Cisco Debug Command Reference
Today, we would like to introduce some debug command to Cisco certification engineers. But you should use these debug commands with caution.
In general, it is recommended that these commands only be used under the direction of your router technical support representative when troubleshooting specific problems.
Global debugging
The boundaries between global and interface commands are obvious when configuring Cisco routers. In this case, we use "global" to identify commands that cannot be used for interface debugging or specific transport media type and protocol debugging. For example, in the 2500 Series routers, you can use the debug commands to analyze the Cisco Discovery Protocol (CDP). We telnet to the router via telnet. In the default mode, the output of the debug command is sent to the console. If you are in a telnet session, we can use the terminal monitor command to view the output.
Interface debugging
The debug serial interface command is a debug command that is directly related to the router interface and transport media type. In the example below, the serial interface is packaged in HDLC. End-to-end HDLC keeps active messages exchanged every 10 seconds. This indicates that the link is operating normally and the second layer is working properly. The show interface serial0 command indicates that the line protocol is starting normally. Use the undebug all command to turn off all debugging.
YH-Router#debug serial interface
Serial network interface debugging is on
YH-Router#
Jun 1 21:54:55 PDT:Serial0: HDLC myseq 171093, mineseen 171093*, yourseen 1256540,line up
Jun 1 21:55:05 PDT:Serial0: HDLC myseq 171094, mineseen 171094*, yourseen 1256541,line up
Jun 1 21:54:15 PDT:Serial0: HDLC myseq 171095, mineseen 171095*, yourseen 1256542,line up
YH-Router#undebug all
All possible debugging has been turned off
Protocol debugging
Below we give two examples of protocol debugging. Both examples are related to the IP protocol. Of course, the debug command applies to all other protocols.
The first example (shown below) shows ARP debugging. ARP debugging starts, then clears the ARP cache and generates ARP requests and responses. First, we use the command to clear all ARP caches on the router, so each LAN segment connected to the router will generate ARP packets. Because we do not need to generate too many ARP packets, the selected router is only connected to one Ethernet segment.
YH-Router#debug arp
ARP packet debugging is on
YH-Router#clear arp
YH-Router#
*Jun 1 21:57:36 PDT: IP ARP: sent req src 171.136.10.1 00e0.1eb9.bbcd
Dst 171.136.10.34 00a0.24d1.5823 Ethernet0
*Jun 1 21:57:36 PDT: IP ARP: sent req src 171.136.10.1 00e0.1eb9.bbcd
Dst 171.136.10.10 0080.5f06.ca3d Ethernet0
......
*Jun 1 21:57:36 PDT: IP ARP: rcvd req src 171.136.10.10 0080.5f06.ca3d, dst 171.136.10.1 Ethernet0
*Jun 1 21:57:36 PDT: IP ARP: creating entry for IP address:171.136.10.10,hw: 0080.5f06.ca3d
......
The second example (shown below) shows IP RIP debugging. At the beginning of debugging, the router table is not cleared because the router automatically performs a RIP update every 30 seconds, so no forced updates are required. Similar to the first example, all debugging should be turned off after enough information has been obtained.
YH-Router#debug ip rip events
RIP event debugging is on
YH-Router#
NOV 27 13:55:45 PST: RIP: sending v1 update to 255.255.255.255 via TokenRing1/0 (165.48.65.136)
NOV 27 13:55:45 PST: RIP: Update contains 25 routes
NOV 27 13:55:45 PST: RIP: Update queued
NOV 27 13:55:45 PST: RIP: Update contains 6 routes
NOV 27 13:55:45 PST: RIP: Update queued
NOV 27 13:55:45 PST: RIP: Update sent via TokenRing1/0
......
YH-Router#undeb all
All possible debugging has been turned off
Ping command
Ping is the most commonly used troubleshooting and troubleshooting command. It consists of a set of ICMP echo request messages, which will return a set of response response messages if the network is up and running. ICMP messages are transmitted in IP packets, so receiving an ICMP echo response message can indicate that the connections below Layer 3 are working properly.
Cisco's ping command not only supports the IP protocol, but also supports most other desktop protocols, such as the IPX and AppleTalk protocol ping commands. Let's first look at the ping command that supports the IP protocol in the user's EXEC mode, and then discuss the many powerful features included in the extended ping command in privileged mode.
User execution mode
IP PING A simple IP ping can be performed either in user mode or in privileged mode. Under normal circumstances, the command will send back 5 response requests, and 5 exclamation marks indicate that all requests have successfully received the response. The output also includes information such as maximum, minimum, and average round trip time.
Each "!" indicates that an echo response was successfully accepted. If it is not a "!" sign, it indicates that the echo response was not received:
! Successful response
· Request timed out
U destination unreachable
P protocol is unreachable
N network is unreachable
Q source suppression
M cannot be segmented
? Unaware message type
The IPX PING IPX ping command can only be executed on routers running IOS v 8.2 and above. IPX ping in user mode is typically only used to test the Cisco router interface. In privileged mode, the user can ping a specific NOVELL workstation in the format "ping ipx IPX address".
APPLETALE PING This command uses the Apple Echo Protocol (AEP) to confirm connectivity between AppleTalk nodes. It should be noted that current Cisco routers only support the Apple Echo Protocol for Ethernet interfaces. The format of the command is "ping apple Appletalk address".
Privileged execution mode
In privileged EXEC mode, the extended ping command applies to any kind of desktop protocol. It contains more functional properties, so you can get more detailed information. With this information we can analyze the cause of network performance degradation and not just the cause of service loss. The extended ping command is also executed in a ping mode. The router then prompts for various attributes.
EXTENDED IP PING is used as follows:
YH-Router#ping
Protocol [ip]:
Target IP address: 165.48.183.12
Repeat count [5]: 10
Datagram size [100]: 1600
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 165.48.48.3
Type of service [0]:
Set DF bit in IP header? [no]:
Data pattern [0xABCD]:
Loose, Srict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 10, 1600-byte ICMP Echoes to 165.58.183.12, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 36/39/48 ms
First we discuss the various available properties of ping in privileged mode. The default value for each property is shown in parentheses.
Protocol The protocol to be tested.
Target address The target address of the test.
Repeat count The number of pings repeated if there is an intermittent failure or the response time is too slow.
Datagram size If you suspect that a message is lost due to excessive delay or fragmentation failure, you can increase the size of the message. For example, we can use a 1600-byte message to force segmentation.
Timeout This value can be increased if the timeout is suspected to be due to a slow response rather than a message loss.
The Extended commands answer is determined to get extended attributes.
Source address must be the address of the router interface.
Type of service The default value is 0, according to the attributes specified in RFC 791 TOS.
Set DF bit in IP header? Segmentation is disabled by setting the DF bit, even if the message exceeds the MTU defined by the router.
Data pattern [0xABCD] The noise of the line can be tested by changing the data mode.
Loose, Strict, Record, Timestamp, Verbose[none] These are the attributes of the IP header. Generally only use the Record property and Verbose, other properties are rarely used. Record can be used to record the address of each hop of the message, and the Verbose attribute gives the response time of each response. .
Sweep range of sizes [n] This attribute is mainly used to test faults such as large packets being lost, slow processing speed, or segmentation failure.
EXTEND IPX PING Extended IPX ping also allows users to modify parameters such as message size and number of repetitions. Another enhanced property for pinging in user mode is the use of the Novell Standard echo attribute. With this property, the user can ping the IPX workstation. If this property is disabled, Novell IPX devices will not respond to pings because they do not support the Cisco proprietary IPX ping protocol. Users can modify the properties of the device to support this feature.
EXTENDED APPLETALK PING The extended AppleTalk ping command is an enhancement to ping in user mode, similar to the extended IPX ping. As with IP and IPX extension pings, users can also choose attributes such as Verbose.
Trace command
The trace command provides information about each hop of the router to the destination address. It is implemented by controlling the lifetime (TTL) field of the IP packet. An ICMP Echo Request message with a TTL equal to 1 will be sent first. The first router on the path will drop the message and send back a message identifying the error message. The error message is usually an ICMP timeout message, indicating that the packet reaches the next hop of the path or the port unreachable message, indicating that the packet has been received by the destination address but cannot be sent up to the IP protocol stack.
To get the round-trip delay time information, trace sends three messages and shows the average delay time. Then add 1 to the TTL field of the message and send 3 messages. These messages will arrive on the second router of the path and return a timeout error or port unreachable message. Repeatedly using this method, the value of the TTL field of the message is continuously increased until a response message of the destination address is received.
In some cases, using the trace command may cause a failure. Because there are bugs related to the trace command in IOS. Information about these bugs can be obtained from the CCO. Another problem is that some target sites do not respond to ICMP port unreachable messages. When the output of the command shows a series of asterisks (*), you may encounter such sites. Users can use Ctrl-Sh.