Debug Ethernet level information on Cisco Routers

Unanswered Question
Oct 10th, 2007

Hello,

Is there any way (for example using debug commands)to see Ethernet level information in incoming Ethernet frames.

For example I have Fast Ethernet interface in my router. I would like to debug, what information is receiving this interface.

Debug ip packet details show only information starting from IP level (e.g Source IP, Destination IP, protocol type).

But I would like to see Ethernet level information (e.g. Destination MAC, Source MAC).

Is the any way to do this from the Router CLI interface?

Cisco IOS 12.4.

This is pure theoretical question. Other solutions to solve this problem are known for me (for. example to configure mirror SPAN port on switch to which Router is connected and debug Information with PC Ethereal).

Best Regards,

Tomas Chmelevski

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Kevin Dorrell Thu, 10/11/2007 - 00:34

I wish there was a way of doing this ... it would make my life so much simpler. If I could know the MAC address of the packets that are being denied by my access-list, I could track them down. I have searched and found nothing. :-(

Kevin Dorrell

Luxembourg

Richard Burts Thu, 10/11/2007 - 02:44

Kevin

The MAC of packets which are denied by ACL is not difficult. Try using log-input in your ACL instead of just log.

As far as a debug or other thing that would do a layer 2 capture type function Ethereal (now wireshark) and other type of packet capture software is the best option for this.

Give it a try and let us know how it works.

HTH

Rick

Kevin Dorrell Thu, 10/11/2007 - 05:34

Thanks Rick, I didn't know about that. I'll give it a try.

Kevin Dorrell

Luxembourg

Kevin Dorrell Fri, 10/12/2007 - 01:18

Rick,

Thanks you, that was really really useful. I have already tracked down two rogue configurations with it.

Strangely, it didn't work at first, and I was about to write back and say there was a problem using it on the incoming ACL on an SVI. At first, the log message looked exactly the same as it did before. I had configured it by editing the (named extended) ACL on the fly using line numbers. I guess it didn't get loaded to the ASIC immediately.

Thanks again.

Kevin Dorrell

Luxembourg

Richard Burts Fri, 10/12/2007 - 04:57

Kevin

I am glad that it is working and doing what you need. It is odd that it took some time before it started to work. About how long was the delay before it began working?

HTH

Rick

Kevin Dorrell Fri, 10/12/2007 - 05:20

Rick,

Sorry, I have just been through the syslog, (which logs tha config changes as well as the access-list drops) and I must have been imagining it. I think I got confused with some hits on some lines where I had left the log without the -input.

It's almost the weekend!

Kevin Dorrell

Luxembourg

glen.grant Thu, 10/11/2007 - 03:17

If you get the ip's then all you to do to get the mac is look at the arp tables.

Actions

This Discussion