cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
410
Views
0
Helpful
6
Replies

3550 debug ip packet

glen.grant
VIP Alumni
VIP Alumni

We are trying to debug ip packet on a 3550 and we are getting very little showing up in term mon . We are using a access list to capture conversation to one address . For some reason we are not seeing all the packets , we have turned off any kind of route caching , cef , and standard fast switching on the interfaces and we still are not seeing anything from out side the box . If we ping from directly on the 3550 out to the device we see the packets , if we ping from outside the 3550 we never see the packets . Anybody have any ideas on why we aren't seeing the packets ?

6 Replies 6

ruwhite
Level 7
Level 7

Is'nt the 3550 MLS switched, or hardware switched in some way? You'd have to turn off the hardware based switching, rather than CEF, to force everything to process based switching--and the box may not even be able to handle the traffic load using process based switching.

Russ.W

tbaranski
Level 4
Level 4

I believe 3550's are hardware CEF -- I'm not aware of a command that will turn off hardware switching. Note that "debug ip packet" isn't listed here: http://www.cisco.com/en/US/products/hw/switches/ps646/products_command_reference_chapter09186a00801cdf02.html

Cisco 3550 does CEF in hardware. Most Cisco documents denotes that CEF cannot be disabled on a 3550, because its the core process that helps in MLS.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Yeah this is correct statement as I tried to turn CEf off and comes back and tells you can't do this on this platform . So I don't think this function will work correctly on this platform .

robho
Level 3
Level 3

The 3550 is cef-based mls. So IP traffic through the switch is done in HW. You see it when you ping from the 3550 because this is punted to CPU. I don't recommend disabling it ... that is, if it allows you to. Plus, you'd be shooting urself in the foot for performance numbers. Why not SPAN the vlan or port that you are trying to T/S.

It is not something we would leave turned off , we were trying to look at some packets at a remote site where we do not have access to a sniffer where we could span the specific ports . Anyway it doesn't allow you to turn off CEF anyway . Thanks for everyones replies . Have a good holiday season .

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: