how to read this logs

Unanswered Question
May 17th, 2009
User Badges:

Hello

I used debug ip packet 1501. In access-list 1501 i have one of my externalip (EXTIP1). I received:

May 18 09:44:52: IP: s=EXTIP1 (Vlan201), d=EXTIP2, len 84, input feature, Access List(21), rtype 0, forus FALSE, sendself FALSE, mtu 0


sorry for duplicate :(


What does this logs mean ? What does forus=FALSE and sendself=FALSE mean ?


Thanx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 05/18/2009 - 03:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Maciej,

sendself false should mean the packet is not destined to any ip address on the device.


forus false

my guess is that this is specific of multilayer switches.



Actually debug command reference for 12.4 don't report these codes


http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_i1.html#wp1016852


to understand the meaning from context you should provide more lines.

Is the packet forwarded or denied by ACL 21 ?


Hope to help

Giuseppe



mlopacinski Mon, 05/18/2009 - 04:45
User Badges:

Hello


I do not have ACL 21 ! I do not understeand this log. It's 6509 switch, the packet is received from access port(L2) and routed to ACE. BUT: it's not typical packet.

Typical packes are not seen by debug ip packet (this one is always switched thru software?).

The packet is not typical because it's translated from ipv6 (nat-pt) and it has: L3 id=0, L3 flags = Don't frag, L4 options(SACK permit, window scale x2, timestamps). The packet is actually routed to ACE but ACE behaves very strangely - it responds with SYN/ACK with incorrect L3 CRC. 6509 do not see this returning packet.

All other traffic works fine on this 6509+ACE - only ipv4 translated from ipv6. What could be wrong ?


Thanx



Actions

This Discussion