Revisar paquetes en una interfaz usando políticas

Si queremos saber si el tráfico con determinado criterio pasa a través de una interfaz, podemos revisarlo usando políticas.

Son varios pasos por seguir:

Configurar una ACL que especifique el criterio que necesitemos revisar si están saliendo de la interfaz:

[R23ROUTER-2]acl 3333

[R23ROUTER-2-acl-adv-3333]rule 5 permit icmp source 172.16.100.50 0 destination 10.20.30.1 0

[R23ROUTER-2-acl-adv-3333]rule 10 permit icmp source 10.20.30.1 0 destination 172.16.100.50 0

[R23ROUTER-2-acl-adv-3333]display this

acl number 3333

rule 5 permit icmp source 172.16.100.50 0 destination 10.20.30.1 0

rule 10 permit icmp source 10.20.30.1 0 destination 172.16.100.50 0

Configurar un Traffic Classifier que esté asociado a la Access List:

[R23ROUTER-2]traffic classifier C1

[R23ROUTER-2-classifier-C1]if-match acl 3999

[R23ROUTER-2-classifier-C1]quit

[R23ROUTER-2]

Habilitar las estadísticas al configurar el Traffic Behavior

[R23ROUTER-2]traffic behavior B1

[R23ROUTER-2-behavior-B1]statistic enable

[R23ROUTER-2-behavior-B1]quit

Configurar el Traffic Policy hasta colocarle el Classifier y el Bahavior antes configurados:

[R23ROUTER-2]traffic policy P1

[R23ROUTER-2-trafficpolicy-P1]classifier C1 behavior B1

[R23ROUTER-2-trafficpolicy-P1]quit

[R23ROUTER-2]

Aplicar la política sobre la interface para poder sensar el tráfico, ya sea de entrada o de salida.

[R23ROUTER-2]interface GigabitEthernet 0/0/0

[R23ROUTER-2-GigabitEthernet0/0/0]traffic-policy P1 inbound

[R23ROUTER-2-GigabitEthernet0/0/0]

[R23ROUTER-2-GigabitEthernet0/0/0]traffic-policy P1 outbound

[R23ROUTER-2-GigabitEthernet0/0/0]quit

Empezar a generar tráfico, con un ping por ejemplo y despelgar las estadísticas:

<R23ROUTER-2>display traffic policy statistics interface GigabitEthernet 0/0/0 inbound

Interface: GigabitEthernet0/0/0

Traffic policy inbound: P1

Rule number: 2

Current status: OK!

Item Sum(Packets/Bytes) Rate(pps/bps)

------------------------------------------------------------------------------

Matched 0/0 0/0

Passed 0/0 0/0

Dropped 0/0 0/0

Filter 0/0 0/0

CAR 0/0 0/0

Queue Matched 0/0 0/0

Enqueued 0/0 0/0

Discarded 0/0 0/0

CAR 0/0 0/0

Green packets 0/0 0/0

Yellow packets 0/0 0/0

Red packets 0/0 0/0

<R23ROUTER-2>

<R23ROUTER-2>display traffic policy statistics interface GigabitEthernet 0/0/0 outbound

Interface: GigabitEthernet0/0/0

Traffic policy outbound: P1

Rule number: 2

Current status: OK!

Item Sum(Packets/Bytes) Rate(pps/bps)

------------------------------------------------------------------------------

Matched 0/0 0/0

Passed 0/0 0/0

Dropped 0/0 0/0

Filter 0/0 0/0

CAR 0/0 0/0

Queue Matched 0/0 0/0

Enqueued 0/0 0/0

Discarded 0/0 0/0

CAR 0/0 0/0

Green packets 0/0 0/0

Yellow packets 0/0 0/0

Red packets 0/0 0/0

<R3ROUTER-1>

Traffic Policy

Revisar paquetes en una interfaz usando políticas

Secreto comercial de terceros

My Followers

Empresa

Consumidores

Corporativo

Operadores

Revisar paquetes en una interfaz usando políticas

Secreto comercial de terceros

My Followers