Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17891
Views
0
Helpful
6
Replies

How can I see traffic going through the router?

Go to solution
adrianopinaffo1
Level 1
Level 1

‎12-21-2016 12:16 PM - edited ‎03-08-2019 08:40 AM

Hello,

I´m setting up a PBR that will direct certain protocols to another gateway.

Basically, R1 is the default gateway of the LAN. If it receives http traffic it will forward to R3. If it´s anything else it will forward to R2, which is its default route. So, can I use some debug command on R2 and R3 to see the traffic in real time and check if packets are really going through the intended route?

I know I could capture packets on the wire, but if I could do it on the router it would be better. Also, suppose I don´t have access to R1, which is actually doing the PBR. I wanted to see the traffic on R2 and R3. I checked debug ip cef, but couldn´t figure out a way to make it work.

Thank you,

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
GRANT3779
Spotlight
Spotlight

‎12-21-2016 12:52 PM

On R1 you can do a debug ip policy.

Depending on your other routers IOS and model you can run pcaps directly on the devices to see if the expected traffic is going through them.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
GRANT3779
Spotlight
Spotlight

‎12-21-2016 12:52 PM

On R1 you can do a debug ip policy.

Depending on your other routers IOS and model you can run pcaps directly on the devices to see if the expected traffic is going through them.

0 Helpful

Go to solution
adrianopinaffo1
Level 1
Level 1
In response to GRANT3779

‎12-22-2016 10:43 AM

Thanks for the reply,

I did debug ip policy on R1 and it doesn´t show anything. I did something to test:

  • R1 is the default GW for my Lan (PC1). It connects to R2, and R3. Default route is R2. PBR matches telnet and next-hop is R3.
  • R2 and R3 connect to R4, which is their default route. Obviously, they also connect to R1.
  • R4´s default route is R2 (I know, I know, loop detected; it´s just a test environment). I created a PBR to match the returning telnet traffic and next-hop is R3. It also has a server connected to it, SRV1.
  • SRV1´s default GW is R4.

Now, everything is supposedly working fine. PING and traceroute (UDP) from PC1 to SRV1 goes through R2. Telnet goes through R3. I captured packets and saw them on Wireshark.

My only problem is that debug ip policy on R4 works like a charm. But on R1 it doesn´t show me anything. Can you tell me why this could be happening? R4 is a c3600 device and R1 is a c2691. That´s the only difference that I can think of.

0 Helpful

Go to solution
GRANT3779
Spotlight
Spotlight
In response to adrianopinaffo1

‎12-22-2016 12:05 PM

Do you see packets being matched if you do a show route-map "Name" on R1? Should show policy routing matches.

I assume on R1, if you were jumping on over the network you done a term mon to get the debug output?

0 Helpful

Go to solution
adrianopinaffo1
Level 1
Level 1
In response to GRANT3779

‎12-23-2016 05:04 AM

Right, I see packets being matched with route-map and the access-lists. After I restarted everything debug ip policy started working on R1 also. Thank you

0 Helpful

Go to solution
utawakevou
Level 4
Level 4

‎12-22-2016 01:04 PM

Well you could enable netflow and show netflow on the router itself or point it to a collector

0 Helpful

Go to solution
adrianopinaffo1
Level 1
Level 1
In response to utawakevou

‎12-23-2016 05:06 AM

I will try that soon. Thank you. Debug ip policy worked for now.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card