debug ip packet

Platform: - Cisco routes and switches, Cisco IOS
Reference: -
Author: - Dinesh Aggarwal

Using an Access List with Debug


With the debug ip packet detail command, you have the option to enter the name or number of an access list. Doing that causes the debug command to get focused only on those packets satisfying (permitted by) the access list's statements. Here is an example. Imagine that host A has trouble making a Telnet connection to host B, and you decide to use debug on the router connecting the segments where hosts A and B reside (see fig 1)
Considering the addressing scheme used in fig-1 the access list 100 permits TCP traffic from host A ( to host B ( with the Telnet port (23) as the destination. Access list 100 also permits established TCP traffic from host B to host A. Using access list 100 with the debug ip packet detail command (as shown in the figure) allows you to see only debug packets that satisfy the access list.

This is an effective troubleshooting technique that requires less overhead on your router, while allowing all information on the subject you are troubleshooting to be displayed by the debug facility.

debug ip packet

Figure-1 Using Access Lists with the debug Command

If you have any suggestions or want to add more to this article do write us an email

What Next?

If you liked this article, you can share it with others using the following link:

Related Content :