IP Traffic Export Profiles Overview

Troubleshooting Tips

What to Do Next

Displaying IP Traffic Export Configuration Data

Examples

Configuration Examples for IP Traffic Export

Exporting IP Traffic Configuration: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

bidirectional

debug ip traffic-export events

incoming

interface (RITE)

ip traffic-export apply

ip traffic-export profile

mac-address (RITE)

outgoing

show ip traffic-export

IP Traffic Export

---

The IP Traffic Export feature allows users to configure their router to export IP packets that are received on multiple, simultaneous WAN or LAN interfaces. The unaltered IP packets are exported on a single LAN or VLAN interface, thereby, easing deployment of protocol analyzers and monitoring devices.

Release	Modification
12.3(4)T	This feature was introduced.
12.2(25)S	This feature was integrated into Cisco IOS Release 12.2(25)S.

Feature History for IP Traffic Export

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

•Restrictions for IP Traffic Export

•Information About IP Traffic Export

•How to Use IP Traffic Export

•Configuration Examples for IP Traffic Export

•Additional References

•Command Reference

Restrictions for IP Traffic Export

Platform Restriction

IP traffic export is intended only for software switching platforms; distributed architectures are not supported.

IP Packet Forwarding Performance Impact

When IP traffic export is enabled, a delay is incurred on the outbound interface when packets are captured and transmitted across the interface. Performance delays increase with the increased number of interfaces that are monitored and the increased number of destination hosts.

Exported Traffic Limitation

•The MAC address of the device that is receiving the exported traffic must be on the same VLAN or directly connected to one of the router interfaces. (Use the show arp command to determine the MAC address of device that is directly connected to an interface.)

•The outgoing interface for exported traffic must be Ethernet (10/100/1000). (Incoming (monitored) traffic can traverse any interface.)

Information About IP Traffic Export

To use the IP traffic export, you should understand the following concept:

•Benefits of IP Traffic Export

Benefits of IP Traffic Export

Simplified IDS Deployment

Without the ability to export IP traffic, the Intrusion Detection System (IDS) probe must be inline with the network device to monitor traffic flow. IP traffic export eliminates the probe placement limitation, allowing users to place an IDS probe in any location within their network or direct all exported traffic to a VLAN that is dedicated for network monitoring. Allowing users to choose the optimal location of their IDS probe reduces processing burdens.

Also, because packet processing that was once performed on the network device can now be performed away from the network device, the need to enable IDS with the Cisco IOS software can be elimintaed.

IP Traffic Export Functionality Benefits

Users can configure their router to perform the following tasks:

•Filter copied packets via an access control list (ACL)

•Filter copied packets via sampling, which allows you to export one in every few packets in which you are interested. Use this option when it is not necessary to export all incoming traffic. Also, sampling is useful when a monitored ingress interface can send traffic faster than the egress interface can transmit it.

•Configure bidirectional traffic on an interface. (By default, only incoming traffic is exported.)

How to Use IP Traffic Export

This section contains the following procedures:

•Configuring IP Traffic Export

•Displaying IP Traffic Export Configuration Data

Configuring IP Traffic Export

Use this task to configure IP traffic export profiles, which enable IP traffic to be exported on an ingress interface and allow you to specify profile attributes, such as the outgoing interface for exporting traffic.

---

Note Packet exporting is performed before packet switching or filtering.

---

IP Traffic Export Profiles Overview

All packet export configurations are specified via IP traffic export profiles, which consist of IP-traffic-export-related command-line interfaces (CLIs) that control various attributes for both incoming and outgoing exported IP traffic. You can configure a router with multiple IP traffic export profiles. (Each profile must have a different name.) You can apply different profiles on different interfaces.

The two different IP traffic export profiles are as follows:

•The global configuration profile, which is configured via the ip traffic-export profile command.

•The IP traffic export submode configuration profile, which is configured via any of the following router IP Traffic Export (RITE) commands—bidirectional, incoming, interface, mac-address, and outgoing.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip traffic-export profile profile-name

4. interface interface-name

5. bidirectional

6. mac-address H.H.H

7. incoming {access-list {standard | extended | named} | sample one-in-every packet-number}

8. outgoing {access-list {standard | extended | named} | sample one-in-every packet-number}

9. exit

10. interface type number

11. ip traffic-export apply profile-name

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	ip traffic-export profile profile-name Example: Router(config)# ip traffic-export profile my_rite	Creates or edits an IP traffic export profile, enables the profile on an ingress interface, and enters RITE configuration mode.
Step 4	interface interface-name Example: Router(config-rite)# interface FastEthernet 0/1	Specifies the outgoing (monitored) interface for exported traffic. Note If you do not issue this command, the profile will not recognize an interface in which to send the captured IP traffic.
Step 5	bidirectional Example: Router(config-rite)# bidirectional	(Optional) Exports incoming and outgoing IP traffic on the monitored interface. Note If this command is not enabled, only incoming traffic is exported.
Step 6	mac-address H.H.H Example: Router(config-rite)# mac-address 00a.8aab.90a0	Specifies the 48-bit address of the destination host that is receiving the exported traffic. Note If you do not issue this command, the profile will not recognize a destination host in which to send the exported packets.
Step 7	incoming {access-list {standard | extended | named} | sample one-in-every packet-number} Example: Router(config-rite)# incoming access-list my_acl	(Optional) Configures filtering for incoming traffic. After you have created a profile via the ip traffic-export profile, this functionality is enabled by default.
Step 8	outgoing {access-list {standard | extended | named} | sample one-in-every packet-number} Example: Router(config-rite)# outgoing sample one-in-every 50	(Optional) Configures filtering for outgoing export traffic. Note If you issue this command, you must also issue the bidirectional command, which enables outgoing traffic to be exported. However, only routed traffic (such as passthrough traffic) is exported; that is, traffic that originates from the network device is not exported.
Step 9	exit	Exits RITE configuration mode.
Step 10	interface type number Example: Router(config)# interface FastEthernet0/0	Configures an interface type and enters interface configuration mode.
Step 11	ip traffic-export apply profile-name Example: Router(config-if)# ip traffic-export apply my_rite	Enables IP traffic export on an ingress interface.

Troubleshooting Tips

Creating an IP Traffic Export Profile

The interface and mac-address commands are required to successfully create a profile. If these commands are not issued, you will receive the following profile incomplete message if the show running config command is issued:

ip traffic-export profile newone 

! No outgoing interface configured

! No destination mac-address configured

Applying an IP Traffic Export Profile to an interface

The following system logging messages should appear immediately after you activate and deactivate a profile from an interface (via the ip traffic-export apply profile command):

•Activated profile:

%RITE-5-ACTIVATE: Activated IP traffic export on interface FastEthernet 0/0.

•Deactivated profile:

%RITE-5-DEACTIVATE: Deactivated IP traffic export on interface FastEthernet 0/0.

If you attempt to apply an incomplete profile to an interface, you will receive the following message:

Router(config-if)# ip traffic-export apply newone

RITE: profile newone has missing outgoing interface

What to Do Next

After you have configured a profile and enabled the profile on an ingress interface, you can monitor IP traffic exporting events and verify your profile configurations. To complete these steps, refer to the following task "Displaying IP Traffic Export Configuration Data."

Displaying IP Traffic Export Configuration Data

This task allows you to verify IP traffic export parameters such as the monitored ingress interface, which is where the IP traffic is exported, and outgoing and incoming IP packet information, such as configured ACLs. You can also use this task to monitor packets that are captured and then transmitted across an interface to a destination host. Use this optional task to help you troubleshoot any problems with your exported IP traffic configurations.

SUMMARY STEPS

1. enable

2. debug ip traffic-export events

3. show ip traffic-export [interface interface-name | profile profile-name]

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	debug ip traffic-export events Example: Router# debug ip traffic-export events	Enables debugging messages for exported IP traffic packets events.
Step 3	show ip traffic-export [interface interface-name | profile profile-name] Example: Router# show ip traffic-export	Displays information related to exported IP traffic events. •interface interface-name—Only data associated with the monitored ingress interface is shown. •profile profile-name—Only flow statistics, such as exported packets and the number of bytes, are shown.

Examples

The following sample output from the show ip traffic-export command is for the profile "one." This example is for a single, configured interface. If multiple interfaces are configured, the information shown below is displayed for each interface.

Router# show ip traffic-export

Router IP Traffic Export Parameters

Monitored Interface FastEthernet0/0

Export Interface FastEthernet0/1

Destination MAC address 0030.7131.abfc

bi-directional traffic export is off

Input IP Traffic Export Information Packets/Bytes Exported 0/0

Packets Dropped 0

Sampling Rate one-in-every 1 packets

        No Access List configured

        Profile one is Active

Configuration Examples for IP Traffic Export

This section includes the following configuration example:

•Exporting IP Traffic Configuration: Example

Exporting IP Traffic Configuration: Example

Figure 1 and the following sample output from the show running-config command illustrate how to configure Router 2 to export the incoming traffic from Router 1 to IDS:

Router2# show running-config

Building configuration...

Current configuration :2349 bytes

! Last configuration change at 20:35:39 UTC Wed Oct 8 2003

! NVRAM config last updated at 20:35:39 UTC Wed Oct 8 2003

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service internal

service udp-small-servers

!

hostname rite-3745

!

boot system flash:c3745-js-mz.123-1.8.PI2d

no logging console

enable password lab

!

no aaa new-model

ip subnet-zero

!

no ip domain lookup

!

ip cef

!

ip traffic-export profile my_rite

  interface FastEthernet1/0

  mac-address 6666.6666.3333

!

interface FastEthernet0/0

 ip address 10.0.0.94 255.255.255.0

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 10.1.1.2 255.255.255.0

 duplex auto

 speed auto

 ip traffic-export apply my_rite

!

interface FastEthernet1/0

 ip address 10.1.3.2 255.255.255.0

 no ip redirects

 no cdp enable

!

interface FastEthernet1/1

 ip address 10.1.2.2 255.255.255.0

 duplex auto

 speed auto

!

router ospf 100

 log-adjacency-changes

 network 10.1.0.0 0.0.255.255 area 0

!

ip http server

ip classless

!

snmp-server engineID local 0000000902000004C1C59140

snmp-server community public RO

snmp-server enable traps tty

!

control-plane

!

dial-peer cor custom

!

gateway 

!

line con 0

 exec-timeout 0 0

 stopbits 1

line aux 0

line vty 0 4

 password lab

 login

!

ntp clock-period 17175608

ntp server 10.0.0.2

!

end

Additional References

The following sections provide references related to IP Traffic Export.

Related Documents

Related Topic	Document Title
Configuring IDS	The chapter "Configuring Cisco IOS Firewall Intrusion Detection System" in the section "Traffic Filtering and Firewalls" of the Cisco IOS Security Configuration Guide.
Configuring IP	The chapter "Configuring IP Services" in the section "IP Addressing and Services" of the Cisco IOS IP Configuration Guide

Standards

Standards	Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.	—

MIBs

MIBs	MIBs Link
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs

RFCs	Title
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.	—

Technical Assistance

Description	Link
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/public/support/tac/home.shtml

Command Reference

This section documents new commands.

•bidirectional

•debug ip traffic-export events

•incoming

•interface (RITE)

•ip traffic-export apply

•ip traffic-export profile

•mac-address (RITE)

•outgoing

bidirectional

To enable incoming and outgoing IP traffic to be exported across a monitored interface, use the bidirectional command in router IP traffic export (RITE) configuration mode. To return to the default functionality, use the no form of this command.

bidirectional

no bidirectional

Syntax Description

This command has no arguments or keywords.

Defaults

If this command is not enabled, only incoming traffic is exported.

Command Modes

RITE configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.

Usage Guidelines

By default, only incoming IP traffic is exported. If you choose to export outgoing IP traffic, you must issue both the bidirectional command, which enables outgoing traffic to be exported, and the outgoing command, which specifies how the outgoing traffic will be filtered.

The ip traffic-export profile command allows you to begin a profile that can be configured to export IP packets as they arrive or leave a selected router ingress interface. A designated egress interface exports the captured IP packets out of the router. Thus, the router can export unaltered IP packets to a directly connected device.

Examples

The following example shows how to export both incoming and outgoing IP traffic on the FastEthernet interface:

Router(config)# ip traffic-export profile johndoe

Router(config-rite)# interface FastEthernet1/0.1

Router(config-rite)# bidirectional 

Router(config-rite)# incoming access-list 101 

Router(config-rite)# outgoing access-list 101 

Router(config-rite)# mac-address 6666.6666.3333 

Related Commands

Command	Description
interface (RITE)	Specifies the outgoing interface for exporting traffic.
ip traffic-export profile	Creates or edits an IP traffic export profile and enables the profile on an ingress interface.
outgoing	Configures filtering for outgoing export traffic.

debug ip traffic-export events

To enable debugging messages for exported IP packet events, use the debug ip traffic-export command in privileged EXEC mode. To disable debugging messages, use the no form of this command.

debug ip traffic-export events

no debug ip traffic-export events

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.

Examples

The following is sample output from the debug ip traffic-export events command:

Router# debug ip traffic-export events

RITE:exported input packet # 547 

RITE:exported input packet # 548 

RITE:exported input packet # 549 

RITE:exported input packet # 550 

RITE:exported input packet # 551 

RITE:exported input packet # 552 

RITE:exported input packet # 553 

RITE:exported input packet # 554 

RITE:exported input packet # 555 

RITE:exported input packet # 556 

RITE:exported input packet # 557 

RITE:exported input packet # 558 

RITE:exported input packet # 559 

RITE:exported input packet # 560 

RITE:exported input packet # 561 

RITE:exported input packet # 562

Related Commands

Command	Description
ip traffic-export profile	Creates or edits an IP traffic export profile and enables the profile on an ingress interface.

incoming

To configure filtering for incoming IP traffic, use the incoming command in router IP traffic export (RITE) configuration mode. To disable filtering for incoming traffic, use the no form of this command.

incoming {access-list {standard | extended | named} | sample one-in-every packet-number}

no incoming {access-list {standard | extended | named} | sample one-in-every packet-number}

Syntax Description

access-list {standard | extended | named}	An existing numbered (standard or extended) or named access control list (ACL). Note The filter is applied only to exported traffic, not normal router traffic.
sample one-in-every packet-number	Exports only one packet out of every specified number of packets. Valid range for the packet-number argument is 2 to 2147483647 packets. By default, all traffic is exported.

Defaults

If this command is not enabled, all incoming IP traffic will be filtered via sampling.

Command Modes

RITE configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.

Usage Guidelines

When configuring a network device for exporting IP traffic, you can issue the incoming command to filter unwanted traffic via the following methods:

•ACLs, which accept or deny an IP packet for export

•Sampling, which allows you to export one in every few packets in which you are interested. Use this option when it is not necessary to export all incoming traffic. Also, sampling is useful when a monitored ingress interface can send traffic faster than the egress interface can transmit it.

Examples

The following example shows how to configure the profile "corp1," which will send captured IP traffic to host "00a.8aab.90a0" at the interface "FastEthernet 0/1." This profile is also configured to export one in every 50 packets and to allow incoming traffic only from the ACL "ham_ACL."

Router(config)# ip traffic-export profile corp1

Router(config-rite)# interface FastEthernet 0/1

Router(config-rite)# bidirectional

Router(config-rite)# mac-address 00a.8aab.90a0

Router(config-rite)# outgoing sample one-in-every 50

Router(config-rite)# incoming access-list ham_acl

Router(config-rite)# exit

Router(config)# interface FastEthernet 0/0

Router(config-if)# ip traffic-export apply corp1

Related Commands

Command	Description
ip traffic-export profile	Creates or edits an IP traffic export profile and enables the profile on an ingress interface.
outgoing	Configures filtering for outgoing export traffic.

interface (RITE)

To specify the outgoing interface for exporting traffic, use the interface command in router IP traffic export (RITE) configuration mode. To disable an interface, use the no form of this command.

interface interface-name

no interface interface-name

Syntax Description

interface-name

Name of interface in which IP packets are exported.

Defaults

If this command is not enabled, the exported IP traffic profile does not recognize an interface in which to send captured IP traffic.

Command Modes

RITE configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.

Usage Guidelines

After you configure an IP traffic export profile via the ip traffic-export profile global configuration command, you should issue the interface command; otherwise, the profile will be unable to export the captured IP packets. If you do not specify the interface command, you will receive a warning, which states that the profile is incomplete, when you attempt to apply the profile to an interface via the ip traffic-export apply profile interface configuration command.

---

Note Currently, only Ethernet and Fast Ethernet interfaces are supported.

---

Examples

The following example shows how to configure the profile "corp1," which will send captured IP traffic to host "00a.8aab.90a0" at the interface "FastEthernet 0/1." This profile is also configured to export one in every 50 packets and to allow incoming traffic only from the access control list ACL "ham_ACL."

Router(config)# ip traffic-export profile corp1

Router(config-rite)# interface FastEthernet 0/1

Router(config-rite)# bidirectional

Router(config-rite)# mac-address 00a.8aab.90a0

Router(config-rite)# outgoing sample one-in-every 50

Router(config-rite)# incoming access-list ham_acl

Router(config-rite)# exit

Router(config)# interface FastEthernet 0/0

Router(config-if)# ip traffic-export apply corp1

Related Commands

Command	Description
ip traffic-export apply profile	Applies an IP traffic export profile to a specific interface.
ip traffic-export profile	Creates or edits an IP traffic export profile and enables the profile on an ingress interface.

ip traffic-export apply

To apply an IP traffic export profile to a specific interface, use the ip traffic-export apply profile command in interface configuration mode. To remove an IP traffic export profile from an interface, use the no form of this command.

ip traffic-export apply profile-name

no ip traffic-export apply profile-name

Syntax Description

profile-name

Name of the profile that is to be applied to a specified interface. The profile-name argument must match a name that was specified via the ip traffic-export profile command.

Defaults

If this command is not issued, a sucessfully configured profile is not active.

Command Modes

Interface configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.

Usage Guidelines

After you have configured at least one profile, you should use the ip traffic-export apply profile command to activate an IP traffic export on the specified ingress interface.

Examples

The following example shows how to apply the profile "corp1" to interface Fast Ethernet 0/0:

Router(config)# ip traffic-export profile corp1

Router(config-rite)# interface FastEthernet 0/1

Router(config-rite)# bidirectional

Router(config-rite)# mac-address 00a.8aab.90a0

Router(config-rite)# outgoing sample one-in-every 50

Router(config-rite)# incoming access-list spam_acl

Router(config-rite)# exit

Router(config)# interface FastEthernet 0/0

Router(config-if)# ip traffic-export apply corp1

After the profile is activated on the interface, a logging message such as the following will appear:

%RITE-5-ACTIVATE: Activated IP traffic export on interface FastEthernet 0/0.

After the profile is removed from the interface, a logging message such as the following will appear:

%RITE-5-DEACTIVATE: Deactivated IP traffic export on interface FastEthernet 0/0.

If you attempt to apply an incomplete profile to an interface, you will receive the following message:

Router(config-if)# ip traffic-export apply newone

RITE: profile newone has missing outgoing interface

Related Commands

Command	Description
ip traffic-export profile	Creates or edits an IP traffic export profile and enables the profile on an ingress interface.

ip traffic-export profile

To create or edit an IP traffic export profile and enable the profile on an ingress interface, use the ip traffic-export profile command in global configuration mode. To remove an IP traffic export profile from your router configuration, use the no form of this command.

ip traffic-export profile profile-name

no ip traffic-export profile profile-name

Syntax Description

profile-name

IP traffic export profile name.

Defaults

A profile does not exist.

Command Modes

Global configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.

Usage Guidelines

The ip traffic-export profile command allows you to begin a profile that can be configured to export IP packets as they arrive on or leave from a selected router ingress interface. A designated egress interface exports the captured IP packets out of the router. Thus, the router can export unaltered IP packets to a directly connected device.

IP Traffic Export Profiles

All exported IP traffic configurations are specified via profiles, which consist of RITE-related command-line interfaces (CLIs) that control various attributes of both incoming and outgoing IP traffic. You can configure a router with multiple profiles. (Each profile must have a different name.) You can apply different profiles on different interfaces.

The two profiles that you should configure are as follows:

•The global configuration profile, which is configured via the ip traffic-export profile command.

•The submode configuration profile, which is configured via any of the following RITE commands—bidirectional, incoming, interface, mac-address, and outgoing.

The interface and mac-address commands are required to successfully create a profile. If these commands are not issued, the user will receive a profile incomplete messages such as the following:

ip traffic-export profile newone 

! No outgoing interface configured

! No destination mac-address configured

After you configure your profiles, you can apply (which will activate) the profile to an interface via the ip traffic-export apply profile command.

Examples

The following example shows how to configure the profile "corp1," which will send captured IP traffic to host "00a.8aab.90a0" at the interface "FastEthernet 0/1." This profile is also configured to export one in every 50 packets and to allow incoming traffic only from the access control list (ACL) "ham_ACL."

Router(config)# ip traffic-export profile corp1

Router(config-rite)# interface FastEthernet 0/1

Router(config-rite)# bidirectional

Router(config-rite)# mac-address 00a.8aab.90a0

Router(config-rite)# outgoing sample one-in-every 50

Router(config-rite)# incoming access-list ham_acl

Router(config-rite)# exit

Router(config)# interface FastEthernet 0/0

Router(config-if)# ip traffic-export apply corp1

Related Commands

Command	Description
bidirectional	Enables incoming and outgoing IP traffic to be exported across a monitored interface.
incoming	Configures filtering for incoming export traffic.
interface (RITE)	Specifies the outgoing interface for exporting traffic
ip traffic-export apply profile	Applies an IP traffic export profile to a specific interface.
mac-address	Specifies the Ethernet address of the destination host.
outgoing	Configures filtering for outgoing export traffic.

mac-address (RITE)

To specify the Ethernet address of the destination host, use the mac-address command in router IP traffic export (RITE) configuration mode. To change the MAC address of the destination host, use the no form of this command.

mac-address H.H.H

no mac-address H.H.H

Syntax Description

H.H.H

48-bit MAC address.

Defaults

A destination host is not known.

Command Modes

RITE configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.

Usage Guidelines

The mac-address command, which is used to specify the destination host that is receiving the exported traffic, is part of suite of RITE configuration mode commands that are used to control various attributes for both incoming and outgoing IP traffic export.

The ip traffic-export profile command allows you to begin a profile that can be configured to export IP packets as they arrive or leave a selected router ingress interface. A designated egress interface exports the captured IP packets out of the router. Thus, the router can export unaltered IP packets to a directly connected device.

Examples

The following example shows how to configure the profile "corp1," which will send captured IP traffic to host "00a.8aab.90a0" at the interface "FastEthernet 0/1." This profile is also configured to export one in every 50 packets and to allow incoming traffic only from the access control lists (ACL) "ham_ACL."

Router(config)# ip traffic-export profile corp1

Router(config-rite)# interface FastEthernet 0/1

Router(config-rite)# bidirectional

Router(config-rite)# mac-address 00a.8aab.90a0

Router(config-rite)# outgoing sample one-in-every 50

Router(config-rite)# incoming access-list ham_acl

Router(config-rite)# exit

Router(config)# interface FastEthernet 0/0

Router(config-if)# ip traffic-export apply corp1

Related Commands

Command	Description
ip traffic-export profile	Creates or edits an IP traffic export profile and enables the profile on an ingress interface.

outgoing

To configure filtering for outgoing export traffic, use the outgoing command in router IP traffic export (RITE) configuration mode. To disable filtering for outgoing traffic, use the no form of this command.

outgoing {access-list {standard | extended | named} | sample one-in-every packet-number}

no outgoing {access-list {standard | extended | named} | sample one-in-every packet-number}

Syntax Description

access-list {standard | extended | named}	An existing numbered (standard or extended) or named access control list (ACL). Note The filter is applied only to exported traffic.
sample one-in-every packet-number	Export only one packet out of every specified number of packets. Valid range for the packet-number argument is 2 to 2147483647 packets.

Defaults

If this command is not enabled, outgoing IP traffic is not exported.

Command Modes

RITE configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.

Usage Guidelines

When configuring a network device for IP traffic export, you can issue the outgoing command to filter unwanted outgoing traffic via the following methods:

•ACLs, which accept or deny an IP packet for export

•Sampling, which allows you to export one in every few packets in which you are interested. Use this option when it is not necessary to export all incoming traffic. Also, sampling is useful when a monitored ingress interface can send traffic faster than the egress interface can transmit it.

---

Note If you issue this command, you must also issue the bidirectional command, which enables outgoing traffic to be exported. However, only routed traffic (such as passthrough traffic) is exported; that is, traffic that originates from the network device is not exported.

---

Examples

The following example shows how to configure the profile "corp1," which will send captured IP traffic to host "00a.8aab.90a0" at the interface "FastEthernet 0/1." This profile is also configured to export one in every 50 packets and to allow incoming traffic only from the ACL "ham_ACL."

Router(config)# ip traffic-export profile corp1

Router(config-rite)# interface FastEthernet 0/1

Router(config-rite)# bidirectional

Router(config-rite)# mac-address 00a.8aab.90a0

Router(config-rite)# outgoing sample one-in-every 50

Router(config-rite)# incoming access-list ham_acl

Router(config-rite)# exit

Router(config)# interface FastEthernet 0/0

Router(config-if)# ip traffic-export apply corp1

Related Commands

Command	Description
bidirectional	Enables incoming and outgoing IP traffic to be exported across a monitored interface.
ip traffic-export profile	Creates or edits an IP traffic export profile and enables the profile on an ingress interface.
incoming	Configures filtering for incoming IP traffic.

show ip traffic-export

To display information related to router IP traffic export (RITE), use the show ip traffic-export command in privileged EXEC mode.

show ip traffic-export [interface interface-name | profile profile-name]

Syntax Description

interface interface-name	(Optional) Only data associated with the monitored ingress interface is shown.
profile profile-name	(Optional) Only flow statistics, such as exported packets and number of bytes, are shown.

Defaults

If this command is enabled, all data (both interface- and profile-related data) is shown.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.3(4)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.

Examples

The following sample output from the show ip traffic-export command is for the profile "one." This example is for a single configured interface. If multiple interfaces are configured, the information shown below is displayed for each interface.

Router# show ip traffic-export

Router IP Traffic Export Parameters

Monitored Interface FastEthernet0/0

Export Interface FastEthernet0/1

Destination MAC address 0030.7131.abfc

bi-directional traffic export is off

Input IP Traffic Export Information Packets/Bytes Exported 0/0

Packets Dropped 0

Sampling Rate one-in-every 1 packets

        No Access List configured

        Profile one is Active

Table 1 describes the significant fields shown in the display.

Table 1 show ip traffic-export Field Descriptions 

Field	Description
Monitored Interface	Interface in which the profile was applied. (This interface is specified via the ip traffic-export apply profile command.)
Export Interface	Interface in which the profile exports all captured IP traffic. (This interface is specified via the ip traffic-export profile command.)
Destination MAC address	Ethernet address of the destination host, which is specified via the mac-address command.
bi-directional traffic export is	Incoming and outgoing IP traffic is exported on the monitored interface (via the bidirectional command). By default, only incoming traffic is exported.
Input IP Traffic Export Information        Packets Dropped        Sampling Rate        No Access List Configured       Profile one is Active	Incoming IP traffic information. The sampling rate and ACL can be defined via the incoming command. If the profile is incomplete, the profile will be listed as inactive.

Related Commands

Command	Description
bidirectional	Enables incoming and outgoing IP traffic to be exported across a monitored interface.
ip traffic-export apply profile	Applies an IP traffic export profile to a specific interface.
ip traffic-export profile	Creates or edits an IP traffic export profile and enables the profile on an ingress interface.
incoming	Configures filtering for incoming export traffic.
outgoing	Configures filtering for outgoing export traffic.

Copyright © 2004 Cisco Systems, Inc. All rights reserved.