01-04-2008 07:21 PM - edited 03-03-2019 08:08 PM
I have a custom internet access design. Two circuits T1 and 2xT1 to same ISP. The 2xT1 circuit is the primary one in the VRRP group. The T1 is the stand-by connected to CISCO 2801. The ISP claims that I can use the single T1 just for outgoing traffic if I want to, the primary one (2xT1) is used for both directions: outgoing and incoming. The problem is that the T1 circuit doesn't seem to forward traffic. I believe that the router is setup properly because when I fail over to the T1 from 2xT1 the 2801 on T1 works fine. So I wonder how to monitor traffic on the Serial interface and prove to my ISP that 2801 routes traffic to the ISP. This would prompt them to troubleshoot the problem on their end where. I think I could use the debug but would really apreciate if someone gives me some sample commands. I'd like to ping a public IP like 4.2.2.2 from a test host on the subnet for which default gateway is set to Fa interface of 2801 and see the ICMP request on the serial interface by using debug. Of course the circuit works only for outgoing traffic (that's what ISP claims) so at this point nothing is being received back so ping fails but if I see that debug shows ICMP request going through the serial interface, I can give this to my ISP and ask them to fix the circuit.
Thank you.
01-04-2008 07:54 PM
1) Have an internal device with gateway pointing to the router physical IP, not the VRRP.
2) Enable debugging on the router debug ip packet detail
3) make sure to shut off debugging right away after the ping with undebug all
01-05-2008 07:38 PM
Here's what I did:
access-list 111 permit ip host x.x.x.x any
access-list 111 permit ip any host x.x.x.x
where x.x.x.x is my test host
debug ip packet 111 detail
I just wanted to narrow down the debug for packets from and to my test host. Of course the test host has the default gateway pointed to FA of the 2801.
The debug shows IPs only when the target is FA of the 2081. So for example if from my test host I ping 4.2.2.2, the debug shows nothing, if I ping FA of 2801, the debug shows all in and out ICMP packets.
But I still would want debug to show me what passing through the serial interface. Any ideas how to tweak the debug or anything else?Thank you.
01-05-2008 09:18 PM
Also you could perhaps use netflow.
http://www.cisco.com/en/US/products/ps6601/products_white_paper0900aecd80406232.shtml
free netflow collectors
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
or
you could use PRTG, not freeware but demo should give you up to 5 censors to monitor which could be a combination or ethernet or serial, only drawback is will only get you graphical Tx/Rx traffic on a given interface based on total T1 bandwidth, so I think if you realy want to be granular an see specific IP traffic netflow may be another way.
http://www.paessler.com/prtg/trial
Rgds
Jorge
01-08-2008 09:31 PM
NetFlow showed traffic on the serial interface and that's what I need.
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide