Overload router with debug command

markus.albisser1 · ‎01-11-2012

Hi all

I use a C892 router with the IOS c890-universalk9-mz.152-1.T.bin. I just ran the command "debug ip packet 151 detail" and then the router stopped to work because it was overloaded. The ACL151 I used is as follow:

Extended IP access list 151

10 permit ip host 10.1.1.1 host 91.1.1.1

In the syslog then I got hundred of messages from IPSec:

Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.64.19.99, pak 8A7453CC consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.65.4.211, pak 870D82E4 consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.64.19.99, pak 89476E4C consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.65.4.211, pak 8ADE5DDC consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Has someone an explanation for this why the access list 151 is not doing the job? For me it seems just like that this ACL is not applied and that I have a debug then for the whole traffic.

Thank you

Markus

markus.albisser1 · ‎01-15-2012

Hi all

Does anyone had this situation once? Or would it be possible that someone can do a test on a same router to check the result?

Thank you

Markus

markus.albisser1 · ‎01-17-2012

Hi all

it seems that nobody has the same issue with these series of routers. We reproduced the same topic on another router, most likely it would be a bug.

If there is no reply from your side I will open a TAC case for this issue.

Thank you

Markus