10-10-2007 10:46 PM - edited 03-05-2019 07:01 PM
Hello,
Is there any way (for example using debug commands)to see Ethernet level information in incoming Ethernet frames.
For example I have Fast Ethernet interface in my router. I would like to debug, what information is receiving this interface.
Debug ip packet details show only information starting from IP level (e.g Source IP, Destination IP, protocol type).
But I would like to see Ethernet level information (e.g. Destination MAC, Source MAC).
Is the any way to do this from the Router CLI interface?
Cisco IOS 12.4.
This is pure theoretical question. Other solutions to solve this problem are known for me (for. example to configure mirror SPAN port on switch to which Router is connected and debug Information with PC Ethereal).
Best Regards,
Tomas Chmelevski
10-11-2007 12:34 AM
I wish there was a way of doing this ... it would make my life so much simpler. If I could know the MAC address of the packets that are being denied by my access-list, I could track them down. I have searched and found nothing. :-(
Kevin Dorrell
Luxembourg
10-11-2007 02:44 AM
Kevin
The MAC of packets which are denied by ACL is not difficult. Try using log-input in your ACL instead of just log.
As far as a debug or other thing that would do a layer 2 capture type function Ethereal (now wireshark) and other type of packet capture software is the best option for this.
Give it a try and let us know how it works.
HTH
Rick
10-11-2007 05:34 AM
Thanks Rick, I didn't know about that. I'll give it a try.
Kevin Dorrell
Luxembourg
10-12-2007 01:18 AM
Rick,
Thanks you, that was really really useful. I have already tracked down two rogue configurations with it.
Strangely, it didn't work at first, and I was about to write back and say there was a problem using it on the incoming ACL on an SVI. At first, the log message looked exactly the same as it did before. I had configured it by editing the (named extended) ACL on the fly using line numbers. I guess it didn't get loaded to the ASIC immediately.
Thanks again.
Kevin Dorrell
Luxembourg
10-12-2007 04:57 AM
Kevin
I am glad that it is working and doing what you need. It is odd that it took some time before it started to work. About how long was the delay before it began working?
HTH
Rick
10-12-2007 05:20 AM
Rick,
Sorry, I have just been through the syslog, (which logs tha config changes as well as the access-list drops) and I must have been imagining it. I think I got confused with some hits on some lines where I had left the log without the -input.
It's almost the weekend!
Kevin Dorrell
Luxembourg
10-11-2007 03:17 AM
If you get the ip's then all you to do to get the mac is look at the arp tables.
10-11-2007 04:46 AM
Sorry, cancelled posting
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide