This module describes how to configure optional IP services. For a complete description of the IP services commands in this chapter, refer to the Cisco IOS IP Application Services Command Reference. To locate documentation of other commands that appear in this module, use the command reference master index, or search online.
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco IP accounting support provides basic IP accounting functions. By enabling IP accounting, users can see the number of bytes and packets switched through the
Cisco IOS software on a source and destination IP address basis. Only transit IP traffic is measured and only on an outbound basis; traffic generated by the software or terminating in the software is not included in the accounting statistics. To maintain accurate accounting totals, the software maintains two accounting databases: an active and a checkpointed database.
Cisco IP accounting support also provides information identifying IP traffic that fails IP access lists. Identifying IP source addresses that violate IP access lists alerts you to possible attempts to breach security. The data also indicates that you should verify IP access list configurations. To make this functionality available to users, you must enable IP accounting of access list violations using the
ipaccountingaccess-violations interface configuration command. Users can then display the number of bytes and packets from a single source that attempted to breach security against the access list for the source destination pair. By default, IP accounting displays the number of packets that have passed access lists and were routed.
The MAC address accounting functionality provides accounting information for IP traffic based on the source and destination MAC addresses on LAN interfaces. MAC accounting calculates the total packet and byte counts for a LAN interface that receives or sends IP packets to or from a unique MAC address. It also records a time stamp for the last packet received or sent. For example, with IP MAC accounting, you can determine how much traffic is being sent to or received from various peers at Network Access Profiles (NAPS)/peering points. IP MAC accounting is supported on Ethernet, Fast Ethernet, and FDDI interfaces and supports Cisco Express Forwarding, distributed Cisco Express Forwarding, flow, and optimum switching.
The Precedence Accounting feature provides accounting information for IP traffic based on the precedence on any interface. This feature calculates the total packet and byte counts for an interface that receives or sends IP packets and sorts the results based on IP precedence. This feature is supported on all interfaces and subinterfaces and supports Cisco Express Forwarding, distributed Cisco Express Forwarding, flow, and optimum switching.
(Optional) Sets the maximum number of accounting entries to be created.
Step 4
ipaccounting-listip-addresswildcard
Example:
Router(config)# ip accounting-list 192.31.0.0 0.0.255.255
(Optional) Filters accounting information for hosts.
Step 5
ipaccounting-transitscount
Example:
Router(config)# ip accounting-transits 100
(Optional) Controls the number of transit records that will be stored in the IP accounting database.
Step 6
interfacetypenumber
Example:
Router(config)# interface GigabitEthernet 1/0/0
Specifies the interface and enters interface configuration mode.
Step 7
ipaccounting [access-violations] [output-packets]
Example:
Router(config-if)# ip accounting access-violations
Configures basic IP accounting.
Use the optional
access-violations keyword to enable IP accounting with the ability to identify IP traffic that fails IP access lists.
Use the optional
output-packets keyword to enable IP accounting based on the IP packets output on the interface.
Step 8
ipaccountingmac-address {input |
output}
Example:
Router(config-if)# ip accounting mac-address output
(Optional) Configures IP accounting based on the MAC address of received (input) or transmitted (output) packets.
Monitoring and Maintaining the IP Network
You can display specific statistics such as the contents of IP routing tables, caches, databases and socket processes. The resulting information can be used to determine resource utilization and to solve network problems.
To clear all IP traffic statistical counters on all interfaces, use the following command:
Example:
Router# clear ip traffic
Step 2
clearipaccounting [checkpoint]
You can remove all contents of a particular cache, table, or database. Clearing a cache, table, or database can become necessary when the contents of the particular structure have become or are suspected to be invalid. To clear the active IP accounting database when IP accounting is enabled, use the following command:
Example:
Router# clear ip accounting
To clear the checkpointed IP accounting database when IP accounting is enabled, use the following command:
Example:
Router# clear ip accounting checkpoint
Step 3
clearsocketsprocess-id
To close all IP sockets and clear the underlying transport connections and data structures for the specified process, use the following command:
Example:
Router# clear sockets 35
All sockets (TCP, UDP and SCTP) for this process will be cleared.
Do you want to proceed? [yes/no]: y
Cleared sockets for PID 35
To display access list violations, use the
showipaccounting command. To use this command, you must first enable IP accounting on a per-interface basis.
Use the
checkpoint keyword to display the checkpointed database. Use the
output-packets keyword to indicate that information pertaining to packets that passed access control and were routed should be displayed. Use the access-violations keyword to display the number of the access list failed by the last packet for the source and destination pair. The number of packets reveals how aggressive the attack is upon a specific destination. If you do not specify the
access-violations keyword, the command defaults to displaying the number of packets that have passed access lists and were routed.
If neither the
output-packets nor
access-violations keyword is specified,
output-packets is the default.
The following is sample output from the
showipaccounting command:
The following is sample output from the
show ipaccountingaccess-violations command. The output pertains to packets that failed access lists and were not routed:
Example:
Router# show ip accounting access-violations
Source Destination Packets Bytes ACL
172.16.19.40 192.168.67.20 7 306 77
172.16.13.55 192.168.67.20 67 2749 185
172.16.2.50 192.168.33.51 17 1111 140
172.16.2.50 172.16.2.1 5 319 140
172.16.19.40 172.16.2.1 4 262 77
Accounting data age is 41
Step 5
showinterfacetypenumbermac
To display information for interfaces configured for MAC accounting, use the
showinterfacemac command. The following is sample output from the
showinterfacemac command:
Example:
Router# show interface ethernet 0/1 mac
Ethernet0/1
Input (511 free)
0007.f618.4449(228): 4 packets, 456 bytes, last: 2684ms ago
Total: 4 packets, 456 bytes
Output (511 free)
0007.f618.4449(228): 4 packets, 456 bytes, last: 2692ms ago
Total: 4 packets, 456 bytes
Step 6
showinterface [typenumber]
precedence
To display information for interfaces configured for precedence accounting, use the
showinterfaceprecedencecommand.
The following is sample output from the
showinterfaceprecedencecommand. In this example, the total packet and byte counts are calculated for the interface that receives (input) or sends (output) IP packets and sorts the results based on IP precedence.
To display the address of the default router and the address of hosts for which an ICMP redirect message has been received, use the
showipredirectscommand.
Example:
Router# show ip redirects
Default gateway is 172.16.80.29
Host Gateway Last Use Total Uses Interface
172.16.1.111 172.16.80.240 0:00 9 Ethernet0
172.16.1.4 172.16.80.240 0:00 4 Ethernet0
Step 8
showsocketsprocess-id [detail] [events]
To display the number of sockets currently open and their distribution with respect to the transport protocol process specified by the
process-id argument, use the
showsockets command. The following sample output from the
showsockets command displays the total number of open sockets for the specified process:
Example:
Router# show sockets 35
Total open sockets - TCP:7, UDP:0, SCTP:0
The following sample output shows information about the same open processes with the
detail keyword specified:
The following example displays IP socket event information:
Example:
Router# show sockets 35 events
Events watched for this process: READ
FD Watched Present Select Present
0 --- --- R-- R--
Step 9
showudp [detail]
To display IP socket information about UDP processes, use the
showudp command. The following example shows how to display detailed information about UDP sockets:
Example:
Router# show udp detail
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 67 0 0 2211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 2517 0 0 11 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5000 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5001 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5002 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5003 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 10.0.0.0 0 10.0.21.70 5004 0 0 211 0
Queues: output 0
input 0 (drops 0, max 50, highwater 0)
Step 10
showiptraffic
To display IP protocol statistics, use the
showiptraffic command. The following example shows that the IP traffic statistics have been cleared by the
cleariptraffic command:
Example:
Router# clear ip traffic
Router# show ip traffic
IP statistics:
Rcvd: 0 total, 0 local destination
0 format errors, 0 checksum errors, 0 bad hop count
0 unknown protocol, 0 not a gateway
0 security failures, 0 bad options, 0 with options
Opts: 0 end, 0 nop, 0 basic security, 0 loose source route
0 timestamp, 0 extended security, 0 record route
0 stream ID, 0 strict source route, 0 alert, 0 cipso
0 other
Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
0 fragmented, 0 couldn't fragment
Bcast: 0 received, 0 sent
Mcast: 0 received, 0 sent
Sent: 0 generated, 0 forwarded
Drop: 0 encapsulation failed, 0 unresolved, 0 no adjacency
0 no route, 0 unicast RPF, 0 forced drop
ICMP statistics:
Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable
0 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench
0 parameter, 0 timestamp, 0 info request, 0 other
0 irdp solicitations, 0 irdp advertisements
Sent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply
0 mask requests, 0 mask replies, 0 quench, 0 timestamp
0 info reply, 0 time exceeded, 0 parameter problem
0 irdp solicitations, 0 irdp advertisements
UDP statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 0 total, 0 forwarded broadcasts
TCP statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 0 total
Probe statistics:
Rcvd: 0 address requests, 0 address replies
0 proxy name requests, 0 where-is requests, 0 other
Sent: 0 address requests, 0 address replies (0 proxy)
0 proxy name replies, 0 where-is replies
EGP statistics:
Rcvd: 0 total, 0 format errors, 0 checksum errors, 0 no listener
Sent: 0 total
IGRP statistics:
Rcvd: 0 total, 0 checksum errors
Sent: 0 total
OSPF statistics:
Rcvd: 0 total, 0 checksum errors
0 hello, 0 database desc, 0 link state req
0 link state updates, 0 link state acks
Sent: 0 total
IP-IGRP2 statistics:
Rcvd: 0 total
Sent: 0 total
PIMv2 statistics: Sent/Received
Total: 0/0, 0 checksum errors, 0 format errors
Registers: 0/0, Register Stops: 0/0, Hellos: 0/0
Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0
Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0
IGMP statistics: Sent/Received
Total: 0/0, Format errors: 0/0, Checksum errors: 0/0
Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0
DVMRP: 0/0, PIM: 0/0
The following example shows how to enable IP accounting based on the source and destination MAC address and based on IP precedence for received and transmitted packets:
Router# configure terminal
Router(config)# interface ethernet 0/5
Router(config-if)# ip accounting mac-address input
Router(config-if)# ip accounting mac-address output
Router(config-if)# ip accounting precedence input
Router(config-if)# ip accounting precedence output
The following example shows how to enable IP accounting with the ability to identify IP traffic that fails IP access lists and with the number of transit records that will be stored in the IP accounting database limited to 100:
Router# configure terminal
Router(config)# ip accounting-transits 100
Router(config)# interface ethernet 0/5
Router(config-if)# ip accounting output-packets
Router(config-if)# ip accounting access-violations
The Cisco Support and Documentation website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1
Feature Information for IP Services
Feature Name
Releases
Feature Information
IP Precedence Accounting
12.2(50)SY
The IP Precedence Accounting feature provides accounting information for IP traffic based on the precedence of any interface. This feature calculates the total packet and byte counts for an interface that receives or sends IP packets and sorts the results based on the IP precedence. This feature is supported on all interfaces and subinterfaces and supports Cisco Express Forwarding, distributed Cisco Express Forwarding, flow, and optimum switching.
The following commands were introduced by this feature:
ipaccountingprecedence,
showinterfaceprecedence.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Feedback