Re: RE: ip accounting

From: Ralph (Mandela@myrealbox.com)
Date: Fri Oct 21 2005 - 22:51:41 GMT-3

• Next message: Ed Lui: "Re: ways to classify voice traffic"
• Previous message: Edwards, Andrew M: "RE: ip accounting"
• Maybe in reply to: Edwards, Andrew M: "RE: ip accounting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for the response, Andy. I'll try it without fast or cef switching, and see how it goes. With the default switching mode (fast switching i guess?), ip accounting access-violations only seem to work with numbered ACLS, and not with named ACLs for the same traffic.

Ralph.

-----Original Message-----
From: "Edwards, Andrew M" <andrew.m.edwards@boeing.com>
To: "Ralph" <Mandela@myrealbox.com>, <ccielab@groupstudy.com>
Date: Fri, 21 Oct 2005 17:34:42 -0700
Subject: RE: ip accounting

Ralph,

Not sure where you are generating traffic to/from, but ip accounting has
a caveat:

CCO
"Only transit IP traffic is measured and only on an outbound basis;
traffic generated by the router access server or terminating in this
device is not included in the accounting statistics.

\\

If the access-violations keyword is specified and any IP access list is
being used on an interface, then only process switching can generate
accurate statistics (IP fast switching or CEF cannot)."

IOW, enable process switching only on the affected interface: no ip
route-cache <cef>

I recall having a similar issue and the above was necessary to get
traffic accounting for the access-violations.

HTH,

Andy

-----Original Message-----
From: Ralph [mailto:Mandela@myrealbox.com]
Sent: Friday, October 21, 2005 5:08 PM
To: ccielab@groupstudy.com
Subject: Re: ip accounting

Seems like ip accounting does not work with extended named ACLS? is this
a bug? or normal behavior?

Ralph

-----Original Message-----
From: "Ralph" <Mandela@myrealbox.com>
To: ccielab@groupstudy.com
Date: Fri, 21 Oct 2005 17:29:01 -0400
Subject: ip accounting

This is a scenario from Internetwork expert volume 1, Lab 15 workbook.

Question 11.4 - 11.5:

The relevant part of the topology is this:

R5(fa0/1)------192.10.4.0----------BB2

The question asks to configure R5 to keep track of hosts attempting to
violate a previosly implemented filtering policy.

The previously implemeted filtering policy is this:

ip access-list extended INBOUND
 permit tcp any any eq bgp
 permit tcp any eq bgp any
 permit icmp any host 192.10.4.5 echo-reply
 evaluate REFLEX
ip access-list extended OUTBOUND
 permit tcp any any reflect REFLEX
 permit udp any any reflect REFLEX
 permit icmp any any reflect REFLEX
!

ip accounting-threshold 100
!
interface FastEthernet0/1
 ip address 192.10.4.5 255.255.255.0
 ip access-group INBOUND in
 ip access-group OUTBOUND out
 ip accounting access-violations

However, it seems like the the ip accounting command is not working; I
tried to ping any address in the topology from BB2, the ping was
correctly denied as expected, but a "show ip accounting
access-violations" revealed nothing.

Rack4R5#sh ip accounting access-violations
Source Destination Packets Bytes
ACL

Accounting data age is 6

I am missing something here

TIA
Ralph.

• Next message: Ed Lui: "Re: ways to classify voice traffic"
• Previous message: Edwards, Andrew M: "RE: ip accounting"
• Maybe in reply to: Edwards, Andrew M: "RE: ip accounting"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:52 GMT-3