Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Output from debug ip packet

hi all,

here is output from ACL  110

2650XM#debug ip packet 110 de
2650XM#debug ip packet 110 detail
IP packet debugging is on (detailed) for access list 110
2650XM#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/56 ms

2650XM#
Oct 13 14:00:16.220 MST: IP: tableid=0, s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.220 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.224 MST:     ICMP type=8, code=0
Oct 13 14:00:16.272 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.272 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.272 MST:     ICMP type=8, code=0
Oct 13 14:00:16.324 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
2650XM#
Oct 13 14:00:16.324 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.324 MST:     ICMP type=8, code=0
Oct 13 14:00:16.376 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.376 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.376 MST:     ICMP type=8, code=0
Oct 13 14:00:16.428 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.428 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.428 MST:     ICMP type=8, code=0

config of acl 110

access-list 110 permit icmp host 96.51.x.x.176 host 4.2.2.2

it is applied to interface

Building configuration...

Current configuration : 271 bytes
!
interface FastEthernet0/0
description WAN Connection to ISP modem
ip address dhcp
ip access-group 110 out

My question is that when we ping some ip we send echo  and get back echo reply from that IP  but here as per debug we see all the pings from source ip 96..x.x.x.  to destination which is 4.2.2.2.

if someone can explain me the out put of above debug please?

thanks

mahesh

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Output from debug ip packet

Mahesh

Yes, you would need to add another line to your acl 110 ie.

access-list 110 permit icmp host 96.51.x.x.176 host 4.2.2.2

access-list 110 permit icmp host 4.2.2.2 host 96.51.x.x

Jon

4 REPLIES
Hall of Fame Super Blue

Re: Output from debug ip packet

mahesh18 wrote:

hi all,

here is output from ACL  110

2650XM#debug ip packet 110 de
2650XM#debug ip packet 110 detail
IP packet debugging is on (detailed) for access list 110
2650XM#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/56 ms

2650XM#
Oct 13 14:00:16.220 MST: IP: tableid=0, s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.220 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.224 MST:     ICMP type=8, code=0
Oct 13 14:00:16.272 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.272 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.272 MST:     ICMP type=8, code=0
Oct 13 14:00:16.324 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
2650XM#
Oct 13 14:00:16.324 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.324 MST:     ICMP type=8, code=0
Oct 13 14:00:16.376 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.376 MST: IP: s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.376 MST:     ICMP type=8, code=0
Oct 13 14:00:16.428 MST: IP: tableid=0, s=96.51.x.x(local), d=4.2.2.2 (FastEthernet0/0), routed via FIB
Oct 13 14:00:16.428 MST: IP: s=96.51.x.x (local), d=4.2.2.2 (FastEthernet0/0), len 100, sending
Oct 13 14:00:16.428 MST:     ICMP type=8, code=0

config of acl 110

access-list 110 permit icmp host 96.51.128.176 host 4.2.2.2

it is applied to interface

Building configuration...

Current configuration : 271 bytes
!
interface FastEthernet0/0
description WAN Connection to ISP modem
ip address dhcp
ip access-group 110 out

My question is that when we ping some ip we send echo  and get back echo reply from that IP  but here as per debug we see all the pings from source ip 96..x.x.x.  to destination which is 4.2.2.2.

if someone can explain me the out put of above debug please?

thanks

mahesh

Mahesh

Not sure what you are asking here.

An outbound access-list applied to a router interface does not stop the router itself sending out ICMP packets. It stops clients behind the router but not the router itself. That is why even with the acl applied you can still ping from the router.

As for the debug, well you only see thos packets in the debug because you are using acl 110 in the debug and only those packets are being matched.

Jon

New Member

Re: Output from debug ip packet

Hi Jon,

thanks for reply

i was asking this thay when we ping  the remote ip 4.2.2.2  and use debug command why we do not see the reply coming from destination

4.2.2.2  echo reply?

is this because we have debug config  only from source to destination?

thanks

mahesh

Hall of Fame Super Blue

Re: Output from debug ip packet

Mahesh

Yes, you would need to add another line to your acl 110 ie.

access-list 110 permit icmp host 96.51.x.x.176 host 4.2.2.2

access-list 110 permit icmp host 4.2.2.2 host 96.51.x.x

Jon

New Member

Re: Output from debug ip packet

Many thanks  again john

It worked now

Regards

Mahesh

344
Views
0
Helpful
4
Replies
CreatePlease to create content