Debugging Cisco Routers

The debug command is one of the best sets of tools you will encounter on Cisco routers. The debug command is available only from PRIV EXEC mode.

Cisco IOS routers' debugging includes hardware and software to aid in troubleshooting internal problems and problems with other hosts on the network. The debug privileged EXEC mode commands start the console display of several classes of network events.

For debug output to display on a console port, you must ensure that debugging to the console has not been disabled or sent to the logging buffer with the logging console debug command. The logging messages from the IOS image can be sent to the buffer (use show logging to view) and the console.

If you enable any debug commands through a console and no debug output is displayed, logging may have been disabled. Check the running configuration for the line no logging debugging console and, if present, remove it (by typing logging debugging console) to enable debug messages to be viewed by the console port. If the console setting is set to a level lower than debugging, the command logging debugging console will also override any current settings.

Remember to turn off console logging when you are done troubleshooting the problem. The router will continue to send to the console even if no one is there, tying up valuable CPU resources.

On virtual lines (vty lines), you must enable the terminal monitor command to view the debug output. You use vty lines when you telnet to a remote Cisco router.

NOTE Refer to the Cisco IOS Debug Command Reference at the following URL for the most recently updated debug command information: index.htm

When debugging data, you must also be aware of the switching method used by the router (for example, fast or process switches) because the CPU will use the same method when sending debug output to the console or vty line.

The ip route-cache IOS command with no additional keywords enables fast switching. When debug ip packet is enabled, make sure you disable fast switching (no ip route-cache) so that you can view packet-by-packet flow through the router. Search for the keywords "process" and "fast switching" for more details on switching methods. The following URL provides quality information on switching methods available on Cisco 7200 routers: products_configuration_guide_ chapter09186a00800ca6c7.html#xtocid6 . Please note you must have a valid CCO login for this link.

Also make sure you check out the Cisco Express Forwarding overview for a discussion on CEF at the same link.

Table 3-4 displays the debug commands and the system debug message feature. Table 3-4 debug Command Summary

Cisco IOS Command


show debugging

Displays the state of each debugging option

debug ?

Displays a list and brief description of all the debug command options

debug command

Begins message logging for the specified debug command

no debug command (or undebug all)

Turns message logging off for the specified debug command or turns off all debug messages with the undebug all command

Example 3-13 displays the list of debug command options covered in this section. Example 3-13 debug Command Options

R1#debug ?


Enable all debugging


IP information


Set interface or/and access list for the next debug command

R1#debug ip ?


IDS audit events


Authentication proxy debug


BGP information


IP cache operations


IP CEF operations


CGMP protocol activity


Dynamic Host Configuration Protocol


Director response protocol


DVMRP protocol activity


EGP information


IP-EIGRP information


IP error debugging


IP Flow switching operations


FTP dialogue


HTML connections


HTTP connections


ICMP transactions


IGMP protocol activity


IGRP information


Stateful inspection events


IP interface configuration changes


MBGP information


IP multicast cache operations


IP multicast heartbeat monitoring


IP Mobility


IP multicast packet debugging


IP Multicast Routing Monitor


IP multicast routing table activity


Multicast Source Discovery Protocol (MSDP)


IP multicast tagswitching activity


NAT events


StILE - traffic classification Engine


OSPF information


General IP debugging and IPSO security transactions


IP peer address activity


PIM protocol activity


Policy routing


PostOffice audit events


RGMP protocol activity

Example 3-13 debug Command Options (Continued)


RIP protocol transactions


Routing table events


RSVP protocol activity


RTP information


Secure Copy


Session Directory (SD)


IP security options


Socket event


Incoming ssh connections


TCP information


IP temporary ACL


Trigger authentication


UDP based transactions


URL RenDezvous (URD)


WCCP information

The rest of this section covers the debug commands shaded in Example 3-13.

CAUTION The CPU system on Cisco routers gives the highest priority to debugging output. For this reason, debugging commands should be turned on only for troubleshooting specific problems or during troubleshooting sessions with technical support personnel. Excessive debugging output can render the system inoperable.

Try to use the most specific debug command possible to reduce the load on the CPU. For example, the debug all command will surely disable a router. You should use the debug all command only in a lab environment.

Typically, the console port is used for debugging major faults because the CPU places debugging messages to the console port as the highest priority. Sometimes, debugging messages can overwhelm a network administrator's ability to monitor the router, and the IOS command logging synchronous can limit the messages to the console.

When synchronous logging of unsolicited messages and debug output is turned on (the line console is configured with the logging synchronous IOS command), unsolicited Cisco IOS software output is displayed on the console or printed after solicited Cisco IOS software output is displayed or printed. Unsolicited messages and debug output are displayed on the console after the prompt for user input is returned. This keeps unsolicited messages and debug output from being interspersed with solicited software output and prompts. After the unsolicited messages are displayed, the console displays the user prompt again. The IOS command's logging trap can be used to limit the logging of error messages sent to syslog servers to only those messages at the specified level (levels range from 0 to 7). The highest level is 7; level 7 encompasses all possible levels from 0 to 7. The lowest level is 0, or emergencies (system is unusable).

The debug all command turns on all possible debug options available to a Cisco router. This will crash any router in a busy IP network, so we strongly recommended that you never apply this command in a working network environment.

Example 3-14 displays the options when enabling IP debugging through a Cisco router.

Example 3-14 debug ip packet ? Command R1#debug ip packet ?

You can define an access list so that only packets that satisfy the access list are sent through to the console or vty line.

Figure 3-3 displays a typical example in which a user (Simon) on one Ethernet (Ethernet 0/0) is advising you that packets from users on Ethernet 0/1 (Melanie's PC) are not reaching each other. To view the routing packet flow through Router R1, you can debug the IP packets and use a standard access list or an extended one (access lists are covered later in this chapter).

Figure 3-3 IP Data Flow from One Segment to Another

Users Report No Packet Flow

<1-199> Access list

<1300-2699> Access list (expanded range)

detail Print more debugging detail <cr>


Application Layer Errors

■> Application Layer Errors


User Simon interface Ethernet0/0

ip address

interface Ethernet0/1

ip address


User Melanie

User Simon

User Melanie interface Ethernet0/0

ip address

interface Ethernet0/1

ip address

To view the IP packet flow and ensure that you view only packets from Melanie's PC to Simon's PC, you can define an extended access list matching the source address, (Melanie's PC), to the destination address, (Simon's PC).

Example 3-15 displays the debug command configuration on Router R1.

Example 3-15 Enabling debug ip packet with Access List 100 R1#config terminal

Enter configuration commands, one per line. End with CNTL/Z. R1(config)#access-list 100 permit ip host host R1#debug ip packet ?

<1-199> Access list

<1300-2699> Access list (expanded range) detail Print more debugging detail

R1#debug ip packet 100 ?

detail Print more debugging detail <cr>

R1#debug ip packet 100 detail

IP packet debugging is on (detailed) for access list 100

Applying the exact debug command for only traffic generated from one device to another ensures that the router is not using too many CPU cycles to generate the debug output to the console. When a ping request is sent from Melanie's PC to Simon's PC, debug output displays a successful ping request.

Example 3-16 displays the sample output matching access list 100 when five ping packets are sent. Example 3-16 Ping Request

Example 3-16 Ping Request (Continued)

2d22h: ICMP type=



2d22h: IP: s=131.108


100 (Ethernet0/0),




18.1.100 (Ethernet0/0),

len 100, rcvd 3

2d22h: ICMP type=



2d22h: IP: s=131.108


100 (local), d=131




(Ethernet0/0), len 100,


2d22h: ICMP type=



2d22h: IP: s=131.108


100 (Ethernet0/0),




18.1.100 (Ethernet0/0),

len 100, rcvd 3

2d22h: ICMP type=



When debugging with a specific IP access list, be sure to stop all debugging options with the undebug all IOS command before removing IP access lists; Cisco IOS routers are prone to failure if the access list is removed before the debugging options are disabled. For example, no debug output will be captured and sent to the console if no access list is defined, but one is referenced by a debug command (for example, debug ip packet 100, when access list 100 is not defined). Also, remember that the default behavior for Cisco IOS access lists is to deny traffic that is not specifically permitted. Make sure you permit only traffic for which you are interested in viewing debug messages like the example shown in Figure 3-3.

The debug output demonstrates that five packets were successfully routed from Ethernet 0/1 to Ethernet 0/0. (Note there are 10 entries in Example 3-16—the ICMP echo and ICMP reply packets.) Therefore, the network fault reported by the users points to an application error rather than a network error.

Table 3-5 displays the meaning of the codes in Example 3-16. Table 3-5 ping Explanation




Indicates an IP packet

s= (Melanie's PC)

Indicates the packet's source address

d= (Simon's PC)

Indicates the packet's destination address

ICMP type 8 code 0

Ping request

Len 100

The length of the IP packet (100 bytes)

NOTE The detail option allows for further detail in the debug output.

Using the route cache is often called fast switching. The route cache allows outgoing packets to be load-balanced on aper-destination basis rather than on a per-packet basis.

NOTE The output modifier | (pipe) is a great time saver. For example, the command show running-config | begin router ospf 100 shows only the running configuration starting from the router ospf 100 part instead of showing the entire output.

Was this article helpful?

0 0

Post a comment