== Intercept/debug DLSw peering traffic ==

rodroble · ‎06-28-2005

Hi all,

I am troubleshooting a DLSw peering problem. There are firewalls in between (not in my hand to check) so I would like to know in which segment was the DLSw traffic able to reach (or not).

Here's our simple DLSw traffic path:

3640(DLSw)---2950switch---4006switch(L3)---Firewall--6509(L3)--Firewall---Router(DLSw)

Do anyone know how can I debug in 6509 L3 switch?

I would like to see if DLSw traffic reaches my 6509 or not. The SNA end hosts/mainframe are not yet connected to the DLSw routers.

Thanks!!!

rodroble

ehirsel · ‎07-01-2005

One effective way to see if the dlsw packets are flowing thru the 6509 is to do the following:

1. On the ingress and egress interfaces code these acls and apply them to the respective interfaces:

access-list dlsw_in permit ip host 3640-address host dlsw-router

access-list dlsw_in permit ip any any

access-list dlsw_out permit ip host dlsw-router host 3640-address

access-list dlsw_out permit ip any any

Note that these acls do not drop traffic, but in doing a show ip access-list command, you should see non-zero hit counts on the permit ip host lines that contain the dlsw routers. If that is the case, then the dlsw traffic is passing thru. This assumes that the only function of the dlsw routers is for dlsw processing. If those routers forward/process other traffic besides dlsw, then modify the acls to use the proper ip ports and protocols, instead of all ip traffic.

On the dlsw routers, you can run the debug dlsw command as documented in this url:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter09186a008007ff52.html#wp8432

Let me know if you need more help.