Access lists for debugging
Nocturnal
Member Posts: 44 ■■□□□□□□□□
I've been having fun playing with ppp and reading debugs on my lab routers. Let's say I want to debug the ppp negotiation on a particular interface without crashing a production router. I know you need to create an access list, but no-one I ask seems to know the procedure.
Let's say I want to debug ppp negotiations on serial0/1. I know to set the logging to level 7 for debugging, but how to I set up the filter and where do I apply it?
Let's say I want to debug ppp negotiations on serial0/1. I know to set the logging to level 7 for debugging, but how to I set up the filter and where do I apply it?
"...a long habit of not thinking a thing wrong, gives it a superficial appearance of being right,..."
--Tom Paine
--Tom Paine
Comments
-
Yankee Member Posts: 157Why would you do all that? Just debug the ppp negotiation and watch the results. I have done it many times on production routers while troubleshooting ISDN issues.
Yankee -
Nocturnal Member Posts: 44 ■■□□□□□□□□There are two reasons why I'd want to do it. The first is to focus on one particular session. The second is to minimize CPU utilization.
I realize that debug ppp negotiation is pretty focused, but I want to be able to extract the exact information I'm looking for and I know there's a way to do it. I've read stuff on Cisco's website that recommends it but I haven't been able to locate the procedure.
There must be some way to set up a focused policy/filter-list that only writes to the log what I want to see.
If I can't get the information here, I'll share when I find out."...a long habit of not thinking a thing wrong, gives it a superficial appearance of being right,..."
--Tom Paine -
Yankee Member Posts: 157Go for it, but the purpose of watching the negotiation is to see at what layer it fails and to my knowledge this is best done with a debug. Most of your real world problems will be with authentication, so you will likely be looking at that soon enough.
Yankee -
Nocturnal Member Posts: 44 ■■□□□□□□□□The sequence is this:
2620#debug ppp packet
PPP packet display debugging is on
2620#debug condition interface serial0/1
Condition 1 set
This command sequence only captures ppp negotiations on serial0/1.
This comes in handy on 10000 and 12000 series routers with multiple T3 interfaces when you only want to capture what's going on with one T1 channel, such as Serial6/0/0/3:0 or a fractional such as Serial3/0/1/24:13."...a long habit of not thinking a thing wrong, gives it a superficial appearance of being right,..."
--Tom Paine -
Yankee Member Posts: 157I believe "debug ppp packet" shows all ppp packets being sent and received. You probably want to use "debug ppp neg" on that 2620.
Yankee -
keenon Member Posts: 1,922 ■■■■□□□□□□use "debug ppp events" it should show all ppp related transactionsBecome the stainless steel sharp knife in a drawer full of rusty spoons
-
Yankee Member Posts: 157I prefer being specific when debugging as I usually have an idea what I am looking for.
Yankee -
Nocturnal Member Posts: 44 ■■□□□□□□□□Sorry for the confusion. I should have used "debug ppp negotiation" in my example. The point I was trying to make is that you can narrow the focus even further with the "debug condition" command."...a long habit of not thinking a thing wrong, gives it a superficial appearance of being right,..."
--Tom Paine -
tunerX Member Posts: 447 ■■■□□□□□□□By what identifying information are you going to separate the different ppp negotiations that are taking place. If the the information is something that is not configurable in an access list then you will never get the information.
-
Yankee Member Posts: 157He ain't gonna find much in the ppp negotiation that he can catch on an access list which is why I said "go for it". He seemed dead set on trying it, so I figured he needed to learn it by himself.
To my knowledge access-list troubleshooting is best used when trying to find out where specific traffic is being dropped if it is not working as expected.
Yankee -
forbesl Member Posts: 454Yup,
Although logging level 7 is called "debugging" it really isn't as detailed as a true debug. It really won't show you want you need to know about your ppp negotiations or packets. -
darkuser Member Posts: 620 ■■■□□□□□□□