Table of Contents
What is the debug command?
The debug command is used to verify the operation of a router/switch in real time. debug command allows you to get a detailed picture of the router/switch operation. However, the debug command places a heavy burden on the router/switch. It is best to avoid using the debug command on a working router/switch.
Example of the debug command
The debug command is entered in privileged EXEC mode. If you look at the help for the debug command from the command line, you can specify many things, such as
R1#debug ? IUA ISDN adaptation Layer options aaa AAA Authentication, Authorization and Accounting aal2_xgcpspi AAL2_XGCP Service Provider Interface. access-expression Boolean access expression acircuit Attachment Circuit information adjacency adjacency alarm-interface Alarm Interface Card events all Enable all debugging alps ALPS debug information apple Appletalk information arap Appletalk Remote Access archive debug archive commands arp IP ARP and HP Probe transactions asnl Application Subscribe Notify Layer aspp ASPP information async Async interface information backhaul-session-manager Backhaul SM options backup Backup events bcm560x BCM560X L2 Driver bgp BGP information bsc BSC information bstun BSTUN information --More— -- omitted --
Two of the many debug commands are described below.
- debug ip packet
- debug ip routing
debug ip packet
The “debug ip packet” displays information about the IP packets sent and received by the router on the console in real time.
#debug ip packet [<ACL>] [detail]
<ACL> : associated ACL number
detail : View detailed information on packets
It is better to limit the number of IP packets to be displayed by associating them with ACLs. It even shows detailed information such as the IP header protocol number and TCP/UDP port number. debug ip packet is shown in the following example.
R1#debug ip packet IP packet debugging is on R1# *Mar 1 00:13:15.451: IP: s=192.168.12.1 (local), d=224.0.0.5 (Serial2/0), len 80, sending broad/multicast R1# *Mar 1 00:13:17.903: IP: s=192.168.12.2 (FastEthernet0/0), d=224.0.0.5, len 76, rcvd 0 *Mar 1 00:13:17.907: IP: s=192.168.12.1 (local), d=192.168.12.2 (FastEthernet0/0), len 80, sending *Mar 1 00:13:17.907: IP: s=192.168.12.1 (local), d=192.168.12.2 (FastEthernet0/0), len 80, encapsulation failed R1# *Mar 1 00:13:19.463: IP: s=192.168.12.2 (Serial2/0), d=224.0.0.5, len 80, rcvd 0 -- omitted --
debug ip routing
You can use the debug ip routing command to display real-time events for registering, updating, and deleting route information in the routing table.
#debug ip routing [<ACL>]
<ACL> : associated ACL number
It is also possible to target only specific route information in the routing table by associating ACLs. The following is an example of shutting down an interface with debug ip routing enabled and shutdown -> no shutdown.
R1#debug ip routing IP routing debugging is on R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#interface serial 2/0 R1(config-if)#shutdown R1(config-if)# *Mar 1 00:20:22.383: RT: is_up: Serial2/0 0 state: 6 sub state: 1 line: 0 has_route: True *Mar 1 00:20:22.383: RT: interface Serial2/0 removed from routing table *Mar 1 00:20:22.383: RT: del 192.168.21.0/30 via 0.0.0.0, connected metric [0/0] *Mar 1 00:20:22.383: RT: delete subnet route to 192.168.21.0/30 *Mar 1 00:20:22.387: RT: NET-RED 192.168.21.0/30 *Mar 1 00:20:22.387: RT: delete network route to 192.168.21.0 *Mar 1 00:20:22.387: RT: NET-RED 192.168.21.0/24 R1(config-if)# *Mar 1 00:20:24.371: %LINK-5-CHANGED: Interface Serial2/0, changed state to administratively down R1(config-if)# *Mar 1 00:20:24.379: RT: is_up: Serial2/0 0 state: 6 sub state: 1 line: 0 has_route: False *Mar 1 00:20:25.371: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down R1(config-if)# *Mar 1 00:20:25.371: RT: is_up: Serial2/0 0 state: 6 sub state: 1 line: 0 has_route: False R1(config-if)#no shutdown R1(config-if)# *Mar 1 00:20:29.947: RT: is_up: Serial2/0 0 state: 4 sub state: 1 line: 0 has_route: False R1(config-if)# *Mar 1 00:20:31.931: %LINK-3-UPDOWN: Interface Serial2/0, changed state to up R1(config-if)# *Mar 1 00:20:31.935: RT: is_up: Serial2/0 0 state: 4 sub state: 1 line: 0 has_route: False *Mar 1 00:20:31.979: RT: is_up: Serial2/0 1 state: 4 sub state: 1 line: 0 has_route: False *Mar 1 00:20:31.979: RT: SET_LAST_RDB for 192.168.21.0/30 NEW rdb: is directly connected *Mar 1 00:20:31.983: RT: add 192.168.21.0/30 via 0.0.0.0, connected metric [0/0] *Mar 1 00:20:31.983: RT: NET-RED 192.168.21.0/30 *Mar 1 00:20:31.983: RT: interface Serial2/0 added to routing table *Mar 1 00:20:32.955: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to up R1(config-if)# *Mar 1 00:20:32.959: RT: is_up: Serial2/0 1 state: 4 sub state: 1 line: 0 has_route: True
When we shutdown the interface, the direct route information (192.168.21.0/24) has been removed from the routing table. And no shutdown shows that the route information for the directly connected (192.168.12.0/24) has been registered in the routing table.
Conditional debugging
Conditional debugging filters the output of the debug command to show only what you want to see. The output of the debug command can be very large, so in order to efficiently verify the behavior of the debug command, filter the output of the debug command.
To determine the conditions for filtering the output of the debug command, enter the following command in privileged EXEC mode.
<condition> : Conditions to filter the output of the debug command
You can set a large number of filter criteria, and the help from the CLI shows that you can set many of them, as shown below.
The most commonly used and easy-to-understand condition would be interfaces. The following configuration will show only the output of the debug command for a specific interface.
<interface-name> : Interface name for which you want to display the output of the debug command
Example of debug condition interface
Here is an example of using debug condition interface to display only the output of the debug command for a specific interface. debug ip rip command will display the periodic sending and receiving of RIP packets in real time on the console.
R2#debug ip rip RIP protocol debugging is on R2# *Mar 1 00:12:58.331: RIP: received v2 update from 192.168.12.1 on FastEthernet0/0 *Mar 1 00:12:58.331: 10.1.1.0/24 via 0.0.0.0 in 1 hops R2# *Mar 1 00:13:06.435: RIP: received v2 update from 192.168.23.3 on FastEthernet0/1 *Mar 1 00:13:06.435: 10.3.3.0/24 via 0.0.0.0 in 1 hops R2# *Mar 1 00:13:18.711: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.12.2) *Mar 1 00:13:18.711: RIP: build update entries *Mar 1 00:13:18.711: 10.3.3.0/24 via 0.0.0.0, metric 2, tag 0 *Mar 1 00:13:18.715: 192.168.23.0/24 via 0.0.0.0, metric 1, tag 0 R2# *Mar 1 00:13:21.659: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/1 (192.168.23.2) *Mar 1 00:13:21.659: RIP: build update entries *Mar 1 00:13:21.659: 10.1.1.0/24 via 0.0.0.0, metric 2, tag 0 *Mar 1 00:13:21.663: 192.168.12.0/24 via 0.0.0.0, metric 1, tag 0
To display only RIP packets sent and received on FastEthernet0/0, configure the following conditions.
R2#debug condition interface FastEthernet 0/0 Condition 1 set
Then, the output of the debug ip rip command will be only about FastEthernet0/0.
*Mar 1 00:15:35.767: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.12.2) *Mar 1 00:15:35.767: RIP: build update entries *Mar 1 00:15:35.767: 10.3.3.0/24 via 0.0.0.0, metric 2, tag 0 *Mar 1 00:15:35.771: 192.168.23.0/24 via 0.0.0.0, metric 1, tag 0 R2# *Mar 1 00:15:52.115: RIP: received v2 update from 192.168.12.1 on FastEthernet0/0 *Mar 1 00:15:52.115: 10.1.1.0/24 via 0.0.0.0 in 1 hops
Verify the debugging
To verify the enabled debug command, enter the following command in privileged EXEC mode.
If you configured a condition to filter the output of the debug command, it will be displayed together with the show debugging command. If you want to check only the conditions, use the show debugging condition command. The following is a sample of show debugging.
R2#show debugging IP routing: RIP protocol debugging is on Condition 1: interface Fa0/0 (1 flags triggered) Flags: Fa0/0 R2#show debugging condition Condition 1: interface Fa0/0 (1 flags triggered) Flags: Fa0/0
Stop the debugging
To stop the debug, simply prefix any enabled debug command with “no”. Alternatively, you can use the undeug all command to stop all debug commands.
#no <Enabled deubg command>
or
#undebug all
R1#debug ip packet IP packet debugging is on R1#undebug all All possible debugging has been turned off
Cisco Basic
- Preparing for Cisco devices configuration
- Configuration files for Cisco devices
- The configuration steps for Cisco devices
- Basic knowledge of the Cisco CLI: Command types and modes
- Cisco device’s interface
- CLI help and completion
- The main error messages in CLI
- Cisco Deleting a configuration command
- default interface command -Initialize the interface settings-
- Entering commands in batches
- do command – Execute EXEC command from configuration mode –
- interface range command -Batch configuration of multiple interfaces-
- Filtering the display of the show command – displaying only the information you want to see –
- Cisco IOS Name Resolution Configuration
- terminal length command : configuration of the number of lines displayed in the command output
- debug command to verify real-time operation
- Automatically enter privileged EXEC mode upon CLI login
- Configure System Clock
- Saving and managing configuration files
- Version Management of Configuration Files ~archive command
- IOS File System Operations
- Managing Cisco Catalyst Switches :What it means to set an IP address on a switch.
- Remote management by VTY access (Telnet/SSH)
- terminal monitor command to display the log of Telnet/SSH login destination
- Multi-step Telnet Session Suspensions
- Set the minimum number of characters in the password [Cisco]
- Restrict login attempts : login block-for command
- Cisco Initial Configuration Example
- CDP – What are the connected devices? –
- Password recovery for Cisco routers
- Password Recovery for Catalyst Switches