10-13-2015 01:08 PM - edited 03-08-2019 02:11 AM
Hi When I want to see debug ip packet message, I noticed that there are a lot eigrp message. I want to block the eigrp message in order to see debug ip packet clearly. I use the following configuration. But It does not work. Anyone can give me some suggestion ? Thank you
*Mar 7 05:34:01.882: IP: s=1.1.1.6 (local), d=224.0.0.10 (Vlan4), len 60, sending broad/multicast
*Mar 7 05:34:02.226: IP: s=1.1.56.6 (local), d=224.0.0.10 (FastEthernet1/0), len 60, sending broad/multicast
debug ip packet 100
access-list 100 deny ip host 1.1.1.6 host 224.0.0.10
If I use this configuration, I cannot see any debug ip packet message.
Solved! Go to Solution.
10-13-2015 01:47 PM
Hi,
remember that there is always an implicit "deny any" at the end of an ACL.
Try this:
access-list 100 deny ip host 1.1.1.6 host 224.0.0.10
access-list 100 permit ip any any
or
access-list 100 deny eigrp any any
access-list 100 permit ip any any
HTH
Rolf
10-13-2015 01:47 PM
Hi,
remember that there is always an implicit "deny any" at the end of an ACL.
Try this:
access-list 100 deny ip host 1.1.1.6 host 224.0.0.10
access-list 100 permit ip any any
or
access-list 100 deny eigrp any any
access-list 100 permit ip any any
HTH
Rolf
10-13-2015 02:02 PM
Great! Thank you so much
BTW, do you think it would effect eigrp connection ?
10-13-2015 02:23 PM
It won't affect EIGRP if you are just using the acl with the debug command.
Obviously applied to an interface it could.
Jon
10-13-2015 10:35 PM
As Jon has already stated, it won't affect EIGRP in particular but you have to be very careful with this command in production environments!
From the Command Reference:
Because the debug ip packet command generates a substantial amount of output and uses a substantial amount of system resources, this command should be used with caution in production networks. It should only be enabled when traffic on the IP network is low, so other activity on the system is not adversely affected. (...) IP packet debugging captures the packets that are process switched including received, generated and forwarded packets. IP packets that are switched in the fast path are not captured.
In production environments, I always try to restrict the output as far as possible by an ACL.
HTH
Rolf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide