cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3949
Views
5
Helpful
8
Replies

Debug Ethernet level information on Cisco Routers

1pipantom2
Level 1
Level 1

Hello,

Is there any way (for example using debug commands)to see Ethernet level information in incoming Ethernet frames.

For example I have Fast Ethernet interface in my router. I would like to debug, what information is receiving this interface.

Debug ip packet details show only information starting from IP level (e.g Source IP, Destination IP, protocol type).

But I would like to see Ethernet level information (e.g. Destination MAC, Source MAC).

Is the any way to do this from the Router CLI interface?

Cisco IOS 12.4.

This is pure theoretical question. Other solutions to solve this problem are known for me (for. example to configure mirror SPAN port on switch to which Router is connected and debug Information with PC Ethereal).

Best Regards,

Tomas Chmelevski

8 Replies 8

Kevin Dorrell
Level 10
Level 10

I wish there was a way of doing this ... it would make my life so much simpler. If I could know the MAC address of the packets that are being denied by my access-list, I could track them down. I have searched and found nothing. :-(

Kevin Dorrell

Luxembourg

Kevin

The MAC of packets which are denied by ACL is not difficult. Try using log-input in your ACL instead of just log.

As far as a debug or other thing that would do a layer 2 capture type function Ethereal (now wireshark) and other type of packet capture software is the best option for this.

Give it a try and let us know how it works.

HTH

Rick

HTH

Rick

Thanks Rick, I didn't know about that. I'll give it a try.

Kevin Dorrell

Luxembourg

Rick,

Thanks you, that was really really useful. I have already tracked down two rogue configurations with it.

Strangely, it didn't work at first, and I was about to write back and say there was a problem using it on the incoming ACL on an SVI. At first, the log message looked exactly the same as it did before. I had configured it by editing the (named extended) ACL on the fly using line numbers. I guess it didn't get loaded to the ASIC immediately.

Thanks again.

Kevin Dorrell

Luxembourg

Kevin

I am glad that it is working and doing what you need. It is odd that it took some time before it started to work. About how long was the delay before it began working?

HTH

Rick

HTH

Rick

Rick,

Sorry, I have just been through the syslog, (which logs tha config changes as well as the access-list drops) and I must have been imagining it. I think I got confused with some hits on some lines where I had left the log without the -input.

It's almost the weekend!

Kevin Dorrell

Luxembourg

glen.grant
VIP Alumni
VIP Alumni

If you get the ip's then all you to do to get the mac is look at the arp tables.

Sorry, cancelled posting

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: