Debugging Cisco Routers

The debug command is one of the best set of tools you will encounter on Cisco routers. The debug command is available only from privilege mode.

Cisco IOS router's debugging includes hardware and software to aid in troubleshooting internal problems and problems with other hosts on the network. The debug privileged EXEC mode commands start the console display of several classes of network events.

For debug output to display on a console port, you must ensure that debugging to the console has not been disabled or sent to the logging buffer with the logging console debug command.

If you enable any debug commands through a console and no debug output is displayed, it might be because logging has been disabled.

Check the running configuration for the line no logging debugging console, and remove this line (by typing logging debugging console) to enable debug messages to be viewed by the console port.

Remember to turn off console logging when you are done troubleshooting the problem. The router will continue to send to the console even if nobody is there, tying up valuable CPU resources.

On virtual lines (VTY lines), you must enable the terminal monitor command to view the debug output. You use VTY lines when you telnet to a remote Cisco router.

NOTE Refer to the Cisco IOS Debug Command Reference at the following URL for the most updated debug command information:

www.cisco.com/univercd/cc/td/doc/product/software/ios122/122sup/122debug/index.htm.

When debugging data, you must also be aware of the switching method used by the router (for example, fast or process switches) because the CPU will use the same method when sending debug output to the console or vty line.

The ip route-cache IOS command with no additional keywords enables fast switching. When debug ip packet flow is enabled, make sure you disable fast switching so you can view packet-by-packet flow through the router. Search the Cisco website for the keywords "Process" and "fast switching" for more details on switching methods. The following URL provides quality information on switching methods available on Cisco 7200 routers:

www.cisco.com/en/US/customer/products/sw/iosswrel/ps1831/products_configuration_ guide_chapter09186a00800ca6c7.html#xtocid6.

Table 4-4 displays the debug commands and the system debug message feature. Table 4-4 debug Command Summary

IOS Command

Purpose

show debugging

Displays the state of each debugging option

debug ?

Displays a list and brief description of all the debug command options

debug command

Begins message logging for the specified debug command

no debug command (or undebug all)

Turns message logging off for the specified debug command or turns off all debug messages with the undebug all command

Example 4-13 displays the list of debug command options covered in this section. Example 4-13 debug Command Options

R1#debug ?

all Enable all debugging ip IP information list Set interface or/and access list for the next debug command

audit IDS audit events auth-proxy Authentication proxy debug bgp BGP information cache IP cache operations cef IP CEF operations cgmp CGMP protocol activity dhcp Dynamic Host Configuration Protocol drp Director response protocol dvmrp DVMRP protocol activity egp EGP information eigrp IP-EIGRP information error IP error debugging flow IP Flow switching operations ftp FTP dialogue html HTML connections http HTTP connections icmp ICMP transactions igmp IGMP protocol activity igrp IGRP information inspect Stateful inspection events interface IP interface configuration changes mbgp MBGP information mcache IP multicast cache operations mhbeat IP multicast heartbeat monitoring mobile IP Mobility

Example 4-13 debug Command Options (Continued)

mpacket IP multicast packet debugging mrm IP Multicast Routing Monitor mrouting IP multicast routing table activity msdp Multicast Source Discovery Protocol (MSDP)

mtag IP multicast tagswitching activity nat NAT events nbar StILE - traffic classification Engine ospf OSPF information packet General IP debugging and IPSO security transactions peer IP peer address activity pim PIM protocol activity policy Policy routing postoffice PostOffice audit events rgmp RGMP protocol activity rip RIP protocol transactions routing Routing table events rsvp RSVP protocol activity rtp RTP information scp Secure Copy sd Session Directory (SD)

security IP security options socket Socket event ssh Incoming ssh connections tcp TCP information tempacl IP temporary ACL

trigger-authentication Trigger authentication udp UDP based transactions urd URL RenDezvous (URD)

wccp WCCP information

This section covers the debug commands highlighted in Example 4-13.

CAUTION The CPU system on Cisco routers gives the highest priority to debugging output. For this reason, debugging commands should be turned on only for troubleshooting specific problems or during troubleshooting sessions with technical support personnel. Excessive debugging output can render the system inoperable.

Try to use the most specific debug command possible to reduce the load on the CPU. For example, the debug all command will surely disable a router. You should use only the debug all command in a lab environment.

Typically, the console port is used for debugging major faults because the CPU places debugging messages to the console port as the highest priority. Sometimes, debugging messages can overwhelm a network administrator's ability to monitor the router, and the IOS command, logging synchronous, can limit the messages to the console.

When synchronous logging of unsolicited messages and debug output is turned on (the line console is configured with the logging synchronous IOS command), unsolicited Cisco IOS Software output is displayed on the console or printed after solicited Cisco IOS Software output is displayed or printed. Unsolicited messages and debug output is displayed on the console after the prompt for user input is returned. This keeps unsolicited messages and debug output from being interspersed with solicited software output and prompts. After the unsolicited messages are displayed, the console displays the user prompt again. The IOS commands logging trap can be used to limit the logging of error messages sent to syslog servers to only those messages at the specified level (levels range from 0 to 7). The lowest level is 7 (debugging messages, greatest level of messages, as level 7 encompasses all levels possible from 0 to 7), and the highest level is 0, or emergencies (system is unusable).

The debug all command turns on all possible debug options available to a Cisco router. This will crash any router in a busy IP network, so we strongly recommended that you never apply this command in a working network environment.

Example 4-14 displays the options when enabling IP packets through a Cisco router. Example 4-14 debug ip packet ?

R1#debug ip packet ?

<1-199> Access list

<1300-2699> Access list (expanded range) detail Print more debugging detail

You can define an access list so that only packets that satisfy the access list are sent through to the console or vty line.

Figure 4-3 displays a typical example where Simon, a user on one Ethernet (Ethernet 0/0), is advising you that packets from users on Ethernet 0/1 (Melanie's PC) are not reaching each other. To view the routing packet flow through Router R1, you can debug the IP packets and use a standard access list or an extended one (access lists are covered later in this chapter).

To view the IP packet flow and ensure that you view only packets from Melanie's PC to Simon's PC, you can define an extended access list matching the source address, 131.108.2.100 (Melanie's PC), to the destination address, 131.108.1.100 (Simon's PC).

Figure 4-3 IP Data Flow from One Segment to Another

Users Report No Packet Flow

Application Layer Errors <131.108.1.100/24

User Simon

->- Application Layer Errors 131.108.2.100/24

E0/0

E0/1

User Melanie interface Ethernet0/0

ip address 131.108.1.1 255.255.255.0

interface Ethernet0/1

ip address 131.108.2.1 255.255.255.0

Example 4-15 displays the debug command configuration on Router R1.

Example 4-15 Enabling debug ip packet with Access-list 100

R1#config terminal

Enter configuration commands, one per line. End with CNTL/Z. R1(config)#access-list 100 permit ip host 131.108.2.100 host 131.108.1.100 R1#debug ip packet ?

<1-199> Access list

<1300-2699> Access list (expanded range) detail Print more debugging detail

R1#debug ip packet 100 ?

detail Print more debugging detail <cr>

R1#debug ip packet 100 detail

IP packet debugging is on (detailed) for access list 100

Applying the exact debug command for only traffic generated from one device to another ensures that the router is not using too many CPU cycles to generate the debug output to the console. When a ping request is sent from Melanie's PC to Simon's PC, debug output displays a successful ping request.

Example 4-16 displays the sample debug output matching access-list 100 when 5 ping packets are sent.

NOTE When debugging with a specific IP access list, be sure to stop all debugging options with the undebug all IOS command before removing IP access lists; Cisco IOS routers are prone to failure if the access list is removed before the debugging options are disabled. For example, no debug output will be captured and sent to the console if no access list is defined but referenced by a debug command (for example, debug ip packet 100, when access-list 100 is not defined). Also, remember that the default, deny not specifically permitted, is the default behavior for Cisco IOS access lists. Make sure you permit only traffic for which you are interested in viewing debug messages like the example shown in Figure 4-3.

Example 4-16 Ping Request

R1#ping 131.108.1.100

2d22h: IP: s=131.108.2

100 (local), d=131

1

08.1

100

(Ethernet0/0), len 100,

sending

2d22h: ICMP type=8

code=0

2d22h: IP: s=131.108.2

100 (Ethernet0/0),

d

=131

108

1.100 (Ethernet0/0),

len 100, rcvd 3

2d22h: ICMP type=8

code=0

2d22h: IP: s=131.108.2

100 (local), d=131

1

08.1

100

(Ethernet0/0), len 100,

sending

2d22h: ICMP type=8

code=0

2d22h: IP: s=131.108.2

100 (Ethernet0/0),

d

=131

108

1.100 (Ethernet0/0),

len 100, rcvd 3

2d22h: ICMP type=8

code=0

2d22h: IP: s=131.108.2

100 (local), d=131

1

08.1

100

(Ethernet0/0), len 100,

sending

2d22h: ICMP type=8

code=0

2d22h: IP: s=131.108.2

100 (Ethernet0/0),

d

=131

108

1.100 (Ethernet0/0),

len 100, rcvd 3

2d22h: ICMP type=8

code=0

2d22h: IP: s=131.108.2

100 (local), d=131

1

08.1

100

(Ethernet0/0), len 100,

sending

2d22h: ICMP type=8

code=0

2d22h: IP: s=131.108.2

100 (Ethernet0/0),

d

=131

108

1.100 (Ethernet0/0),

len 100, rcvd 3

2d22h: ICMP type=8

code=0

2d22h: IP: s=131.108.2

1 (local), d=131.1

38

.1.1

(Ethernet0/0), len 100,

sending

2d22h: ICMP type=8

code=0

2d22h: IP: s=131.108.2

100 (Ethernet0/0),

d

= 131

108

1.100 (Ethernet0/0),

len 100, rcvd 3

2d22h: ICMP type=8

code=0

The debug output demonstrates that five packets were successfully routed from Ethernet 0/1 to Ethernet 0/0. Therefore, the network fault reported by the users points to an application error rather than a network error.

Table 4-5 displays the meaning of the codes in Example 4-16. Table 4-5 debug ip packet 100 detail Explanation

Field

Meaning

IP:

Indicates an IP packet

s=131.108.2.100 (Melanie's PC)

Indicates the packet's source address

d=131.108.1.100 (Simon's PC)

Indicates the packet's destination address

ICMP type 8 code 0

Ping request

Len 100

The length of the IP packet (100 bytes)

NOTE The detail option allows for further detail in the debug output.

Using the route cache is often called fast switching. The route cache allows outgoing packets to be load-balanced on a per-destination basis, rather than on a per-packet basis.

NOTE The output modifier | (pipe) is a great time saver. For example, the command, show running-config | begin router ospf 100, shows only the running configuration starting from the router ospf 100 part instead of the entire output.

Was this article helpful?

+1 0

Post a comment