Home > Articles > Cisco Network Technology > General Networking > Cisco IOS IP Accounting Features

Cisco IOS IP Accounting Features

  • Sample Chapter is provided courtesy of Cisco Press.
  • Date: Oct 19, 2007.

Chapter Description

This chapter describes the IP Accounting features in Cisco IOS and enables you to distinguish the different IP Accounting functions and understand SNMP MIB details. This chapter also provides a command-line reference.

IP Accounting MAC Address

IP Accounting MAC Address is comparable to the IP Accounting (Layer 3) feature. However, MAC addresses are collected instead of IP addresses, and there is no concept of a checkpoint database. IP Accounting MAC Address calculates the total number of packets and bytes for IP traffic on LAN interfaces, based on the source and destination MAC addresses. It also records a time stamp for the last packet received or sent. This feature helps the operator determine how much traffic is exchanged with various peers at Layer 2 exchange points, such as an Internet peering point. IP Accounting MAC Address collects individual MAC addresses, so it can be used to identify a specific user for usage-based billing. It also helps security administrators identify a sender’s MAC address in case of an attack with faked IP addresses.

The maximum number of MAC addresses that can be stored at the network element for each physical interface is 512 entries for input and an additional 512 MAC addresses for output traffic. After the maximum is reached, subsequent MAC addresses are ignored. To keep addresses from not being taken into account, you should constantly check the number of available entries in the network element’s local database and clear entries if it’s getting close to 512.

IP Accounting MAC Address Principles

The principles of IP Accounting MAC Address can be summarized as follows:

  • Inbound and outbound traffic statistics are collected per MAC address.
  • Only LAN interfaces and subinterfaces (Ethernet, FastEthernet, FDDI, and VLAN) are supported.
  • A time stamp is recorded (or updated) when the last packet is sent or received.
  • When IP Accounting MAC Address is enabled, header compression is turned off so that the MAC information can be extracted from the header. When IP Accounting MAC Address is turned off, header compression is enabled.
  • There is no concept of a checkpoint database.
  • The maximum number of entries per physical interface and per direction (incoming or outgoing) is 512.
  • Collection data is accessible via CLI and SNMP. However, all configuration changes must be done via CLI, because the CISCO-IP-STAT-MIB has no read-write parameters. To retrieve the collection results via SNMP, you need to enable SNMP on the network element first. For more details about SNMP configuration, see Chapter 4.
  • The MIB contains 32-bit and 64-bit SNMP counters.

Supported Devices and IOS Versions

The following devices and Cisco IOS Software releases support IP Accounting MAC Address:

  • IP Accounting MAC Address was introduced in IOS 11.1CC.
  • It is supported on Ethernet, FastEthernet, FDDI, and VLAN interfaces. It works in conjunction with Cisco Express Forwarding (CEF), distributed Cisco Express Forwarding (dCEF), flow, and optimum switching.
  • It is supported on all routers, including the MSFC, but not the RSM.
  • On the Cisco 12000 router, it is supported only by the 3-port Gigabit Ethernet line cards.

CLI Operations

Notable commands for configuring, verifying, and troubleshooting IP Accounting MAC Address are as follows:

  • router(config-if)# ip accounting mac-address {input | output}, where:
    • input performs accounting based on the source MAC address on received packets.
    • output performs accounting based on the destination MAC address on transmitted packets.
  • router# show interface [type number] mac-accounting

    displays information for all interfaces configured for MAC accounting. To display information for a single interface, use the appropriate information for the type number arguments.

  • router# clear counters [interface-type interface-number]

    clears all the interface counters. Because the IP Accounting MAC Address entries are stored per interface, the clear counters command clears the number of bytes and packets for each IP Accounting MAC Address entry in the output of show interface [type number ] mac-accounting. However, the clear counters command does not remove any IP Accounting MAC Address entries. In the output from show interface [type number ] mac-accounting, clear counters keeps the value of the time stamp for the last packet sent or received for that entry. The clear counters command does not clear the MIB counters, because SNMP counters can never be cleared, and it does not remove any IP Accounting MAC Address entries in the MIB table. An analogy is the clear counters command that clears the number of bytes and packets in the output of show interface while the SNMP counters in the ifTable are not cleared. Note also that the clear counters command is applicable globally for all interfaces or for a single interface.

SNMP Operations

IP Accounting MAC Address uses the Cisco IP Statistics MIB to collect incoming and outgoing packets and bytes per MAC address. There is a maximum of 512 entries per physical interface per direction (ingress or egress). You have to use the CLI to enable and disable IP Accounting MAC Address. Entries can be read but not deleted via SNMP. They can be deleted using the CLI command clear counters instead. The CISCO-IP-STAT-MIB (Cisco IP Statistics MIB) was updated to support 32-bit and 64-bit counters. For high-speed interfaces, 64-bit counters are relevant, because on a 1-Gigabit interface, a 32-bit counter wraps after 34 seconds.

The IP Accounting MAC Address part of the MIB consists of two tables with separate 32-bit counters and 64-bit counters, plus an extra table for the number of free entries in the database:

  • cipMacTable is the MAC table for 32-bit counters, where an entry is created for each unique MAC address that sends or receives IP packets. It contains four variables:
    • cipMacDirection is the object’s data source.
    • cipMacAddress is the MAC address.
    • cipMacSwitchedPkts is the counter in packets with respect to cipMacAddress.
    • cipMacSwitchedBytes is the counter in bytes with respect to cipMacAddress.

    The table indexes are ifIndex, cipMacDirection, and cipMacAddress.

  • cipMacXTable is the extended MAC table for 64-bit counters, which contains only two entries.
    • cipMacHCSwitchedPkts is the high-capacity counter in packets with respect to cipMacAddress. This object is the 64-bit version of cipMacSwitchedPkts.
    • cipMacHCSwitchedBytes is the high-capacity counter in bytes with respect to cipMacAddress. This object is the 64-bit version of cipMacSwitchedBytes.

    The table indexes are ifIndex, cipMacDirection, and cipMacAddress.

  • cipMacFreeTable specifies the number of available entries in the database.
  • cipMacFreeCount is the number of items in the MAC free space.

The table indexes are ifIndex and cipMacFreeDirection.

Examples (CLI and SNMP)

The following example provides a systematic introduction to configuring and monitoring IP Accounting MAC Address and displays the results for both CLI and SNMP.

Initial Configuration

Initially, there are no IP Accounting MAC Address entries.

In this configuration, both IP Accounting MAC Address input and output are enabled:

router(config-if)#interface fastethernet 0/0
router(config-if)#ip accounting mac-address input
router(config-if)#ip accounting mac-address output
router(config-if)#exit

Collection Monitoring

The entries populate:

Router#show interface mac-accounting
FastEthernet1/0 Eth -> Nms-bb-1: Port 4/20
      Input (504 free)
0010.8305.c421(115): 7 packets, 590 bytes, last: 95924ms ago.
.
.
.
                  Total:  111 packets, 10290 bytes
      Output  (504 free)
0800.2087.66c1(8 ): 2 packets, 375 bytes, last: 8520ms ago
.
.
.
                  Total:  39 packets, 5536 bytes

For clarity, only the first input and output entries are displayed. The corresponding MIB table shows the identical entries, only one of which is displayed:

SERVER % snmpwalk -c public -v 2c martel cipMacTable
cipMacSwitchedPkts.9.input.0.16.131.5.196.33 : Counter: 7
cipMacSwitchedBytes.9.input.0.16.131.5.196.33 : Counter: 590

The table indexes are as follows:

  • ifIndex is 9 in this case, which represents fastethernet 1/0:
    Router #show snmp mib ifmib ifIndex fastethernet 1/0
        Interface = fastethernet 1/0, ifIndex =9
    
  • cipMacDirection is input or output.
  • cipMacAddress, where 0.16.131.5.196.33 is the MAC address, such as 0010.8305.c421.

This SNMP entry corresponds to the following entry in the show command:

0010.8305.c421(115): 7 packets, 590 bytes, last: 95924ms ago.

The SNMP request confirms that 504 entries are available:

SERVER % snmpwalk -c public -v 2c <router> cipMacFreeTable
CISCO-IP-STAT-MIB::cipMacFreeCount.9.input = Gauge32: 504
CISCO-IP-STAT-MIB::cipMacFreeCount.9.output = Gauge32: 504

In a situation where the counters are small, polling cipMacXTable, which contains the high-capacity counter counter64, would return the same results as polling cipMacTable.

Finally, the IP MAC address counters can be cleared, either specifically for the interface or globally for all interfaces, but no entries are deleted:

Router(config)#clear counters [fastethernet 1/0]
Router#show interface mac-accounting
FastEthernet1/0 Eth -> Nms-bb-1: Port 4/20
      Input  (504 free)
0010.8305.c421(115): 0 packets, 0 bytes, last: 125876ms ago

In the preceding example, the counters for packets and bytes are reset to 0. All other entries, along with the content of the “last” field, are preserved. The clear counters CLI command has no effect on the MIB’s content.

4. IP Accounting Precedence | Next Section Previous Section

Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@ciscopress.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.ciscopress.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020