[c-nsp] DoS tracking on the 6500
Dale W. Carder
dwcarder at doit.wisc.edu
Thu Mar 17 18:34:28 EST 2005
Do you have "ip route cache flow" on your interfaces?
Dale
On Mar 17, 2005, at 5:19 PM, Jon Lewis wrote:
> On Thu, 17 Mar 2005, Dale W. Carder wrote:
>
>> What are your netflow/mls settings, specifically are you recording src
>> and dest information, because perhaps dest-only didn't capture the
>> data you needed? Are you sampling? What is your table size set at?
>
> Running just IOS, 122-18.SXD3
> #sh conf | inc mls
> mls aging fast time 8 threshold 3
> mls aging long 480
> mls aging normal 32
> mls flow ip interface-full
> mls flow ipx destination
> mls nde sender version 5
> mls rate-limit unicast cef receive 10000
> mls qos
>
>> Off the top of my head (we don't run hybrid anymore) I want to say
>> that the command to try is "sh mls ent long". In native mode
>> it's something along the lines of "sh mls netflow ip nowrap".
>
> Ah...I didn't notice the nowrap option last night and was cursing IOS
> for
> ignoring my term width. That makes the output easier on the
> eyes...but it
> still looks like just a tiny sampling of the real data.
>
> ----------------------------------------------------------------------
> Jon Lewis | I route
> Senior Network Engineer | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list