User Guide

ManualsBrandsCisco Systems ManualsOtherEA6500

341

342

343

344

345

346

347

348

349

350

24-6

Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E

78-14099-04

Chapter 24 Configuring Denial of Service Protection

Configuring DoS Protection

Monitoring Packet Drop Statistics

Because the rate-limiting mechanism allows a certain number of packets to be forwarded for software

processing, you can view the packet drop statistics by entering NetFlow show commands from the CLI.

You can also capture the incoming or outgoing traffic on an interface and send a copy of this traffic to

an external interface for monitoring by, for example, a traffic analyzer. To capture traffic and forward it

to an external interface, use the monitor session commands.

Monitoring Dropped Packets Using NetFlow Commands

The following NetFlow commands display flows that are destined to the router MAC that are either

hardware switched or forwarded to the route processor.

Displaying statistics based on source or flow only works if the MLS NetFlow flowmask is set to a value

greater than destination-only.

Router# show mls ip

Displaying Netflow entries in Supervisor Earl

DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr

--------------------------------------------------------------------

200.2.5.3 0.0.0.0 0 :0 :0 0 : 0

Pkts Bytes Age LastSeen Attributes

---------------------------------------------------

0 0 1 01:52:25 L3 - Dynamic

Router# show mls netflow flowmask

current ip flowmask for unicast: destination only

current ipx flowmask for unicast: destination only

Router# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# mls flow ip destination-source

Router(config)# exit

1w6d: %SYS-5-CONFIG_I: Configured from console by console

Router# show mls ip

Displaying Netflow entries in Supervisor Earl

DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr

--------------------------------------------------------------------

200.2.5.3 223.255.254.226 0 :0 :0 0 : 0

Pkts Bytes Age LastSeen Attributes

---------------------------------------------------

0 0 2 01:54:05 L3 - Dynamic

Router#

When you use the show mls ip command to display information about flows for a specific source or

destination address, the command accepts 32 host prefixes only. When you use the output modifiers, you

might see all flows from a specific subnet.

Router# show mls ip source 9.9.9.2 mod 4

Displaying Netflow entries in module 4

DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr

--------------------------------------------------------------------

9.9.9.177 9.9.9.2 0 :0 :0 0 : 0

Pkts Bytes Age LastSeen Attributes

---------------------------------------------------

0 0 28 01:56:59 L3 - Dynamic

Router# show mls ip mod 4 | include 9.9.9

9.9.9.177 9.9.9.2 0 :0 :0 0 : 0