Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1342
Views
6
Helpful
5
Replies

debug ip packet 199

muca
Level 3
Level 3

‎08-18-2008 01:24 PM - edited ‎03-06-2019 12:52 AM

Hi,

Wondering if someone can help.

I've created an access-list to check debugging but although I can successfully rdp 172.18.0.195 no logs show up on the switch.

Terminal monitor and logging monitor debug enabled.

DSLWLQ1#sh ip access-lists

Extended IP access list 199

permit tcp any host 172.18.0.195 eq 3389

DSLWLQ1#sh debug

Generic IP:

IP packet debugging is on for access list 199

DSLWLQ1#

Thanks

Labels:
0 Helpful
5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

‎08-18-2008 01:54 PM

Murilo

The first thing that I would want to check is what port on the router the traffic arrives on for RDP and what port on the router the traffic leaves on for RDP (to destination 172.18.0.195).

The second thing that might affect it is whether traffic is being CEF or fast switches. To take care of this I would configure under the interface where traffic arrives and also under the interface where traffic leaves the command:

no ip route-cache

this will force process switching of the traffic and will give debug a chance to report the traffic.

[note] after the debug is completed remember to restore the switching path on the interfaces with ip route-cache.

HTH

Rick

HTH

Rick

muca
Level 3
Level 3
In response to Richard Burts

‎08-18-2008 02:38 PM

Thanks Rick,

No ip route-cache was already enabled on interface vlan 18 (It's a 2950 layer 2) but not on vlan 30.

It's doesn't even work for icmp packets but I reckon it's probably related to fast switching.

I can't play around too much on prod env.

Thanks

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to muca

‎08-18-2008 05:55 PM

Murilo

I believe that it has more to do with the device being a 2950. As a layer 2 switch I do not believe that it has much capability to debug layer 3 IP processing. If you want to debug the RDP traffic I suggest that you do the debug on whatever layer 3 device is providing the routing between the source and the destination. (and if the source and the destination are in the same subnet then I do not know that debug will see it at all)

HTH

Rick

HTH

Rick

muca
Level 3
Level 3
In response to Richard Burts

‎08-18-2008 06:55 PM

Rick,

Thanks for that. I've tried debugging on layer3 switches at both ends (source and destination).

No success but it could be related to no ip route-cache.

0 Helpful

micahcox
Level 1
Level 1
In response to muca

‎08-18-2008 11:38 PM

If you are looking to view traffic traversing a switch you need a packet sniffer (Wireshark is free) and you need to set up a monitor port. Lookup the monitor configuration command for the 2950. Pick a port that you will plug your sniffer into and the port you want to see the traffic traverse. Be sure to create a bidirectional monitor.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card