一、ip accounting1、配置方法router(config)#int s 0/0router(config-if)#ip accounting output-packetsrouter#sh ip accounting output-packetsSource Destination Packets Bytes192.1.1.110 192.1.1.97 5 500172.17.246. 128 192.1.1.110 8 704Accounting data age is 2d23h或者router(config)#int s 0/0router(config-if)#ip accounting access-violationsrouter#sh ip accounting [checkpoint] access-violationsSource Destination Packets Bytes ACL192.1.1.110 224.0.0.5 46 3128 19Accounting data age is 72、说明●此方法如果在路由器负载特大的时候请谨慎使用，因其会使系统性能下降● 基于地址对的字节数量及数据包数量统计● 通常只支持outbound的数据包，及被ACL拒绝的数据包（支持IN 和 OUT方向的ACL）● 只统计穿越路由器的流量，源或目的是该路由器的数据包不做统计● 支持所有的switching path，除了Autonomous Switching● 可以通过SNMP来访问统计值，MIB是OLD-CISCO-IP-MIB, lipAccountingTable● ip accounting还支持其他的监测方式，如基于tos,mac-address等二、netflow1、配置方法router (config-if)#ip route-cache flowrouter (config)#ip flow-export destination 172.17.246.225 9996router (config)#ip flow-export version 5 <peer-as | origin-as>Optional configurationrouter (config)#ip flow-export source loopback 0router (config)#ip flow-cache entries <1024-524288>router (config)#ip flow-cache timeoutsh ip cache flowIP packet size distribution (132429191 total packets):1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480.000 .191 .024 .009 .010 .006 .005 .008 .003 .005 .003 .003 .002 .001 .001512 544 576 1024 1536 2048 2560 3072 3584 4096 4608.001 .002 .107 .032 .578 .000 .000 .000 .000 .000 .000IP Flow Switching Cache, 278544 bytes33 active, 4063 inactive, 7975259 added104834714 ager polls, 0 flow alloc failuresActive flows timeout in 30 minutesInactive flows timeout in 15 secondslast clearing of statistics neverProtocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)-------- Flows /Sec /Flow /Pkt /Sec /Flow /FlowTCP-Telnet 25378 0.0 12 652 0.0 22.9 15.2TCP-FTP 432435 0.1 4 59 0.4 1.2 2.7TCP-FTPD 28670 0.0 212 1397 1.4 8.2 1.6TCP-WWW 4682530 1.0 15 927 16.4 2.4 4.62、说明● 统计基于流（包括地址对、端口号、协议类型等）的数据量● 只支持inbound的流量● 只支持单播● 只能在主端口配置● 需要和cef或fast switching一起使用● 对路由器性能有影响10,000 active flows: < 4% of additional CPU utilization45,000 active flows: <12% of additional CPU utilization65,000 active flows: <16% of additional CPU utilization三、NBAR1、配置方法router(config)# interface FastEthernet 0/1router(config-if)# ip nbar protocol discoveryrouter# show ip nbar protocol -discovery interface FastEthernet 6/0FastEthernet6/0Input OutputProtocol Packet Count Packet CountByte Count Byte Count5 minute bit rate (bps) 5 minute bit rate (bps)------------------------ ------------------------ ------------------------http 316773 026340105 03000 0pop3 4437 73672301891 3392133000 0snmp 279538 14644319106191 6736240 0…Total 17203819 15168493619161397327 509670346114179000 66200002、说明● NBAR识别从4层到7层的协议信息●可以基于端口统计input 和output 的bit rate (bps), packet counts, byte counts● 只能在cef或dcef的基础上运行● 不象netflow，没有流的概念。

主要是统计目前网络中有那一些应用四、access-list log1、配置方法router(config)# access-list 118 permit ip any any logrouter(config)# interface FastEthernet 0/1router(config-if)# ip access-group 118 outrouter# show logrouter>sh logSyslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes,0 overruns)Console logging: level debugging, 79 messages loggedMonitor logging: level debugging, 0 messages loggedBuffer logging: level debugging, 79 messages loggedLogging Exception size (4096 bytes)Trap logging: level informational, 83 message lines loggedLog Buffer (4096 bytes):*May 25 05:27:50: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.29.3(0), 1 packet*May 25 05:28:59: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.28.128(0), 1 packet*May 25 05:29:19: %SEC-6-IPACCESSLOGP: list 118 permitted tcp 10.1.64.71(0) -> 10.0.29.3(0), 56 packets2、说明● 可以使用于任何端口的input 或者output● 可以看到目前端口上跑的应用● 没有统计信息，只能看到有那一些地址，看不到应用统计