[c-nsp] DoS tracking on the 6500
Jon Lewis
jlewis at lewis.org
Thu Mar 17 18:19:38 EST 2005
On Thu, 17 Mar 2005, Dale W. Carder wrote:
> What are your netflow/mls settings, specifically are you recording src
> and dest information, because perhaps dest-only didn't capture the
> data you needed? Are you sampling? What is your table size set at?
Running just IOS, 122-18.SXD3
#sh conf | inc mls
mls aging fast time 8 threshold 3
mls aging long 480
mls aging normal 32
mls flow ip interface-full
mls flow ipx destination
mls nde sender version 5
mls rate-limit unicast cef receive 10000
mls qos
> Off the top of my head (we don't run hybrid anymore) I want to say
> that the command to try is "sh mls ent long". In native mode
> it's something along the lines of "sh mls netflow ip nowrap".
Ah...I didn't notice the nowrap option last night and was cursing IOS for
ignoring my term width. That makes the output easier on the eyes...but it
still looks like just a tiny sampling of the real data.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list