Monitoring Security

From: gladston@br.ibm.com
Date: Thu Apr 28 2005 - 10:30:23 GMT-3

• Next message: PhiL: "Re: CCIE techtorial at networkers...Is it worth it??"
• Previous message: ccie2be: "RE: IPv6 Scope in Lab"
• Next in thread: gladston@br.ibm.com: "Re: Monitoring Security"
• Maybe reply: gladston@br.ibm.com: "Re: Monitoring Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

"sh ip traffic" does not show reverse check drops while "sh ip interface e0/1" shows it.

Have you seen that behavior on 12.2T?
Cisco DOCs says 'sh ip traffic' would show drops:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/fothersf/scfrpf.htm#1001249

r5#sh ip traffic
IP statistics:
  Rcvd: 37190 total, 36356 local destination
         0 format errors, 0 checksum errors, 0 bad hop count
         0 unknown protocol, 0 not a gateway
         0 security failures, 0 bad options, 0 with options
  Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
         0 timestamp, 0 extended security, 0 record route
         0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump
         0 other
  Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
         0 fragmented, 0 couldn't fragment
  Bcast: 32925 received, 2111 sent
  Mcast: 2843 received, 2813 sent
  Sent: 5167 generated, 341 forwarded
  Drop: 0 encapsulation failed, 0 unresolved, 0 no adjacency
         0 no route, 0 unicast RPF, 0 forced drop

r5#sh ip int e0/1
Ethernet0/1 is up, line protocol is up
  Internet address is 10.100.2.5/24
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is disabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is disabled
  IP Feature Fast switching turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are No CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
  BGP Policy Mapping is disabled
  IP verify source reachable-via ANY
  0 verification drops
  53 suppressed verification drops

The config on R5 is:

r5#sh run int e0/1
Building configuration...

Current configuration : 163 bytes
!
interface Ethernet0/1
 ip address 10.100.2.5 255.255.255.0
 ip verify unicast source reachable-via any
 no ip route-cache
 no ip mroute-cache
 half-duplex
end

• Next message: PhiL: "Re: CCIE techtorial at networkers...Is it worth it??"
• Previous message: ccie2be: "RE: IPv6 Scope in Lab"
• Next in thread: gladston@br.ibm.com: "Re: Monitoring Security"
• Maybe reply: gladston@br.ibm.com: "Re: Monitoring Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:10 GMT-3