cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3048
Views
0
Helpful
2
Replies

How to examine ip traffic alerts

pweinhold
Level 1
Level 1

We're checking a 3750 switch for issues and we ran the command "show ip traffic".  Under the IP statistics, it shows alerts.  Does anyone know how to examine these alerts and see what they are?  See the output below:

FOR_GA293_3750SFPstk_Gr1#show ip traffic
IP statistics:
  Rcvd:  2203803 total, 354127 local destination
         0 format errors, 0 checksum errors, 0 bad hop count
         0 unknown protocol, 1843512 not a gateway
         0 security failures, 0 bad options, 1069112 with options
  Opts:  0 end, 0 nop, 0 basic security, 0 loose source route
         0 timestamp, 0 extended security, 0 record route
         0 stream ID, 0 strict source route, 1069112 alert, 0 cipso, 0 ump
         0 other
  Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
         0 fragmented, 0 couldn't fragment
  Bcast: 328776 received, 1 sent
  Mcast: 0 received, 0 sent
  Sent:  25617 generated, 6885 forwarded
  Drop:  53 encapsulation failed, 0 unresolved, 0 no adjacency
         0 no route, 0 unicast RPF, 0 forced drop
         0 options denied, 0 source IP address zero

Thanks.

2 Replies 2

xcz504d1114
Level 4
Level 4

Notice the number of alerts matches the number of IP packets that were sent with "Options".

An alert does not mean anything except "you may want to look at this" and respectively "you many not".

An example of some types of traffic that are using IP options, RSVP, MPLS, IGMPv2, IP options can be used in some forms of DOS attacks, but they are also used in normal traffic.

If you are 100% sure you don't have traffic using ip options, you con configure the "ip options drop" command in global configuration, again emphasis on it is an alert, menaing you may or may not be concerned with it.

Setting up a SPAN and looking at the traffic is probably the best way to be 100% certain of the information.

HTH,

Craig

Okay, thanks for the help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco