Saturday, May 31, 2008

IP Accounting for traffic violations

R6 <---FRAME---> R5 <----ETHERNET---> R3

First step is to create the ACL that blocks traffic. Here will block traffic (and configure accounting) for packets from R6 to R3. IP address is a loopback on R6 being advertised into OSPF to R5 and on to R3. is the loopback on R3.

R5#show run | section access-list 101
access-list 101 deny ip host host
access-list 101 permit ip any any

Apply the ACL to the interface where traffic is to be restricted. FastEthernet0/0 is the interface connected to R3's LAN interface. Enable accounting for access-violations on that interface with the command "ip accounting access-violations"

R5#show run int f0/0
Building configuration...

Current configuration : 153 bytes
interface FastEthernet0/0
ip address
ip access-group 101 out
ip accounting access-violations
speed 100

Ping from R6 to verify that traffic is blocked:

R6#ping source

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Packet sent with a source address of
Success rate is 0 percent (0/5)

Verify accounting on R5:

R5#show ip accounting access-violations
Source Destination Packets Bytes ACL 6 600 101

Accounting data age is 4

The output of the command shows how many packets (6) and bytes (600) were blocked as well as the ACL (101) that blocked them.

1 comment:

  1. I really wanted how this would work and what is IP Accounting? I really do not have that much of any knowledge in the computer terminology and application. I really would like to learn more of it.

    Carlos from collier d'ambre pour bébé 


Note: Only a member of this blog may post a comment.