Using the Debug Packet Logging Facility
The debug packet logging facility enables you to display all packets going to and from the controller CPU. You can enable it for received packets, transmitted packets, or both. By default, all packets received by the debug facility are displayed. However, you can define access control lists (ACLs) to filter packets before they are displayed. Packets not passing the ACLs are discarded without being displayed.
Each ACL includes an action (permit, deny, or disable) and one or more fields that can be used to match the packet. The debug facility provides ACLs that operate at the following levels and on the following values:
-
Driver ACL
-
NPU encapsulation type
-
Port
-
-
Ethernet header ACL
-
Destination address
-
Source address
-
Ethernet type
-
VLAN ID
-
-
IP header ACL
-
Source address
-
Destination address
-
Protocol
-
Source port (if applicable)
-
Destination port (if applicable)
-
-
EoIP payload Ethernet header ACL
-
Destination address
-
Source address
-
Ethernet type
-
VLAN ID
-
-
EoIP payload IP header ACL
-
Source address
-
Destination address
-
Protocol
-
Source port (if applicable)
-
Destination port (if applicable)
-
-
CAPWAP payload 802.11 header ACL
-
Destination address
-
Source address
-
BSSID
-
SNAP header type
-
-
CAPWAP payload IP header ACL
-
Source address
-
Destination address
-
Protocol
-
Source port (if applicable)
-
Destination port (if applicable)
-
At each level, you can define multiple ACLs. The first ACL that matches the packet is the one that is selected.
This section contains the following subsection:
Configuring the Debug Facility (CLI)
Procedure
Step 1 |
To enable the debug facility, enter this command:
|
||||
Step 2 |
To configure the format of the debug output, enter this command: debug packet logging format {hex2pcap | text2pcap} The debug facility supports two output formats: hex2pcap and text2pcap. The standard format used by IOS supports the use of hex2pcap and can be decoded using an HTML front end. The text2pcap option is provided as an alternative so that a sequence of packets can be decoded from the same console log file. |
||||
Step 3 |
To determine why packets might not be displayed, enter this command: |
||||
Step 4 |
To display the status of packet debugging, enter this command: show debug packet Information similar to the following appears:
|