From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Sun Oct 29 2006 - 11:23:32 ART
Hi.
With access-violation it seems to capture both inbound and outbound
violations.
Here is an example.
(lo0) R1 (1.1.1.1/24) <-> (1.1.1.2/24) R2
By pinging the opposite IP from each router you will be able to see on R1
R1#sh ip account access
Source Destination Packets Bytes ACL
2.2.2.2 1.1.1.1 5
280 1
1.1.1.1 1.1.1.2 5
500 11
1.1.1.2 1.1.1.1 7
700 1
Accounting data age is 13
R1#sh run | in inter|add|access|route-map
interface Loopback0
ip address 2.2.2.2 255.255.255.0
interface Ethernet0/0
ip address 1.1.1.1 255.255.255.0
ip access-group 1 in
ip access-group 11 out
ip accounting access-violations
ip local policy route-map local
access-list 1 deny 1.1.1.2
access-list 11 deny 1.1.1.1
route-map local permit 10
set interface Loopback0
HTH
A.
Mohamed Saeed wrote:
> Hi All,
>
>
>
> I am quite confused with the usage of the "access-violations" option of
> the "ip accounting" command. It is supposed that using this option will
> allow the "ip accounting" command to provide information about traffic
> that fails access lists applied on a certain interface.
>
>
>
> The point that is confusing me is that the "ip accounting" command will
> only provide statistics for traffic transiting the interface in the
> outbound direction. Since traffic fails the access list applied on a
> certain interface will not flow via this interface, then the "ip
> accounting" command will not capture it.
>
>
>
> Would someone help by clarifying whether I am wrong and provide an
> example for how to test this option?
>
>
>
> Thanks and Kind Regards
>
> Mohamed Saeed, CCNP - CCIP
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:07 ART