04-25-2013 08:59 AM
Hello,
How can I debug icmp packets with acl.
e.g config from IOS:
debug ip packet 100
access-list 100 permit icmp host x.x.x.x host y.y.y.y
how it look like in IOS XR ?
Solved! Go to Solution.
04-25-2013 07:56 PM
Hi,
There are a number of things to look for when debugging ICMP or traffic drops in general.
Here are the ACLs that I use when troubleshooting traffic drops to ensure connectivity.
Router(config)# Ipv4 access-list PING-IN
Router(config-ipv4-acl)# Permit icmp host remote_ip_address host local_ip_address echo-reply log
Router(config-ipv4-acl)# Permit ipv4 any any
Router(config)# Int
Router(config-int)# Ipv4 access-group PING-IN ingress hardware-count interface-statistics
Router(config)# Ipv4 access-list PING-OUT
Router(config-ipv4-acl)# Permit icmp host local_ip_address host remote_ip_address echo-reply log
Router(config-ipv4-acl)# Permit ipv4 any any
Router(config)# Int
Router(config-int)# Ipv4 access-group PING-OUT egress hardware-count interface-statistics
These are a few of the commands that I use to check for drops. There are more and many are dependent on the platform, but this should help you with what you are trying to do.
‘show ipv4 traffic | i echo’
‘show lpts pifib hardware entry statistics loc <>’
‘show interface
'show controller
‘show access-list PING-IN hardware ingress loc <>’
‘show access-list PING-OUT hardware egress loc <>’
HTH,
Sam Milstead
CSE - XR TAC
04-25-2013 07:56 PM
Hi,
There are a number of things to look for when debugging ICMP or traffic drops in general.
Here are the ACLs that I use when troubleshooting traffic drops to ensure connectivity.
Router(config)# Ipv4 access-list PING-IN
Router(config-ipv4-acl)# Permit icmp host remote_ip_address host local_ip_address echo-reply log
Router(config-ipv4-acl)# Permit ipv4 any any
Router(config)# Int
Router(config-int)# Ipv4 access-group PING-IN ingress hardware-count interface-statistics
Router(config)# Ipv4 access-list PING-OUT
Router(config-ipv4-acl)# Permit icmp host local_ip_address host remote_ip_address echo-reply log
Router(config-ipv4-acl)# Permit ipv4 any any
Router(config)# Int
Router(config-int)# Ipv4 access-group PING-OUT egress hardware-count interface-statistics
These are a few of the commands that I use to check for drops. There are more and many are dependent on the platform, but this should help you with what you are trying to do.
‘show ipv4 traffic | i echo’
‘show lpts pifib hardware entry statistics loc <>’
‘show interface
'show controller
‘show access-list PING-IN hardware ingress loc <>’
‘show access-list PING-OUT hardware egress loc <>’
HTH,
Sam Milstead
CSE - XR TAC
04-27-2013 12:50 AM
Thanks, You help me a lot.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide