Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
2
Replies

unexpected output from debug command

tato386
Level 6
Level 6

‎09-19-2007 05:56 PM - edited ‎03-05-2019 06:35 PM

I am trying to troubleshooting a routing issue and decided to setup an access-list that specifies two host IP addresses to see what is going on. I do something like this:

access-list 199 permit ip host 1.1.1.1 host 2.2.2.2

access-list 199 deny ip any any

term mon

debug ip packet 199 detail

After I do this I get a flood of debug messages that do not match the 199 ACL. It seems like ALL traffic going thru the router is being shown in the debug instead of just packets from 1.1.1.1 to 2.2.2.2

Any ideas on why this is happening?

Thanks,

Labels:
0 Helpful
2 Replies 2

Edison Ortiz
Hall of Fame
Hall of Fame

‎09-19-2007 07:02 PM

It's displaying the denies as well. If you want to only see debug messages for connection to host 1.1.1.1 from host 2.2.2.2, remove the last entry. An implicit deny will take care of it.

0 Helpful

tato386
Level 6
Level 6
In response to Edison Ortiz

‎09-20-2007 05:57 AM

It doesn't appear to be the deny. I recreated that ACL without the deny and some deluge of debug info. I went further and actuall used a couple bogus IPs and still the deluge of debug info. It seems that the debug is simply ignoring the ACL even though a "show debug" shows the debug command with the ACL. Wow, maybe a bug in my particular IOS version? It is 12.3(6a)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card