Академический Документы
Профессиональный Документы
Культура Документы
Table of Contents
Table of Contents
Chapter 1 IP Accounting Configuration Commands ................................................................. 1-1
1.1 IP Accounting Configuration Commands........................................................................... 1-1
1.1.1 display ip count........................................................................................................ 1-1
1.1.2 display ip count rule ................................................................................................ 1-2
1.1.3 ip count enable ........................................................................................................ 1-3
1.1.4 ip count exterior-threshold....................................................................................... 1-4
1.1.5 ip count firewall-denied ........................................................................................... 1-5
1.1.6 ip count inbound-packets ........................................................................................ 1-6
1.1.7 ip count interior-threshold........................................................................................ 1-7
1.1.8 ip count outbound-packets ...................................................................................... 1-8
1.1.9 ip count rule............................................................................................................. 1-8
1.1.10 ip count timeout ..................................................................................................... 1-9
1.1.11 reset ip count....................................................................................................... 1-10
Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands
The support for this feature depends on the specific model of the Quidway AR series
routers.
Note:
z
Refer to the configuration manual of this module for feature support of the Quidway
AR series routers.
All the models of the Quidway AR series routers are centralized devices.
View
Any view
Default Level
1: Monitor level
Parameters
inbound-packets: Displays information about incoming IP packets.
outbound-packets: Displays information about outgoing IP packets.
exterior: Displays information about the IP packets in the exterior table. The exterior
table records valid rule-incompliant packets.
firewall-denied: Displays information about denied IP packets.
1-1
Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)
interior: Displays information about the IP packets in the interior table. The interior
table records valid rule-compliant packets.
Note:
If no firewall is configured on the interface, valid packets refer to all incoming and
outgoing IP packets. If a firewall is configured, only those valid packets can pass the
firewall.
Description
Use the display ip count command to display the statistics of the IP accounting about
IP packets.
Examples
# Display information about valid rule-incompliant incoming IP packets.
<Sysname> display ip count inbound-packets exterior
6 Inbound streams information in exterior list:
SrcIP
DstIP
Protocol
Pkts
Bytes
0.0.0.0
255.255.255.255
UDP
28
9502
10.153.72.181
10.153.73.255
UDP
174
38034
10.153.72.137
239.255.255.250
UDP
644
10.153.72.141
224.0.0.2
IGMP
128
10.153.72.141
224.0.0.9
UDP
208
10.153.72.141
224.0.0.9
IGMP
128
Description
SrcIP
DstIP
Protocol
Pkts
Number of packets
Bytes
1-2
Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display ip count rule command to display IP accounting rules.
Examples
# Display IP accounting rules.
<Sysname> display ip count rule
IP Count rule list:
IP address
address mask
1.1.1.0
255.255.255.0
2.0.0.0
255.0.0.0
-----------------------------------Total: 2 rules
Description
IP address
IP address
address mask
Subnet mask
View
System view
Default Level
2: System level
1-3
Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)
Parameters
None
Description
Use the ip count enable command to enable IP accounting.
Use the undo ip count enable command to disable IP accounting.
By default, IP accounting is disabled.
Examples
# Enable IP accounting.
<Sysname> system-view
[Sysname] ip count enable
View
System view
Default Level
2: System level
Parameters
number: Maximum number of flow records in the exterior table, in the range of 0 to
8,192.
Description
Use the ip count exterior-threshold command to configure the maximum number of
flow records in the exterior table.
Use the undo ip count exterior-threshold command to restore the default. When
doing this, you are prompted to clear the table first if any flow records already exist in
the table.
By default, the maximum number of flow records in the exterior table is 0.
Rule-incompliant packets are not to be counted.
IP packets are sorted as follows:
z
1-4
Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands
If the source or destination IP address of the IP packets passing the interface (in
this case, a firewall may be configured or not) matches a network address in the IP
accounting rule, the packets are recorded in the interior table. Otherwise, the
packets are counted in the exterior table.
Examples
# Set the maximum number of flow records in the exterior table to 100.
<Sysname> system-view
[Sysname] ip count exterior-threshold 100
View
Interface view
Default Level
2: System level
Parameters
inbound-packets: Counts the incoming IP packets denied by the firewall on the current
interface.
outbound-packets: Counts the outgoing IP packets denied by the firewall on the
current interface.
Description
Use the ip count firewall-denied command to count the IP packets denied by the
firewall on the current interface.
Use the undo ip count firewall-denied command to restore the default.
By default, IP packets denied by the firewall are not counted.
Information about counted firewall-denied IP packets is stored in the firewall-denied
table.
Examples
# Count the outgoing IP packets denied by the firewall on Ethernet 1/0.
<Sysname> system-view
[Sysname] interface ethernet 1/0
[Sysname-Ethernet1/0] ip count firewall-denied outbound-packets
1-5
Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)
# Specify not to count the outbound IP packets denied by the firewall on Ethernet 1/0.
<Sysname> system-view
[Sysname] interface ethernet 1/0
[Sysname-Ethernet1/0] undo ip count firewall-denied outbound-packets
View
Interface view
Default Level
2: System level
Parameters
None
Description
Use the ip count inbound-packets command to count incoming IP packets on the
current interface.
Use the undo ip count inbound-packets command to restore the default.
By default, incoming IP packets on the interface are not counted.
After you execute the ip count inbound-packets command in interface view, the
incoming IP packets are stored in the exterior or interior table, depending on whether
they match the IP accounting rules.
Note:
If no firewall is configured on the interface, valid packets refer to all incoming and
outgoing IP packets. If a firewall is configured, valid packets refer to only those passing
the firewall.
Examples
# Count valid incoming IP packets on Ethernet 1/0.
<Sysname> system-view
[Sysname] interface ethernet 1/0
1-6
Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands
View
System view
Default Level
2: System level
Parameters
number: Maximum number of flow records in the interior table, in the range 0 to 16,384.
Description
Use the ip count interior-threshold command to configure maximum number of flow
records in the interior table.
Use the undo ip count interior-threshold command to restore the default. When
doing this, you are prompted to clear the table first if the number of flow records in the
table is greater than the default.
By default, maximum number of flow records in the interior table is 512.
IP packets are sorted as follows:
z
If the source or destination IP address of the IP packets passing the interface (in
this case, a firewall may be configured or not) matches a network address in the IP
accounting rule, the packets are recorded in the interior table. Otherwise, the
packets are recorded in the exterior table.
Examples
# Set maximum number of flow records in the interior table to 1000.
<Sysname> system-view
[Sysname] ip count interior-threshold 1000
1-7
Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)
View
Interface view
Default Level
2: System level
Parameters
None
Description
Use the ip count outbound-packets command to count outgoing valid IP packets on
the current interface.
Use the undo ip count outbound-packets command to restore the default.
By default, valid outgoing IP packets on the interface are not counted.
You can execute this command in interface view to count outgoing IP packets, which
will be stored in the exterior table or interior table, depending on whether they match the
accounting rules.
Examples
# Count valid outgoing IP packets on Ethernet 1/0.
<Sysname> system-view
[Sysname] interface ethernet 1/0
[Sysname-Ethernet1/0] ip count outbound-packets
View
System view
Default Level
2: System level
1-8
Command Manual IP Accounting (IP Services Volume) Chapter 1 IP Accounting Configuration Commands
Parameters
ip-address: IP address.
mask: Subnet mask.
mask-length: Length of a subnet mask, in the range of 0 to 32.
Description
Use the ip count rule command to create an IP accounting rule.
Use the undo ip count rule command to remove the specified accounting rule. All IP
accounting rules will be deleted if no parameter is specified.
Each IP accounting rule consists of an IP address and its mask, namely, a network
address, which is the result of ANDing the IP address with its mask. IP packets are
sorted as follows:
z
If the source or destination IP address of the IP packets passing the interface (in
this case, a firewall may be configured or not) matches a network address in the
rule, the packets are counted in the interior table. Otherwise, the packets are
counted in the exterior table.
Note that:
z
If no rule is configured, the current packets are not concerned and are all counted
in the exterior table.
Examples
# Create an IP accounting rule.
<Sysname> system-view
[Sysname] ip count rule 169.254.10.1 255.255.0.0
View
System view
Default Level
2: System level
1-9
Chapter 1 IP Accounting Configuration Commands Command Manual IP Accounting (IP Services Volume)
Parameters
minutes: Aging time in minutes for a flow record in the accounting table, in the range of
60 to 10,080.
Description
Use the ip count timeout command to configure aging time for a flow record in the IP
accounting table.
Use the undo ip count timeout command to restore the default.
By default, the aging time for a flow record is 720 minutes, namely, 12 hours.
If a flow record does not update before its aging time expires, the record is considered
expired and then deleted.
Examples
# Set the aging time for a flow record to 100 minutes.
<Sysname> system-view
[Sysname] ip count timeout 100
View
User view
Default Level
2: System level
Parameters
all: Clears all statistics.
firewall: Clears the statistics from the firewall-denied table.
exterior: Clears the statistics from the exterior table.
interior: Clears the statistics from the interior table.
Description
Use the reset ip count command to clear the statistics of IP packets.
Examples
# Clear the statistics of all IP packets.
<Sysname> reset ip count all
1-10