Cisco 10005 Installationsanleitung PDF herunterladen (Seite 37)

Cisco 10000 Series Router Performance Routing Engine Installation

OL-3971-03

Analyzing and Troubleshooting Packets

Sample Case Study

For the purposes of this case study, assume that the following ACL is configured on the router’s outbound

serial 1/0/0 interface:

access-list 108 permit udp any host 10.68.1.10 range 0 5000 log

access-list 108 permit udp host 10.1.1.l0 range 0 5000 any log

A traffic simulator is used to send 100 UDP packets to the Cisco 10000 router with the source and

destination ports of the packets set to 6000. Packets arrive on the Gigabit Ethernet 2/0/0 interface and

are supposed to leave the router through the serial 1/0/0 interface.

After processing the 100 UDP packets, the show pxf cpu commands are entered to display statistical

information about the packets.

Hardware and Software Components

Table 6 lists the hardware and software components used in the case study.

Filtering the Traffic

On the outbound serial 1/0/0 interface, the Cisco 10000 router filters the 100 packets sent by the traffic

simulator using the ACL applied to the interface. The router executes the ACL from top to bottom in the

following way:

access-list 108 permit udp any host 10.68.1.10 range 0 5000 log

access-list 108 permit udp host 10.1.1.10 range 0 5000 any log

• Statement 1—Allows any UDP packet to access host 10.68.1.10 if the UDP destination port of the

packet is between 0 and 5000. The router logs packet information to the console if a match is made.

• Statement 2—Allows any UDP packet from host 10.1.1.10 with a source port between 0 and 5000

to be permitted. The router logs packet information to the console if a match is made.

• Implicit Deny—Denies all remaining packets and does not log the packet information to the console.

Remember, the 100 UDP packets were sent with a source and destination port of 6000. As the router

executes the ACL, none of the 100 packets matches ACL statements 1 and 2 because of the different port

numbers. The router then executes the implicit deny statement.

The implicit deny statement terminates any ACL. This statement tells the router to deny all other traffic.

Because the 100 packets did not match statements 1 and 2, the router then executes the deny all statement

and denies the packets.

Displaying Packet Statistics for ACLs

The show pxf cpu statistics security command provides statistical information about the packets

denied, permitted, and logged by ACLs. The router collects statistics for mini-compiled ACLs, but not

for turbo-compiled ACLs.

Table 6 Hardware and Software Components

Cisco IOS Release Processor Image

Experimental version 12.0 ESR-PRE2 c10k-p8-mz.weekly.03272002

1 2 ... 32 33 34 35 36 37 38 39 40 41 42 ... 45 46

Keine Kommentare

Cisco 10005 Installationsanleitung Seite 37