Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3952
Views
0
Helpful
2
Replies

ip accounting

mframadan
Level 1
Level 1

‎08-09-2007 12:17 AM - edited ‎03-05-2019 05:47 PM

i want to run ip accounting in cisco switch 6509 hybrid Cat IOS

gateway0(config-if)#ip accounting o

gateway0(config-if)#ip accounting output-packets

Accounting will exclude mls traffic when mls is enabled.

Labels:
0 Helpful
2 Replies 2

Pavel Bykov
Level 5
Level 5

‎08-09-2007 01:11 AM

From Cisco:

The ip accounting command records the number of bytes (IP header and data) and packets switched through the system on a source and destination IP address basis. Only transit IP traffic is measured and only on an outbound basis; traffic generated by the router access server or terminating in this device is not included in the accounting statistics. Traffic coming from a remote site and transiting through a router is also recorded.

If you specify the access-violations keyword, the ip accounting command provides information identifying IP traffic that fails IP access lists. Identifying IP source addresses that violate IP access lists alerts you to possible attempts to breach security. The data might also indicate that you should verify IP access list configurations.

To receive a logging message on the console when an extended access list entry denies a packet access (to log violations), you must include the log keyword in the access-list (IP extended) or access-list (IP standard) command.

Statistics are accurate even if IP fast switching or IP access lists are being used on the interface.

IP accounting disables autonomous switching, SSE switching, and distributed switching (dCEF) on the interface. IP accounting will cause packets to be switched on the Route Switch Processor (RSP) instead of the Versatile Interface Processor (VIP), which can cause performance degradation.

0 Helpful

wochanda
Level 4
Level 4

‎08-09-2007 05:24 AM

The information slidersv provided is relevant for 7500, where a decision was made to make all packet forwarding centralized so we can take statistics, instead of letting the VIPs forward the packets. Since packet forwarding is done in software on both the RSP and the VIP, there isn't too much of an impact doing this.

On the 6500/7600, we had a decision to make since our hardware switching mechanism didn't have any accounting functionality:

1) We can punt all packets to CPU, which would significantly decrease our throughput, and potentially cause high CPU

2) We can perform accounting on packets going to the CPU anyway, but ignore hardware-switched packets in order to maintain our switching speed.

The warning message you see indicates we chose path #2.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card