how to read this logs

mlopacinski · ‎05-17-2009

Hello

I used debug ip packet 1501. In access-list 1501 i have one of my externalip (EXTIP1). I received:

May 18 09:44:52: IP: s=EXTIP1 (Vlan201), d=EXTIP2, len 84, input feature, Access List(21), rtype 0, forus FALSE, sendself FALSE, mtu 0

sorry for duplicate :(

What does this logs mean ? What does forus=FALSE and sendself=FALSE mean ?

Thanx

Giuseppe Larosa · ‎05-18-2009

Hello Maciej,

sendself false should mean the packet is not destined to any ip address on the device.

forus false

my guess is that this is specific of multilayer switches.

Actually debug command reference for 12.4 don't report these codes

http://www.cisco.com/en/US/docs/ios/debug/command/reference/db_i1.html#wp1016852

to understand the meaning from context you should provide more lines.

Is the packet forwarded or denied by ACL 21 ?

Hope to help

Giuseppe

mlopacinski · ‎05-18-2009

Hello

I do not have ACL 21 ! I do not understeand this log. It's 6509 switch, the packet is received from access port(L2) and routed to ACE. BUT: it's not typical packet.

Typical packes are not seen by debug ip packet (this one is always switched thru software?).

The packet is not typical because it's translated from ipv6 (nat-pt) and it has: L3 id=0, L3 flags = Don't frag, L4 options(SACK permit, window scale x2, timestamps). The packet is actually routed to ACE but ACE behaves very strangely - it responds with SYN/ACK with incorrect L3 CRC. 6509 do not see this returning packet.

All other traffic works fine on this 6509+ACE - only ipv4 translated from ipv6. What could be wrong ?

Thanx