Saturday, May 31, 2008

IP Accounting for traffic violations

R6 <---FRAME---> R5 <----ETHERNET---> R3

First step is to create the ACL that blocks traffic. Here will block traffic (and configure accounting) for packets from R6 to R3. IP address 6.6.6.10 is a loopback on R6 being advertised into OSPF to R5 and on to R3. 3.3.3.3 is the loopback on R3.

R5#show run | section access-list 101
access-list 101 deny ip host 6.6.6.10 host 3.3.3.3
access-list 101 permit ip any any

Apply the ACL to the interface where traffic is to be restricted. FastEthernet0/0 is the interface connected to R3's LAN interface. Enable accounting for access-violations on that interface with the command "ip accounting access-violations"

R5#show run int f0/0
Building configuration...

Current configuration : 153 bytes
!
interface FastEthernet0/0
ip address 172.12.34.5 255.255.255.0
ip access-group 101 out
ip accounting access-violations
speed 100
full-duplex
end

Ping from R6 to verify that traffic is blocked:

R6#ping 3.3.3.3 source 6.6.6.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.10
U.U.U
Success rate is 0 percent (0/5)

Verify accounting on R5:

R5#show ip accounting access-violations
Source Destination Packets Bytes ACL
6.6.6.10 3.3.3.3 6 600 101

Accounting data age is 4

The output of the command shows how many packets (6) and bytes (600) were blocked as well as the ACL (101) that blocked them.

1 comment:

  1. I really wanted how this would work and what is IP Accounting? I really do not have that much of any knowledge in the computer terminology and application. I really would like to learn more of it.

    Carlos from collier d'ambre pour bébé 

    ReplyDelete

Note: Only a member of this blog may post a comment.