Access lists for debugging

NocturnalNocturnal Member Posts: 44 ■■□□□□□□□□
I've been having fun playing with ppp and reading debugs on my lab routers. Let's say I want to debug the ppp negotiation on a particular interface without crashing a production router. I know you need to create an access list, but no-one I ask seems to know the procedure.

Let's say I want to debug ppp negotiations on serial0/1. I know to set the logging to level 7 for debugging, but how to I set up the filter and where do I apply it?
"...a long habit of not thinking a thing wrong, gives it a superficial appearance of being right,..."
--Tom Paine

Comments

  • YankeeYankee Member Posts: 157
    Why would you do all that? Just debug the ppp negotiation and watch the results. I have done it many times on production routers while troubleshooting ISDN issues.

    Yankee
  • NocturnalNocturnal Member Posts: 44 ■■□□□□□□□□
    There are two reasons why I'd want to do it. The first is to focus on one particular session. The second is to minimize CPU utilization.

    I realize that debug ppp negotiation is pretty focused, but I want to be able to extract the exact information I'm looking for and I know there's a way to do it. I've read stuff on Cisco's website that recommends it but I haven't been able to locate the procedure.

    There must be some way to set up a focused policy/filter-list that only writes to the log what I want to see.

    If I can't get the information here, I'll share when I find out.
    "...a long habit of not thinking a thing wrong, gives it a superficial appearance of being right,..."
    --Tom Paine
  • YankeeYankee Member Posts: 157
    Go for it, but the purpose of watching the negotiation is to see at what layer it fails and to my knowledge this is best done with a debug. Most of your real world problems will be with authentication, so you will likely be looking at that soon enough.

    Yankee
  • NocturnalNocturnal Member Posts: 44 ■■□□□□□□□□
    The sequence is this:

    2620#debug ppp packet
    PPP packet display debugging is on
    2620#debug condition interface serial0/1
    Condition 1 set


    This command sequence only captures ppp negotiations on serial0/1.

    This comes in handy on 10000 and 12000 series routers with multiple T3 interfaces when you only want to capture what's going on with one T1 channel, such as Serial6/0/0/3:0 or a fractional such as Serial3/0/1/24:13.
    "...a long habit of not thinking a thing wrong, gives it a superficial appearance of being right,..."
    --Tom Paine
  • YankeeYankee Member Posts: 157
    I believe "debug ppp packet" shows all ppp packets being sent and received. You probably want to use "debug ppp neg" on that 2620.

    Yankee
  • keenonkeenon Member Posts: 1,922 ■■■■□□□□□□
    use "debug ppp events" it should show all ppp related transactions
    Become the stainless steel sharp knife in a drawer full of rusty spoons
  • YankeeYankee Member Posts: 157
    I prefer being specific when debugging as I usually have an idea what I am looking for.

    Yankee
  • NocturnalNocturnal Member Posts: 44 ■■□□□□□□□□
    Sorry for the confusion. I should have used "debug ppp negotiation" in my example. The point I was trying to make is that you can narrow the focus even further with the "debug condition" command.
    "...a long habit of not thinking a thing wrong, gives it a superficial appearance of being right,..."
    --Tom Paine
  • tunerXtunerX Member Posts: 447 ■■■□□□□□□□
    By what identifying information are you going to separate the different ppp negotiations that are taking place. If the the information is something that is not configurable in an access list then you will never get the information.
  • YankeeYankee Member Posts: 157
    He ain't gonna find much in the ppp negotiation that he can catch on an access list which is why I said "go for it". He seemed dead set on trying it, so I figured he needed to learn it by himself.

    To my knowledge access-list troubleshooting is best used when trying to find out where specific traffic is being dropped if it is not working as expected.

    Yankee
  • forbeslforbesl Member Posts: 454
    Yup,

    Although logging level 7 is called "debugging" it really isn't as detailed as a true debug. It really won't show you want you need to know about your ppp negotiations or packets.
Sign In or Register to comment.