IP Application Services Configuration Guide, Cisco IOS Release 15S
Configuring IP Services
Downloads: This chapterpdf (PDF - 112.0KB) The complete bookPDF (PDF - 0.95MB) | The complete bookePub (ePub - 0.96MB) | Feedback

Configuring IP Services

Configuring IP Services

Last Updated: December 3, 2012

This module describes how to configure optional IP services. For a complete description of the IP services commands in this chapter, refer to the Cisco IOS IP Application Services Command Reference. To locate documentation of other commands that appear in this module, use the master command list, or search online.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About IP Services

Cisco IP Accounting

Cisco IP accounting support provides basic IP accounting functions. By enabling IP accounting, users can see the number of bytes and packets switched through the Cisco IOS software on a source and destination IP address basis. Only transit IP traffic is measured and only on an outbound basis; traffic generated by the software or terminating in the software is not included in the accounting statistics. To maintain accurate accounting totals, the software maintains two accounting databases: an active and a checkpointed database.

Cisco IP accounting support also provides information identifying IP traffic that fails IP access lists. Identifying IP source addresses that violate IP access lists alerts you to possible attempts to breach security. The data also indicates that you should verify IP access list configurations. To make this functionality available to users, you must enable IP accounting of access list violations using the ip accounting access-violations interface configuration command. Users can then display the number of bytes and packets from a single source that attempted to breach security against the access list for the source destination pair. By default, IP accounting displays the number of packets that have passed access lists and were routed.

How to Configure IP Services

Configuring IP Accounting

To configure IP accounting, perform this task for each interface.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip accounting-threshold threshold

4.    ip accounting-list ip-address wildcard

5.    ip accounting-transits count

6.    interface type number

7.    ip accounting [access-violations] [output-packets]

8.    ip accounting mac-address {input | output}


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ip accounting-threshold threshold


Example:

Router(config)# ip accounting-threshold 500

 

(Optional) Sets the maximum number of accounting entries to be created.

 
Step 4
ip accounting-list ip-address wildcard


Example:

Router(config)# ip accounting-list 192.31.0.0 0.0.255.255

 

(Optional) Filters accounting information for hosts.

 
Step 5
ip accounting-transits count


Example:

Router(config)# ip accounting-transits 100

 

(Optional) Controls the number of transit records that will be stored in the IP accounting database.

 
Step 6
interface type number


Example:

Router(config)# interface GigabitEthernet 1/0/0

 

Specifies the interface and enters interface configuration mode.

 
Step 7
ip accounting [access-violations] [output-packets]


Example:

Router(config-if)# ip accounting access-violations

 

Configures basic IP accounting.

  • Use the optional access-violations keyword to enable IP accounting with the ability to identify IP traffic that fails IP access lists.
  • Use the optional output-packets keyword to enable IP accounting based on the IP packets output on the interface.
 
Step 8
ip accounting mac-address {input | output}


Example:

Router(config-if)# ip accounting mac-address output

 

(Optional) Configures IP accounting based on the MAC address of received (input) or transmitted (output) packets.

 

Configuration Examples for IP Services

Example: Configuring IP Accounting

The following example shows how to enable IP accounting based on the source and destination MAC address and based on IP precedence for received and transmitted packets:

Router# configure terminal
Router(config)# interface ethernet 0/5
Router(config-if)# ip accounting mac-address input
Router(config-if)# ip accounting mac-address output
Router(config-if)# ip accounting precedence input
Router(config-if)# ip accounting precedence output

The following example shows how to enable IP accounting with the ability to identify IP traffic that fails IP access lists and with the number of transit records that will be stored in the IP accounting database limited to 100:

Router# configure terminal
Router(config)# ip accounting-transits 100
Router(config)# interface ethernet 0/5
Router(config-if)# ip accounting output-packets
Router(config-if)# ip accounting access-violations

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

IP application services commands

Cisco IOS IP Application Services Command Reference

Standards and RFCs

Standard

Title

RFC 1256

ICMP Router Discovery Messages

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for IP Services

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for IP Services

Feature Name

Releases

Feature Information

IP Precedence Accounting

15.2(1)S

The IP Precedence Accounting feature provides accounting information for IP traffic based on the precedence of any interface. This feature calculates the total packet and byte counts for an interface that receives or sends IP packets and sorts the results based on the IP precedence. This feature is supported on all interfaces and subinterfaces and supports CEF, dCEF, flow, and optimum switching.

The following command was introduced by this feature: show interface precedence, ip accounting precedence.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2012 Cisco Systems, Inc. All rights reserved.