I have an ASR at the hub of 3 different routing domains.
I have two OSPF processes and one BGP process all on the same ASR.
BGP routes are redistributed in to both OSPF processes and vice versa. Plus, between the two OSPF processes, routes are also redistributed. Summary addresses are configured at the ASBR before the routes are injected in to Area 0 on each OSPF process.
ICMP from a source host in one OSPF process to a destination in the BGP process works fine, but any TCP traffic hangs awaiting a SYN/ACK.
I need to prove that the router is routing the packet toward the egress interface and that the packet is leaving the router. I was wondering if there were any debug commands that I can restrict to a particular host IP so that it does not bring the router down.
I know about Embedded Packet Capture, but unfortunately the IOS-XE version that I am running is not new enough so we do not have EPC on our ASR.
I appreciate that I have given only limited information.
If you don't want to risk debug then i always used a basic but pretty reliable method ie. acls.
If you create an extended acl with the first line allowing the source IP of the host to any and then a second line with a "permit ip any any" and then apply it outbound to the egress interface it should show if the packets are being routed correctly and sent on towards the destination.
Obviously the "permit ip any any" line is very important
Edit - i haven't used the ASRs so it is possible they process all their acls in hardware in which case the hits may not show as they don't always on L3 switches that process acls in hardware.
if I see hits on the ACL matching specific TCP ports, does that mean that the packet actually left the router interface and was placed on the wire?
Would any other features drop the packet like QoS or Interface Buffers etc? Although when i look at the interface counters there are no output queue drops at all so I am pretty confident the packets are leaving the router.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...