Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1964
Views
5
Helpful
5
Replies

Can we setup filter in order to see debug ip packet clearly without BGP message in BGP router?

wfqk
Level 5
Level 5

‎04-02-2016 07:47 PM - edited ‎03-05-2019 03:42 AM

Hi In router configured with ospf, if we set up debug ip packet, we will see a lot ospf multicast message, which interferes with what we want to see. So if we want to see debug ip packet clearly, we can set up acl to filter ospf multicast message. In BGP router, can we have similar way to do that? Thank you

Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎04-03-2016 04:28 PM

You really don't want to be using "debug ip packet" unless you are desperate.  On anything other than a lightly loaded router it can cause the router to crash.

Have you tried:

debug ip ospf packet
debug ip bgp all

0 Helpful

paul driver
VIP
VIP
In response to Philip D'Ath

‎04-04-2016 04:09 AM

Hello

You can negate unwarranted logs by using an ACL and a debug condition on a specific interface 

access-list 100 permit ospf any any 

or

access-list 100 permit top any any eq bgp

debug condition interface x/x
debug ip packet detail 100

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

wfqk
Level 5
Level 5
In response to paul driver

‎04-04-2016 07:12 AM

Hi Paul, Thank you for your reply. The below is my configuration for it, but it looks look that the config cannot block bgp message. Do you think something is wrong. thanks

R4#sh debug
Generic IP:
IP packet debugging is on (detailed) for access list 100

Condition 1: interface Et1/0 (1 flags triggered)
Flags: Et1/0

R4#sh ip access
Extended IP access list 100
20 deny tcp any any eq bgp (54 matches)
40 permit ip any any (84 matches)

0 Helpful

paul driver
VIP
VIP
In response to wfqk

‎04-04-2016 08:15 AM

Hello

thats because your acl is stating to block bgp and then allow everything -it an incorrect statement

Also you don't really need deny traffic as by default there is an implicit deny to ACL's

So use one of the ACL examples I posted and you should be fine

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

wfqk
Level 5
Level 5
In response to paul driver

‎04-04-2016 09:49 AM

After I changed to the following, debug message still can be seen. Is it possible for us to not see any bgp debug message if using debug ip packet? thanks

R4(config-ext-nacl)#do sh debug
Generic IP:
IP packet debugging is on (detailed) for access list 100

Condition 1: interface Et1/0 (1 flags triggered)
Flags: Et1/0

R4(config-ext-nacl)#do sh ip access
Extended IP access list 100
10 permit tcp any any eq bgp (28 matches)

0 Helpful
Customers Also Viewed These Support Documents