Debug issue !

Answered Question
Aug 2nd, 2009
User Badges:

hi all. recently i faced an issue when there was a conflict in 2 deptts. Server and WAN. One of the client from a remote site wasnt able to form connection with Server. I did debug, access-list on interface matching, Packet capture on IOS to make sure that packets from server werent reaching routers LAN interface. Later it was figured that it was an issue of server but i am still confused and kinda afraid. Is it also possible that due to some interface issue. IOS malfunction/bug that packets may actually reach router interface but are not shown in debug or access-list matching ? i mean how can i be 100% sure that packets actually entered on an interface or not ?

Correct Answer by Peter Paluch about 7 years 11 months ago

Hello,


You have asked: Is it also possible that due to some interface issue. IOS malfunction/bug that packets may actually reach router interface but are not shown in debug or access-list matching?


Purely theoretically, yes, it is possible. But I believe that these kinds of errors are highly improbable. At least the IOS is probably already well tested and debugged in the aspect of access-list matching and logging so by a common sense, I would not start solving a problem by assuming that there is a bug in IOS ACL matching code. As for the interface as a possible cause for problems: some hardware problems may be outright obscure and difficult to diagnose. But then again, a problem with interface would likely impact all conversations going through that interface, not just a communication with a single destination.


Best regards,

Peter


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Peter Paluch Mon, 08/03/2009 - 02:05
User Badges:
  • Cisco Employee,

Hello,


You have asked: Is it also possible that due to some interface issue. IOS malfunction/bug that packets may actually reach router interface but are not shown in debug or access-list matching?


Purely theoretically, yes, it is possible. But I believe that these kinds of errors are highly improbable. At least the IOS is probably already well tested and debugged in the aspect of access-list matching and logging so by a common sense, I would not start solving a problem by assuming that there is a bug in IOS ACL matching code. As for the interface as a possible cause for problems: some hardware problems may be outright obscure and difficult to diagnose. But then again, a problem with interface would likely impact all conversations going through that interface, not just a communication with a single destination.


Best regards,

Peter


Actions

This Discussion