Analyzing And Troubleshooting Packets - Cisco 10008 Installation And Configuration Manual

Analyzing and Troubleshooting Packets

Displaying OBFL Data
The show logging onboard [status] <module> <slotnumber/subslotnumber/modulenumber>
command displays the logs from the OBFL data. On the Cisco 10000 series router the term module is
used to represent a Route Processor (RP) or the SPA Interface Processor (SIP).
For information on OBFL commands, see the "Configuration Tasks" chapter in the Onboard Failure
Logging feature guide located at the following URL:
http://www.cisco.com/en/US/partner/docs/ios/12_0s/feature/guide/12sobfl.html#wp1025118
Analyzing and Troubleshooting Packets
The PXF engine of the PRE4 is responsible for processing and forwarding packets. As processing
occurs, PXF counters increment to reflect the internal behavior of the PRE. The router collects this
statistical information from the counters and appropriately displays it when you enter specific
show pxf cpu commands. The output from these commands is useful in analyzing and troubleshooting
denied and logged packets.
To correctly interpret packet statistics, it is important that you understand the behavior of the router
during packet and access list processing, and the counters that provide the statistical data. This section
briefly describes access list processing, some PXF counters and their behavior, and some of the
commands you can use to display statistical information. This section is based on PRE4 with differences
noted for other PREs.
Access Control Lists
The Cisco 10008 router provides traffic filtering capabilities using Access Control Lists (ACLs). Access
lists filter network traffic by controlling whether routed packets are forwarded or blocked at the router's
interfaces. Using ACLs, you can do such things as restrict the contents of routing updates, provide traffic
flow control, and provide security for your network.
The Cisco 10008 router supports the following ACL types and features:
•
•
•
•
The access-list command is used to configure an ACL. For example, the following configuration creates
ACL 108:
access-list 108 permit udp any host 10.68.1.10 range 0 5000 log
access-list 108 permit udp host 10.1.1.10 range 0 5000 any log
After creating an ACL, it is applied to an interface using the ip access-group command. The router
executes the ACL from top to bottom, denying or permitting packets as directed by the access-list entries
(ACEs). When the log keyword is specified in an ACE, the router sends packet information to the
console.
The last line of an ACL is an implicit deny statement that appears to the router as:
deny any any
Cisco 10008 Router PRE4 Installation and Configuration Guide
38
Standard and extended ACLs
Named and numbered ACLs
Per-user ACLs
Time-based ACLs
OL-13840-01