12-21-2016 12:16 PM - edited 03-08-2019 08:40 AM
Hello,
I´m setting up a PBR that will direct certain protocols to another gateway.
Basically, R1 is the default gateway of the LAN. If it receives http traffic it will forward to R3. If it´s anything else it will forward to R2, which is its default route. So, can I use some debug command on R2 and R3 to see the traffic in real time and check if packets are really going through the intended route?
I know I could capture packets on the wire, but if I could do it on the router it would be better. Also, suppose I don´t have access to R1, which is actually doing the PBR. I wanted to see the traffic on R2 and R3. I checked debug ip cef, but couldn´t figure out a way to make it work.
Thank you,
Solved! Go to Solution.
12-21-2016 12:52 PM
On R1 you can do a debug ip policy.
Depending on your other routers IOS and model you can run pcaps directly on the devices to see if the expected traffic is going through them.
12-21-2016 12:52 PM
On R1 you can do a debug ip policy.
Depending on your other routers IOS and model you can run pcaps directly on the devices to see if the expected traffic is going through them.
12-22-2016 10:43 AM
Thanks for the reply,
I did debug ip policy on R1 and it doesn´t show anything. I did something to test:
Now, everything is supposedly working fine. PING and traceroute (UDP) from PC1 to SRV1 goes through R2. Telnet goes through R3. I captured packets and saw them on Wireshark.
My only problem is that debug ip policy on R4 works like a charm. But on R1 it doesn´t show me anything. Can you tell me why this could be happening? R4 is a c3600 device and R1 is a c2691. That´s the only difference that I can think of.
12-22-2016 12:05 PM
Do you see packets being matched if you do a show route-map "Name" on R1? Should show policy routing matches.
I assume on R1, if you were jumping on over the network you done a term mon to get the debug output?
12-23-2016 05:04 AM
Right, I see packets being matched with route-map and the access-lists. After I restarted everything debug ip policy started working on R1 also. Thank you
12-22-2016 01:04 PM
Well you could enable netflow and show netflow on the router itself or point it to a collector
12-23-2016 05:06 AM
I will try that soon. Thank you. Debug ip policy worked for now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide