[c-nsp] Logging Connections

Gert Doering gert at greenie.muc.de
Wed Dec 28 15:10:53 EST 2011


On Wed, Dec 28, 2011 at 01:30:52PM +0000, Nick Hilliard wrote:
> On 27/12/2011 12:57, Manu Chao wrote:
> > *Why not using following command on your SVI:*
> > 
> > *ip accounting output*-*packets*
> Because that will trash the RP on the 6500.

I don't think it will actually do anything... (but I would be very
careful in case it *does*, and forces traffic to be CPU-switched).

> It may be a better idea to use a RSPAN session to sniff ingress / egress
> traffic on the physical ports in question.

Or enable netflow.  Which has its limitations, but if a SPAN session
is able to catch the traffic, netflow should be able to do so as well
(without TCP flags, of course, but "ip accounting" wouldn't catch
those either)

USENET is *not* the non-clickable part of WWW!
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20111228/519fcaa3/attachment.sig>

More information about the cisco-nsp mailing list