Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
0
Helpful
2
Replies

Frustrated old engineer =- DEBUG command not doing it !

roger.jones
Level 1
Level 1

‎06-11-2010 05:28 AM - edited ‎03-06-2019 11:32 AM

Guys

yes im grey and losing it !

Basically im using a basic access-list and a debug command ....

eg access-list 101 permit ip any host 11.12.1.1

term mon

debug ip packet access-list 101

If i ping 11.12.1.1 from the router I can see the packets in debug , however if i ping through the router to the destination I do not get the packets in debug

am i losing it or what ?]

any help appreciated

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-11-2010 09:29 AM

Hello Roger,

it is because you can intercept with this debug only packet that are process switched like the ones originated by the router itself

if CEF or older fast switching is enabled traffic going via the router is not process switched but processed by CEF or other

in case like this you can use

access-list 102 permit ip any host 11.12.1.1 log

access-list 102 permit any any

int fas0/0

ip access-group 102 out

this creates an exception to CEF and can be enough to demonstrate the ICMP packet is going to the destination

Hope to help

Giuseppe

0 Helpful

roger.jones
Level 1
Level 1
In response to Giuseppe Larosa

‎06-14-2010 01:46 AM

HI Guiseppe and all

I thought this myself and disabled CEF ( no ip cef ).

then when i ping from the router itself i get

*Jun 14 08:38:08.168: IP: tableid=0, s=2.1.2.1 (local), d=172.24.33.242 (Serial0/1/0), routed via RIB
*Jun 14 08:38:08.168: IP: s=2.1.2.1 (local), d=172.24.33.242 (Serial0/1/0), len 100, sending.

which suggests FIB /CEF is off.

However when I ping form inside to the same destination I still see nothing in the debug - how strange

I have tried your suggestion and it worked as below - thank you

VH-BCA-Rtr(config)#int serial0/1/0
VH-BCA-Rtr(config-if)#ip access-group 102 out
VH-BCA-Rtr(config-if)#
*Jun 14 08:43:31.735: %SEC-6-IPACCESSLOGDP: list 102 permitted icmp 172.24.95.169 -> 172.24.33.242 (0/0), 1 packet

However how do i switch off cEF ? do i need to reatart the router with the command "no ip cef " .....i have tried the following and it does not work

"Before using debugging ip packet, note that the router is doing fast-switching by default, or may be doing CEF switching if configured to do so. This means that, once those techniques are in place, the packet is not provided to the processor, hence the debugging does not show anything. For this to work, you need to disable fast-switching on the router with no ip route-cache (for unicast packets) or no ip mroute-cache (for multicast packets). This should be applied on the interfaces where the traffic is supposed to flow. Verify this with the show ip route command. ""

any thoughts?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card