×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Output from debug ip packet

Answered Question
Oct 15th, 2010
User Badges:

hi all,


here is output from ACL  110


2650XM#debug ip packet 110 de
2650XM#debug ip packet 110 detail
IP packet debugging is on (detailed) for access list 110
2650XM#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/56 ms


2650XM#
Oct 13 14:00:16.220 MST: IP: tableid=0, s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.220 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.224 MST:     ICMP type=8, code=0
Oct 13 14:00:16.272 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.272 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.272 MST:     ICMP type=8, code=0
Oct 13 14:00:16.324 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
2650XM#
Oct 13 14:00:16.324 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.324 MST:     ICMP type=8, code=0
Oct 13 14:00:16.376 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.376 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.376 MST:     ICMP type=8, code=0
Oct 13 14:00:16.428 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.428 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.428 MST:     ICMP type=8, code=0




config of acl 110


access-list 110 permit icmp host 96.51.x.x.176 host 4.2.2.2

it is applied to interface


Building configuration...

Current configuration : 271 bytes
!
interface FastEthernet0/0
description WAN Connection to ISP modem
ip address dhcp
ip access-group 110 out



My question is that when we ping some ip we send echo  and get back echo reply from that IP  but here as per debug we see all the pings from source ip 96..x.x.x.  to destination which is 4.2.2.2.


if someone can explain me the out put of above debug please?


thanks

mahesh

Correct Answer by Jon Marshall about 6 years 10 months ago

Mahesh


Yes, you would need to add another line to your acl 110 ie.


access-list 110 permit icmp host 96.51.x.x.176 host 4.2.2.2

access-list 110 permit icmp host 4.2.2.2 host 96.51.x.x


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Fri, 10/15/2010 - 08:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN



mahesh18 wrote:


hi all,


here is output from ACL  110


2650XM#debug ip packet 110 de
2650XM#debug ip packet 110 detail
IP packet debugging is on (detailed) for access list 110
2650XM#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/56 ms


2650XM#
Oct 13 14:00:16.220 MST: IP: tableid=0, s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.220 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.224 MST:     ICMP type=8, code=0
Oct 13 14:00:16.272 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.272 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.272 MST:     ICMP type=8, code=0
Oct 13 14:00:16.324 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
2650XM#
Oct 13 14:00:16.324 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.324 MST:     ICMP type=8, code=0
Oct 13 14:00:16.376 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.376 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.376 MST:     ICMP type=8, code=0
Oct 13 14:00:16.428 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.428 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.428 MST:     ICMP type=8, code=0




config of acl 110


access-list 110 permit icmp host 96.51.128.176 host 4.2.2.2

it is applied to interface


Building configuration...

Current configuration : 271 bytes
!
interface FastEthernet0/0
description WAN Connection to ISP modem
ip address dhcp
ip access-group 110 out



My question is that when we ping some ip we send echo  and get back echo reply from that IP  but here as per debug we see all the pings from source ip 96..x.x.x.  to destination which is 4.2.2.2.


if someone can explain me the out put of above debug please?


thanks

mahesh


Mahesh


Not sure what you are asking here.


An outbound access-list applied to a router interface does not stop the router itself sending out ICMP packets. It stops clients behind the router but not the router itself. That is why even with the acl applied you can still ping from the router.


As for the debug, well you only see thos packets in the debug because you are using acl 110 in the debug and only those packets are being matched.


Jon

mahesh18 Fri, 10/15/2010 - 08:55
User Badges:

Hi Jon,


thanks for reply


i was asking this thay when we ping  the remote ip 4.2.2.2  and use debug command why we do not see the reply coming from destination

4.2.2.2  echo reply?


is this because we have debug config  only from source to destination?


thanks

mahesh

Correct Answer
Jon Marshall Fri, 10/15/2010 - 09:02
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mahesh


Yes, you would need to add another line to your acl 110 ie.


access-list 110 permit icmp host 96.51.x.x.176 host 4.2.2.2

access-list 110 permit icmp host 4.2.2.2 host 96.51.x.x


Jon

mahesh18 Fri, 10/15/2010 - 09:08
User Badges:

Many thanks  again john


It worked now


Regards


Mahesh

Actions

This Discussion