IP: s=10.1.2.62 (local), d=10.1.2.3 (Ma 0/0), len 1500,
sending fragment
IP Fragment, Ident = 4741, fragment offset = 1480
IP: s=40.40.40.40 (local), d=224.0.0.5 (Gi 4/11), len 64,
sending broad/multicast
proto=89
IP: s=40.40.40.40 (local), d=224.0.0.6 (Gi 4/11), len 28,
sending broad/multicast
proto=2
IP: s=0.0.0.0, d=30.30.30.30, len 100, unroutable
ICMP type=8, code=0
IP: s=0.0.0.0, d=30.30.30.30, len 100, unroutable
ICMP type=8, code=0
Usage
Information
Use the count option to stop packets from flooding the user terminal when debugging is
turned on.
The access-group option supports only the equal to (eq) operator in TCP ACL rules. Port
operators not equal to (
neq), greater than (gt), less than (lt), or range are not supported in
access-group option (refer to the Example below). ARP packets (arp) and Ether-type
(
ether-type) are also not supported in the access-group option. The entire rule is
skipped to compose the filter.
The access-group option pertains to:
• IP Protocol Number: 0 to 255
• Internet Control Message Protocol (icmp) but not the ICMP message type (0-255)
• Any Internet Protocol (ip)
• Transmission Control Protocol (tcp) but not on the rst, syn, or urg bits
• User Datagram Protocol (udp)
In the case of ambiguous access control list rules, the debug ip packet access-
control command is disabled. A message appears identifying the error (refer to the Example
below).
Example (Error
Messages)
FTOS#debug ip packet access-group test
%Error: port operator GT not supported in access-list debug
%Error: port operator LT not supported in access-list debug
%Error: port operator RANGE not supported in access-list debug
%Error: port operator NEQ not supported in access-list debug
FTOS#00:10:45: %RPM0-P:CP
%IPMGR-3-DEBUG_IP_PACKET_ACL_AMBIGUOUS_EXP: Ambiguous rules not
supported in access-list debug, access-list debugging is
turned off
FTOS#
783
To Next Page
Loading...
