Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

How to examine ip traffic alerts

We're checking a 3750 switch for issues and we ran the command "show ip traffic".  Under the IP statistics, it shows alerts.  Does anyone know how to examine these alerts and see what they are?  See the output below:

FOR_GA293_3750SFPstk_Gr1#show ip traffic
IP statistics:
  Rcvd:  2203803 total, 354127 local destination
         0 format errors, 0 checksum errors, 0 bad hop count
         0 unknown protocol, 1843512 not a gateway
         0 security failures, 0 bad options, 1069112 with options
  Opts:  0 end, 0 nop, 0 basic security, 0 loose source route
         0 timestamp, 0 extended security, 0 record route
         0 stream ID, 0 strict source route, 1069112 alert, 0 cipso, 0 ump
         0 other
  Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
         0 fragmented, 0 couldn't fragment
  Bcast: 328776 received, 1 sent
  Mcast: 0 received, 0 sent
  Sent:  25617 generated, 6885 forwarded
  Drop:  53 encapsulation failed, 0 unresolved, 0 no adjacency
         0 no route, 0 unicast RPF, 0 forced drop
         0 options denied, 0 source IP address zero


Everyone's tags (1)

Re: How to examine ip traffic alerts

Notice the number of alerts matches the number of IP packets that were sent with "Options".

An alert does not mean anything except "you may want to look at this" and respectively "you many not".

An example of some types of traffic that are using IP options, RSVP, MPLS, IGMPv2, IP options can be used in some forms of DOS attacks, but they are also used in normal traffic.

If you are 100% sure you don't have traffic using ip options, you con configure the "ip options drop" command in global configuration, again emphasis on it is an alert, menaing you may or may not be concerned with it.

Setting up a SPAN and looking at the traffic is probably the best way to be 100% certain of the information.



New Member

Re: How to examine ip traffic alerts

Okay, thanks for the help.

CreatePlease to create content