IP Application Services Configuration Guide, Cisco IOS Release 12.2SY
Configuring IP Services
Downloads: This chapterpdf (PDF - 110.0KB) The complete bookPDF (PDF - 973.0KB) | Feedback

Configuring IP Services

Configuring IP Services

Last Updated: August 04, 2011

This module describes how to configure optional IP services. For a complete description of the IP services commands in this chapter, refer to the Cisco IOS IP Application Services Command Reference. To locate documentation of other commands that appear in this module, use the command reference master index, or search online.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About IP Services

IP MAC and Precedence Accounting

Cisco IP accounting support provides basic IP accounting functions. By enabling IP accounting, users can see the number of bytes and packets switched through the Cisco IOS software on a source and destination IP address basis. Only transit IP traffic is measured and only on an outbound basis; traffic generated by the software or terminating in the software is not included in the accounting statistics. To maintain accurate accounting totals, the software maintains two accounting databases: an active and a checkpointed database.

Cisco IP accounting support also provides information identifying IP traffic that fails IP access lists. Identifying IP source addresses that violate IP access lists alerts you to possible attempts to breach security. The data also indicates that you should verify IP access list configurations. To make this functionality available to users, you must enable IP accounting of access list violations using the ip accounting access-violations interface configuration command. Users can then display the number of bytes and packets from a single source that attempted to breach security against the access list for the source destination pair. By default, IP accounting displays the number of packets that have passed access lists and were routed.

The MAC address accounting functionality provides accounting information for IP traffic based on the source and destination MAC addresses on LAN interfaces. MAC accounting calculates the total packet and byte counts for a LAN interface that receives or sends IP packets to or from a unique MAC address. It also records a time stamp for the last packet received or sent. For example, with IP MAC accounting, you can determine how much traffic is being sent to or received from various peers at Network Access Profiles (NAPS)/peering points. IP MAC accounting is supported on Ethernet, Fast Ethernet, and FDDI interfaces and supports Cisco Express Forwarding, distributed Cisco Express Forwarding, flow, and optimum switching.

The Precedence Accounting feature provides accounting information for IP traffic based on the precedence on any interface. This feature calculates the total packet and byte counts for an interface that receives or sends IP packets and sorts the results based on IP precedence. This feature is supported on all interfaces and subinterfaces and supports Cisco Express Forwarding, distributed Cisco Express Forwarding, flow, and optimum switching.

How to Configure IP Services

Configuring IP Accounting

To configure IP accounting, perform this task for each interface.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip accounting-threshold threshold

4.    ip accounting-list ip-address wildcard

5.    ip accounting-transits count

6.    interface type number

7.    ip accounting [access-violations] [output-packets]

8.    ip accounting mac-address {input | output}


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ip accounting-threshold threshold


Example:

Router(config)# ip accounting-threshold 500

 

(Optional) Sets the maximum number of accounting entries to be created.

 
Step 4
ip accounting-list ip-address wildcard


Example:

Router(config)# ip accounting-list 192.31.0.0 0.0.255.255

 

(Optional) Filters accounting information for hosts.

 
Step 5
ip accounting-transits count


Example:

Router(config)# ip accounting-transits 100

 

(Optional) Controls the number of transit records that will be stored in the IP accounting database.

 
Step 6
interface type number


Example:

Router(config)# interface GigabitEthernet 1/0/0

 

Specifies the interface and enters interface configuration mode.

 
Step 7
ip accounting [access-violations] [output-packets]


Example:

Router(config-if)# ip accounting access-violations

 

Configures basic IP accounting.

  • Use the optional access-violations keyword to enable IP accounting with the ability to identify IP traffic that fails IP access lists.
  • Use the optional output-packets keyword to enable IP accounting based on the IP packets output on the interface.
 
Step 8
ip accounting mac-address {input | output}


Example:

Router(config-if)# ip accounting mac-address output

 

(Optional) Configures IP accounting based on the MAC address of received (input) or transmitted (output) packets.

 

Monitoring and Maintaining the IP Network

You can display specific statistics such as the contents of IP routing tables, caches, databases and socket processes. The resulting information can be used to determine resource utilization and to solve network problems.
SUMMARY STEPS

1.   clear ip traffic

2.   clear ip accounting [checkpoint]

3.   clear sockets process-id

4.   show ip accounting [checkpoint] [output-packets | access-violations]

5.   show interface type number mac

6.   show interface [type number] precedence

7.   show ip redirects

8.   show sockets process-id [detail] [events]

9.   show udp [detail]

10.   show ip traffic


DETAILED STEPS
Step 1   clear ip traffic

To clear all IP traffic statistical counters on all interfaces, use the following command:



Example:

Router# clear ip traffic

Step 2   clear ip accounting [checkpoint]

You can remove all contents of a particular cache, table, or database. Clearing a cache, table, or database can become necessary when the contents of the particular structure have become or are suspected to be invalid. To clear the active IP accounting database when IP accounting is enabled, use the following command:



Example:

Router# clear ip accounting

To clear the checkpointed IP accounting database when IP accounting is enabled, use the following command:



Example:

Router# clear ip accounting checkpoint

Step 3   clear sockets process-id

To close all IP sockets and clear the underlying transport connections and data structures for the specified process, use the following command:



Example:

Router# clear sockets 35 All sockets (TCP, UDP and SCTP) for this process will be cleared. Do you want to proceed? [yes/no]: y Cleared sockets for PID 35

Step 4   show ip accounting [checkpoint] [output-packets | access-violations]

To display access list violations, use the show ip accounting command. To use this command, you must first enable IP accounting on a per-interface basis.

Use the checkpoint keyword to display the checkpointed database. Use the output-packets keyword to indicate that information pertaining to packets that passed access control and were routed should be displayed. Use the access-violations keyword to display the number of the access list failed by the last packet for the source and destination pair. The number of packets reveals how aggressive the attack is upon a specific destination. If you do not specify the access-violations keyword, the command defaults to displaying the number of packets that have passed access lists and were routed.

If neither the output-packets nor access-violations keyword is specified, output-packets is the default.

The following is sample output from the show ip accounting command:



Example:

Router# show ip accounting Source Destination Packets Bytes 172.16.19.40 192.168.67.20 7 306 172.16.13.55 192.168.67.20 67 2749 172.16.2.50 192.168.33.51 17 1111 172.16.2.50 172.31.2.1 5 319 172.16.2.50 172.31.1.2 463 30991 172.16.19.40 172.16.2.1 4 262 172.16.19.40 172.16.1.2 28 2552 172.16.20.2 172.16.6.100 39 2184 172.16.13.55 172.16.1.2 35 3020 172.16.19.40 192.168.33.51 1986 95091 172.16.2.50 192.168.67.20 233 14908 172.16.13.28 192.168.67.53 390 24817 172.16.13.55 192.168.33.51 214669 9806659 172.16.13.111 172.16.6.23 27739 1126607 172.16.13.44 192.168.33.51 35412 1523980 192.168.7.21 172.163.1.2 11 824 172.16.13.28 192.168.33.2 21 1762 172.16.2.166 192.168.7.130 797 141054 172.16.3.11 192.168.67.53 4 246 192.168.7.21 192.168.33.51 15696 695635 192.168.7.24 192.168.67.20 21 916 172.16.13.111 172.16.10.1 16 1137 accounting threshold exceeded for 7 packets and 433 bytes

The following is sample output from the show ip accounting access-violations command. The output pertains to packets that failed access lists and were not routed:



Example:

Router# show ip accounting access-violations Source Destination Packets Bytes ACL 172.16.19.40 192.168.67.20 7 306 77 172.16.13.55 192.168.67.20 67 2749 185 172.16.2.50 192.168.33.51 17 1111 140 172.16.2.50 172.16.2.1 5 319 140 172.16.19.40 172.16.2.1 4 262 77 Accounting data age is 41

Step 5   show interface type number mac

To display information for interfaces configured for MAC accounting, use the show interface mac command. The following is sample output from the show interface mac command:



Example:

Router# show interface ethernet 0/1 mac Ethernet0/1 Input (511 free) 0007.f618.4449(228): 4 packets, 456 bytes, last: 2684ms ago Total: 4 packets, 456 bytes Output (511 free) 0007.f618.4449(228): 4 packets, 456 bytes, last: 2692ms ago Total: 4 packets, 456 bytes

Step 6   show interface [type number] precedence

To display information for interfaces configured for precedence accounting, use the show interface precedence command.

The following is sample output from the show interface precedence command. In this example, the total packet and byte counts are calculated for the interface that receives (input) or sends (output) IP packets and sorts the results based on IP precedence.



Example:

Router# show interface ethernet 0/1 precedence Ethernet0/1 Input Precedence 0: 4 packets, 456 bytes Output Precedence 0: 4 packets, 456 bytes

Step 7   show ip redirects

To display the address of the default router and the address of hosts for which an ICMP redirect message has been received, use the show ip redirectscommand.



Example:

Router# show ip redirects Default gateway is 172.16.80.29 Host Gateway Last Use Total Uses Interface 172.16.1.111 172.16.80.240 0:00 9 Ethernet0 172.16.1.4 172.16.80.240 0:00 4 Ethernet0

Step 8   show sockets process-id [detail] [events]

To display the number of sockets currently open and their distribution with respect to the transport protocol process specified by the process-id argument, use the show sockets command. The following sample output from the show sockets command displays the total number of open sockets for the specified process:



Example:

Router# show sockets 35 Total open sockets - TCP:7, UDP:0, SCTP:0

The following sample output shows information about the same open processes with the detail keyword specified:



Example:

Router# show sockets 35 detail FD LPort FPort Proto Type TransID 0 5000 0 TCP STREAM 0x6654DEBC State: SS_ISBOUND Options: SO_ACCEPTCONN 1 5001 0 TCP STREAM 0x6654E494 State: SS_ISBOUND Options: SO_ACCEPTCONN 2 5002 0 TCP STREAM 0x656710B0 State: SS_ISBOUND Options: SO_ACCEPTCONN 3 5003 0 TCP STREAM 0x65671688 State: SS_ISBOUND Options: SO_ACCEPTCONN 4 5004 0 TCP STREAM 0x65671C60 State: SS_ISBOUND Options: SO_ACCEPTCONN 5 5005 0 TCP STREAM 0x65672238 State: SS_ISBOUND Options: SO_ACCEPTCONN 6 5006 0 TCP STREAM 0x64C7840C State: SS_ISBOUND Options: SO_ACCEPTCONN Total open sockets - TCP:7, UDP:0, SCTP:0

The following example displays IP socket event information:



Example:

Router# show sockets 35 events Events watched for this process: READ FD Watched Present Select Present 0 --- --- R-- R--

Step 9   show udp [detail]

To display IP socket information about UDP processes, use the show udp command. The following example shows how to display detailed information about UDP sockets:



Example:

Router# show udp detail Proto Remote Port Local Port In Out Stat TTY OutputIF 17 10.0.0.0 0 10.0.21.70 67 0 0 2211 0 Queues: output 0 input 0 (drops 0, max 50, highwater 0) Proto Remote Port Local Port In Out Stat TTY OutputIF 17 10.0.0.0 0 10.0.21.70 2517 0 0 11 0 Queues: output 0 input 0 (drops 0, max 50, highwater 0) Proto Remote Port Local Port In Out Stat TTY OutputIF 17 10.0.0.0 0 10.0.21.70 5000 0 0 211 0 Queues: output 0 input 0 (drops 0, max 50, highwater 0) Proto Remote Port Local Port In Out Stat TTY OutputIF 17 10.0.0.0 0 10.0.21.70 5001 0 0 211 0 Queues: output 0 input 0 (drops 0, max 50, highwater 0) Proto Remote Port Local Port In Out Stat TTY OutputIF 17 10.0.0.0 0 10.0.21.70 5002 0 0 211 0 Queues: output 0 input 0 (drops 0, max 50, highwater 0) Proto Remote Port Local Port In Out Stat TTY OutputIF 17 10.0.0.0 0 10.0.21.70 5003 0 0 211 0 Queues: output 0 input 0 (drops 0, max 50, highwater 0) Proto Remote Port Local Port In Out Stat TTY OutputIF 17 10.0.0.0 0 10.0.21.70 5004 0 0 211 0 Queues: output 0 input 0 (drops 0, max 50, highwater 0)

Step 10   show ip traffic

To display IP protocol statistics, use the show ip traffic command. The following example shows that the IP traffic statistics have been cleared by the clear ip traffic command:



Example:

Router# clear ip traffic Router# show ip traffic IP statistics: Rcvd: 0 total, 0 local destination 0 format errors, 0 checksum errors, 0 bad hop count 0 unknown protocol, 0 not a gateway 0 security failures, 0 bad options, 0 with options Opts: 0 end, 0 nop, 0 basic security, 0 loose source route 0 timestamp, 0 extended security, 0 record route 0 stream ID, 0 strict source route, 0 alert, 0 cipso 0 other Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble 0 fragmented, 0 couldn't fragment Bcast: 0 received, 0 sent Mcast: 0 received, 0 sent Sent: 0 generated, 0 forwarded Drop: 0 encapsulation failed, 0 unresolved, 0 no adjacency 0 no route, 0 unicast RPF, 0 forced drop ICMP statistics: Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable 0 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 info request, 0 other 0 irdp solicitations, 0 irdp advertisements Sent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply 0 mask requests, 0 mask replies, 0 quench, 0 timestamp 0 info reply, 0 time exceeded, 0 parameter problem 0 irdp solicitations, 0 irdp advertisements UDP statistics: Rcvd: 0 total, 0 checksum errors, 0 no port Sent: 0 total, 0 forwarded broadcasts TCP statistics: Rcvd: 0 total, 0 checksum errors, 0 no port Sent: 0 total Probe statistics: Rcvd: 0 address requests, 0 address replies 0 proxy name requests, 0 where-is requests, 0 other Sent: 0 address requests, 0 address replies (0 proxy) 0 proxy name replies, 0 where-is replies EGP statistics: Rcvd: 0 total, 0 format errors, 0 checksum errors, 0 no listener Sent: 0 total IGRP statistics: Rcvd: 0 total, 0 checksum errors Sent: 0 total OSPF statistics: Rcvd: 0 total, 0 checksum errors 0 hello, 0 database desc, 0 link state req 0 link state updates, 0 link state acks Sent: 0 total IP-IGRP2 statistics: Rcvd: 0 total Sent: 0 total PIMv2 statistics: Sent/Received Total: 0/0, 0 checksum errors, 0 format errors Registers: 0/0, Register Stops: 0/0, Hellos: 0/0 Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0 Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0 IGMP statistics: Sent/Received Total: 0/0, Format errors: 0/0, Checksum errors: 0/0 Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0 DVMRP: 0/0, PIM: 0/0


Configuration Examples for IP Services

Example: Configuring IP Accounting

The following example shows how to enable IP accounting based on the source and destination MAC address and based on IP precedence for received and transmitted packets:

Router# configure terminal
Router(config)# interface ethernet 0/5
Router(config-if)# ip accounting mac-address input
Router(config-if)# ip accounting mac-address output
Router(config-if)# ip accounting precedence input
Router(config-if)# ip accounting precedence output

The following example shows how to enable IP accounting with the ability to identify IP traffic that fails IP access lists and with the number of transit records that will be stored in the IP accounting database limited to 100:

Router# configure terminal
Router(config)# ip accounting-transits 100
Router(config)# interface ethernet 0/5
Router(config-if)# ip accounting output-packets
Router(config-if)# ip accounting access-violations

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

IP application services commands

Cisco IOS IP Application Services Command Reference

Standards

Standard

Title

No new or modified standards are supported, and support for existing standards has not been modified

MIBs

MIB

MIBs Link

No new or modified MIBs are supported, and support for existing MIBs has not been modified

RFCs

RFC

Title

RFC 1256

ICMP Router Discovery Messages: http://www.ietf.org/rfc/rfc1256.txt

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for IP Services

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for IP Services

Feature Name

Releases

Feature Information

IP Precedence Accounting

12.2(50)SY

The IP Precedence Accounting feature provides accounting information for IP traffic based on the precedence of any interface. This feature calculates the total packet and byte counts for an interface that receives or sends IP packets and sorts the results based on the IP precedence. This feature is supported on all interfaces and subinterfaces and supports Cisco Express Forwarding, distributed Cisco Express Forwarding, flow, and optimum switching.

The following commands were introduced by this feature: ip accounting precedence, show interface precedence.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.