Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

debug ip routing - whats next ? 2

Status
Not open for further replies.
ase2dais

ase2dais

Technical User
Joined
Dec 21, 2001
Messages
58
Location
US
Hello forum!

Its been awahile since i used debug command on my router:

it goes>>

router# debug ip routing
router# IP routing debugging is on
router# (Now Whats next?)
(What do i need next to show that ip packet passing in real time)

...for I am suspecting a invalid packet coming thru, as per my IDS. Any thoughts or further explanation on these debug commands would be appreciated.

Al

 
Sort by date Sort by votes
Are you by chance looking for the 'debug ip packet' command? If so, I would suggest setting an access list so you do not lose control of your router. Todd Hethmon
thethmon@hethmon.com
 
Upvote 0 Downvote
that maybe the one I need.. let me try that and get back with you...
whats this ACL you are talking about?
 
Upvote 0 Downvote
if you are not on the console, i.e. telneted to the router, remember "term mon" to redirect the debug output to the vty you are using.
 
Upvote 0 Downvote
You can create an ACL say,

access-list 100 permit ip 192.168.1.1 255.255.255.255
access-list 100 deny ip any any

and then do a

debug ip packet 100

This will put the debug through the access-list before displaying anything. Todd Hethmon
thethmon@hethmon.com
 
Upvote 0 Downvote
In response to Todd's statement....

"access-list 100 permit ip 192.168.1.1 255.255.255.255
access-list 100 deny ip any any"


Isn't there a "Implicit Deny" statement that is added to the end of every ACL? If so, would the "deny ip any any" be needed?

Just an idea/question...

-Jon
 
Upvote 0 Downvote
There is an implicit deny. It's just become my habit to put it there to insure that no one is confused about what is happening. Todd Hethmon
thethmon@hethmon.com
 
Upvote 0 Downvote
Todd,

I see where you were going with it. I just wanted to make sure I was correct about the implicit deny. Thanks for the conformation.

-Jon
 
Upvote 0 Downvote
Todd!

to get back with you on this ACL list, the way I read this statement you just made :

>>access-list 100 permit ip 192.168.1.1 255.255.255.255
>> access-list 100 deny ip any any
>>debug ip packet 100


... is that debug program will just show ip address
192.168.1.1 packets passing thru.

am I correct ?

... or different applicatioon protocols, i.e. ftp, telnet, http, for that matter, base of course on your new ACLs (FTP.TELNET>etc)

Al
 
Upvote 0 Downvote
Al,

Actually the actual syntax of my first line isn't complete. You would have to add a destination to it, or change it to a standard access-list 1-99. But the concept is the same, with the access-list, the debug only shows packets from 192.168.1.1. Todd Hethmon
thethmon@hethmon.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
412
badwolf1686
B
Pankaj88
  • Locked
  • Question Question
BGP Routing Clarification
Replies
0
Views
523
Pankaj88
Pankaj88
jobsp90
  • Locked
  • Question Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
541
DavetheChef
DavetheChef
mikey789
  • Locked
  • Question Question
Can 4000-M Routing VLANs ?
Replies
0
Views
265
mikey789
mikey789
Delta5
  • Locked
  • Question Question
Cisco setting for automatic ip arp cache refresh
Replies
3
Views
1K
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top