03-04-2010 11:59 PM - edited 03-06-2019 10:00 AM
Dear Pros,
We have the network designed and running as below.
Main site:
Dual core 6500 as distribution switch
Fwsm as front end firewall
MPLS WAN router
DR site:
MPLS WAN router
LAN 3560 switch connecting local PCs and servers
When we ping the server in DR site from Main site , we are getting 4 ping Request Timeout for every 30 minutes.
The packet flows is as below
Main sitePC-Core switch-FWSM-MPLS Router-ISP WAN cloud-DR MPLS router-DR switch-server.
I want to troubleshoot that where in the transsit path 4 icmp packet drops.In order to resolve this issue, i setup my home lab with some of L3 3550 switch and 3700 router. I want to apply debug ip packet details cmd on 3550 switch and 3700 router then monitor the packet flow between 2 pcs connected end to end. When I run the debug ip packet cmd on switch and router I can not see any console message for the packet flow transiting the device but if I ping switch or router interface then I could see the console message with d=x.x.x.x as local switch/router interface IP but not the transit traffic.
Also could you give the ASA or FWSM packet tracer feature to troubleshooting the packet flow thro the FWSM .
Thanks
03-05-2010 09:10 AM
When I run the debug ip packet cmd on switch and router I can not see any console message for the packet flow transiting the device but if I ping switch or router interface then I could see the console message with d=x.x.x.x as local switch/router interface IP but not the transit traffic.
You need to disable ip route-cache and ip route-cache cef from the transit interfaces in order to see these packets on the debug.
Make sure to enable those features back once the debug is completed as the router will produce higher throughput with fast-switching and CEF turned on.
As for the ASA and FWSM query, please repost in the security section.
Regards
Edison.
03-05-2010 11:57 AM
Mr.Edison,
Thanks for info.You said that fast switching to diaabled on transit interfaces.
In my scenarios, Main site PC connected to core switch vlan 511. The core switch port in vlan 512 conected to FWSM then outside fwsm VLAN 513 connected to MPLS router.
I applied "no ip route-cache" on vlan 511, the port Main PC connected. Even after that I cound not see any transit traffic through the core switch.
If I tried to apply no ip route-cache on Main PC connected access port but the cmd not available.
Thanks
03-05-2010 12:05 PM
I didn't recommend doing this on the switch. On a switch, the packets will be Layer3 switched.
You need to do this on the router and you need 2 commands
no ip route-cache
and
no ip route-cache cef
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: