[c-nsp] Logging Connections
Gert Doering
gert at greenie.muc.de
Wed Dec 28 15:10:53 EST 2011
Hi,
On Wed, Dec 28, 2011 at 01:30:52PM +0000, Nick Hilliard wrote:
> On 27/12/2011 12:57, Manu Chao wrote:
> > *Why not using following command on your SVI:*
> >
> > *ip accounting output*-*packets*
>
> Because that will trash the RP on the 6500.
I don't think it will actually do anything... (but I would be very
careful in case it *does*, and forces traffic to be CPU-switched).
> It may be a better idea to use a RSPAN session to sniff ingress / egress
> traffic on the physical ports in question.
Or enable netflow. Which has its limitations, but if a SPAN session
is able to catch the traffic, netflow should be able to do so as well
(without TCP flags, of course, but "ip accounting" wouldn't catch
those either)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20111228/519fcaa3/attachment.sig>
More information about the cisco-nsp
mailing list