Priscilla Oppenheimer wrote:
>
> To look at ip traffic he should use debug ip packet detail. (Be careful on
> a busy production router. This displays a lot of info, and when you ask a
> router to use CPU cycles to display output on the console instead of using
> those cycles to route packets, you're asking for trouble.)
>
> To see traffic for just see one interface, try
>
> debug condition interface interface
>
> If you enter the debug condition interface command, the debugging output
> will be turned off for all interfaces except the specified interface. I've
> never tried this. I just discovered it in the documentation. It may be new
> in 12.0.
>
You can enter multiple conditions which are logically OR'd such as
multiple interfaces. The rest of the conditions are really targeted
to access servers so you can select one ISDN call or one user out of
dozens or hundreds.
> To see specific traffic, he could apply an access list to debug ip packet,
> as someone else suggested. But how much IP traffic does this point-to-point
> link carry? It probably carries traffic for multiple IP sessions. So the
> access list idea could be impractical... Remember that IP addresses are
> end-to-end.
>
> So the interface condition is probably a better way to do it.
>
The access-list acts as a "display filter" in Sniffer parlance.
One must also keep in mind what traffic is even eligible to be
seen by debug, which is performed in the IOS process named "IP input".
Fast-switched packets never make it there, since they are forwarded
in interrupt mode, so one would have to inhibit route-cacheing on
one or more interfaces. That's another reason it could cause a
performance impact!
Make certain that "logging console xxx" does NOT include debug;
capture the display in a Telnet session instead.
- Marty
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=11018&t=10598
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
