We're checking a 3750 switch for issues and we ran the command "show ip traffic". Under the IP statistics, it shows alerts. Does anyone know how to examine these alerts and see what they are? See the output below:
FOR_GA293_3750SFPstk_Gr1#show ip traffic IP statistics: Rcvd: 2203803 total, 354127 local destination 0 format errors, 0 checksum errors, 0 bad hop count 0 unknown protocol, 1843512 not a gateway 0 security failures, 0 bad options, 1069112 with options Opts: 0 end, 0 nop, 0 basic security, 0 loose source route 0 timestamp, 0 extended security, 0 record route 0 stream ID, 0 strict source route, 1069112 alert, 0 cipso, 0 ump 0 other Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble 0 fragmented, 0 couldn't fragment Bcast: 328776 received, 1 sent Mcast: 0 received, 0 sent Sent: 25617 generated, 6885 forwarded Drop: 53 encapsulation failed, 0 unresolved, 0 no adjacency 0 no route, 0 unicast RPF, 0 forced drop 0 options denied, 0 source IP address zero
Notice the number of alerts matches the number of IP packets that were sent with "Options".
An alert does not mean anything except "you may want to look at this" and respectively "you many not".
An example of some types of traffic that are using IP options, RSVP, MPLS, IGMPv2, IP options can be used in some forms of DOS attacks, but they are also used in normal traffic.
If you are 100% sure you don't have traffic using ip options, you con configure the "ip options drop" command in global configuration, again emphasis on it is an alert, menaing you may or may not be concerned with it.
Setting up a SPAN and looking at the traffic is probably the best way to be 100% certain of the information.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...