debug ip packet 199

Unanswered Question
Aug 18th, 2008
User Badges:

Hi,

Wondering if someone can help.

I've created an access-list to check debugging but although I can successfully rdp 172.18.0.195 no logs show up on the switch.


Terminal monitor and logging monitor debug enabled.


DSLWLQ1#sh ip access-lists

Extended IP access list 199

permit tcp any host 172.18.0.195 eq 3389

DSLWLQ1#sh debug

Generic IP:

IP packet debugging is on for access list 199

DSLWLQ1#


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
Loading.
Richard Burts Mon, 08/18/2008 - 13:54
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Murilo


The first thing that I would want to check is what port on the router the traffic arrives on for RDP and what port on the router the traffic leaves on for RDP (to destination 172.18.0.195).


The second thing that might affect it is whether traffic is being CEF or fast switches. To take care of this I would configure under the interface where traffic arrives and also under the interface where traffic leaves the command:

no ip route-cache

this will force process switching of the traffic and will give debug a chance to report the traffic.


[note] after the debug is completed remember to restore the switching path on the interfaces with ip route-cache.


HTH


Rick

muca Mon, 08/18/2008 - 14:38
User Badges:

Thanks Rick,

No ip route-cache was already enabled on interface vlan 18 (It's a 2950 layer 2) but not on vlan 30.


It's doesn't even work for icmp packets but I reckon it's probably related to fast switching.


I can't play around too much on prod env.


Thanks



Richard Burts Mon, 08/18/2008 - 17:55
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Murilo


I believe that it has more to do with the device being a 2950. As a layer 2 switch I do not believe that it has much capability to debug layer 3 IP processing. If you want to debug the RDP traffic I suggest that you do the debug on whatever layer 3 device is providing the routing between the source and the destination. (and if the source and the destination are in the same subnet then I do not know that debug will see it at all)


HTH


Rick

muca Mon, 08/18/2008 - 18:55
User Badges:

Rick,

Thanks for that. I've tried debugging on layer3 switches at both ends (source and destination).


No success but it could be related to no ip route-cache.


micahcox Mon, 08/18/2008 - 23:38
User Badges:

If you are looking to view traffic traversing a switch you need a packet sniffer (Wireshark is free) and you need to set up a monitor port. Lookup the monitor configuration command for the 2950. Pick a port that you will plug your sniffer into and the port you want to see the traffic traverse. Be sure to create a bidirectional monitor.


Actions

This Discussion