Filter
Top Products
Configuring IP Services
Configuring IP Accounting
IPC-108
Cisco IOS IP Configuration Guide
The IP source address of an ICMP packet must match the gateway address used by the host in the packet
that triggered the ICMP packet, otherwise the host will reject the ICMP redirect packet. An HSRP router
uses the destination MAC address to determine the gateway IP address of the host. If the HSRP router
is using the same MAC address for multiple IP addresses then it is not possible to uniquely determine
the gateway IP address of the host and the redirect message is not sent.
The following is sample output from the debug standby events icmp EXEC command if HSRP could
not uniquely determine the gateway used by the host:
10:43:08: SB: ICMP redirect not sent to 20.0.0.4 for dest 30.0.0.2
10:43:08: SB: could not uniquely determine IP address for mac 00d0.bbd3.bc22
Configuring HSRP Support for ICMP Redirect Messages
By default, HSRP filtering of ICMP redirect messages is enabled on routers running HSRP. To reenable
this feature on your router if it is disabled, use the following command in interface configuration mode:
Configuring IP Accounting
Cisco IP accounting support provides basic IP accounting functions. By enabling IP accounting, users
can see the number of bytes and packets switched through the Cisco IOS software on a source and
destination IP address basis. Only transit IP traffic is measured and only on an outbound basis; traffic
generated by the software or terminating in the software is not included in the accounting statistics. To
maintain accurate accounting totals, the software maintains two accounting databases: an active and a
checkpointed database.
Cisco IP accounting support also provides information identifying IP traffic that fails IP access lists.
Identifying IP source addresses that violate IP access lists alerts you to possible attempts to breach
security. The data also indicates that you should verify IP access list configurations. To make this feature
available to users, you must enable IP accounting of access list violations using the ip accounting
access-violations interface configuration command. Users can then display the number of bytes and
packets from a single source that attempted to breach security against the access list for the source
destination pair. By default, IP accounting displays the number of packets that have passed access lists
and were routed.
To enable IP accounting, use one of the following commands for each interface in interface configuration
mode:
Command Purpose
Router (config-if)# standby redirects [enable | disable]
[timers advertisement holddown] [unknown]
Enables HSRP filtering of ICMP redirect
messages
Command Purpose
Router(config-if)# ip accounting
Enables basic IP accounting.
Router(config-if)# ip accounting
access-violations
Enables IP accounting with the ability to identify IP traffic that fails IP
access lists.