09-19-2007 05:56 PM - edited 03-05-2019 06:35 PM
I am trying to troubleshooting a routing issue and decided to setup an access-list that specifies two host IP addresses to see what is going on. I do something like this:
access-list 199 permit ip host 1.1.1.1 host 2.2.2.2
access-list 199 deny ip any any
term mon
debug ip packet 199 detail
After I do this I get a flood of debug messages that do not match the 199 ACL. It seems like ALL traffic going thru the router is being shown in the debug instead of just packets from 1.1.1.1 to 2.2.2.2
Any ideas on why this is happening?
Thanks,
09-19-2007 07:02 PM
It's displaying the denies as well. If you want to only see debug messages for connection to host 1.1.1.1 from host 2.2.2.2, remove the last entry. An implicit deny will take care of it.
09-20-2007 05:57 AM
It doesn't appear to be the deny. I recreated that ACL without the deny and some deluge of debug info. I went further and actuall used a couple bogus IPs and still the deluge of debug info. It seems that the debug is simply ignoring the ACL even though a "show debug" shows the debug command with the ACL. Wow, maybe a bug in my particular IOS version? It is 12.3(6a)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide