[c-nsp] debugging all incoming traffic on an interface
Michael K. Smith - Adhost
mksmith at adhost.com
Tue Sep 23 13:17:01 EDT 2008
Hello Alex:
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Wilkinson, Alex
> Sent: Tuesday, September 23, 2008 6:07 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] debugging all incoming traffic on an interface
>
> 0n Mon, Sep 22, 2008 at 06:52:21PM -0400, Jason Lixfeld wrote:
>
> >Attaching a access-list 100 permit ip any any log-input to the
> >interface and/or subinterface via ip access-group didn't show
> >anything - the interface counters
>
> Curious ... since I dont have the luxury to play with cisco kit all day (jack
> of
> trades ...) can someone please give me a quick explanation as to how creating
> an
> ACL on an interface helps with debugging that interface ?
>
> -aW
>
> IMPORTANT: This email remains the property of the Australian Defence
> Organisation and is subject to the jurisdiction of section 70 of the CRIMES
> ACT 1914. If you have received this email in error, you are requested to
> contact the sender and delete the email.
>
AFAIK it doesn't. However, you can apply ACL's to your debug setup as a filter. The filter below would only match traffic from 192.168.1.0/24 to 192.168.2.0/24
debug ip packet 199
access-list 199 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 log
Regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 474 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20080923/9427246d/attachment.bin>
More information about the cisco-nsp
mailing list