I'm using a c2811 to route between two VLANs.
With "debug ip.." commands is there any special configuration required to capture traffic passing through the router.
I see nothing when I tried to debug ip traffic passing through the router, but destined to router.
Have I overlooked something here.
There are 2 things that you can try :
1. Make sure that the traffic you are sending is routed traffic ( i.e. from 1 vlan to another) Switched traffic might not be seen in "debug ip"
2. If the traffic is routed in hardware using MLS switching, then you might not see the traffic in the debug. So you can disable mls switching by "no ip route-cache cef"and then try to debug. But be careful if you have this router in production environment as disabling mls switching will make the CPU go high is lot of traffic is flowing.
(pls rate if helpful)
1. CEF is globally enabled (c2811)
I've disabled it and tried to "debug ip". It's the same.
2. "no ip route-cache cef" is not applicable here (c2811). Instead I could disable fastswitching with "no ip route-cache". Is that what you suggest?
Yes. A router can only "capture" (debug) the packets when the packets are sent to the RP (route-processor) for making a decision. So, if the packets are fast-switched, its done in hardware and the RP doesnt even see the packets. So disabling fast-switching should do the trick.
Also ensure that you have "logging console" enabled so that the debug output is sent to the console and not just logged in buffer.
Actually, I'm trying to debug UDP/RTP traffic here.
I have the end-to-end connectivity (ICMP). However, RTP traffic is unidirectional(Only one side sees the same).
Now my question is about Routed vs Switched traffic.
Do you think Fastswitching has anything to do with this unidirectional behavior?
Fast switching shouldn't affect the traffic (uni vs bi directional) Do you see anything to that effect? i.e. do you see the bidirectional flowing when fast-switching is disabled?
Check for any ACLs, configured on the interface or routed vlans. Check for the ingress / egress counters on the interface as well as the routed interface (interface vlan) , and find out where the traffic iss droopped in 1 direction.
Thanks for the confirmation. Yes it was independent of the way router handles packets (whether routed or switched).
No TACLs are configured for the moment.
It appears to be an application layer issue at the remote party(inconclusive though). That's why there has been reachability throughout(e.g. ICMP).
Hi, Ranil Gamage
you can use a new feature :)
[Pls RATE if HELPS]
I've come across this feature, though have never tried. It seems that ACLs are required to capture traffic.
Thanks a lot for the suggestion.
Or the other way could be to use an extra port available on the router to connect to a PC and to SPAN (session monitor) the traffic on other ports onto this port and to run wireshark on the PC. This could help you see the complete captures of the traffic coming on the router and to see if any paramatewrs in the data are a mismatch.