Cisco Support Community
Community Member

Use access-lists with "ip accounting"?

I'd like to use ip accounting to do some simple bandwidth tracking. I want to specify address ranges within our LAN and track the number of bytes to/from those ranges. I don't care about the IP at the other end of their connections. All of the address ranges are subnets connected to a single FE port on our 2621. I can't just track traffic on a port-by-port basis and I can't use subinterfaces (I'm using secondary ip's on the one FE port). Thus it has to be based on addresses.

When I configure IOS's ip accounting to track a given internal address range, it appears to create a separate entry for each external address that internal range connects with. That seems enormously wasteful of router memory, and requires that I write code that accumulates all those separate entries and sums their bytecounts.

A far better way to configure ip accounting would be by access list. ip accounting could create one entry per access list, saving both router memory and post-processing complexity.

For example, if I specified an access list like the following:

access-list 101 permit ip any

access-list 101 permit ip any

...then ALL traffic involving / 24 would be tracked as a single entity in memory.

There are hints in the IOS documentation that access lists can be used with ip accounting, but in reviewing the command references I can't figure out how. Can someone direct me to the appropriate RTFM?



Re: Use access-lists with "ip accounting"?

You can use Netflow feature for this purpose. NetFlow Services capitalize on the flow nature of traffic in the network to: Provide detailed data collection with minimal impact on the performance on the routing device, no external probing device is required. Process ACLs efficiently with packet filtering and security services using the NetFlow Acceleration feature. The NetFlow Acceleration feature enables NetFlow to maintain high performance by significantly reducing the complexity of packet filtering when access control lists (ACLs) are used. You can go refer the following document for more information:

CreatePlease to create content