Introduction
This document describes the procedure to enable packet-trace on IOS-XE platform to capture Policy-Based Routing (PBR) traffic on Cisco's Integrated Service Router (ISR) 4000 series platform.
Contributed by Prathik Krishnappa, Cisco TAC Engineer.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Configure
Here is the configuration to enable packet-trace to debug PBR traffic:
PBR Configurations:
route-map PBR permit 10
match ip address 102
set ip next-hop 192.168.1.18
ip access-list extended 102
permit ip 192.168.1.0 0.0.3.255 any
permit ip 192.168.2.0 0.0.0.255 any
interface GigabitEthernet0/0/1
ip address 192.168.2.10 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip policy route-map PBR
load-interval 30
negotiation auto
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists):102
Set clauses:
ip next-hop 192.168.1.18
Policy routing matches: 500 packets, 400 bytes
- To debug particular subnet, create an access-list:
ip access-list ext 103
permit ip host 192.168.3.10 any
- Apply the access-list in the PBR:
route-map PBR
match ip address 103
- Perform conditional debug on the interface where PBR is applied:
debug platform condition interface gigabitethernet 0/0/1 ipv4 access-list 103 both
debug platform packet-trace packet 64
debug platform packet-trace packet 16 fia-trace
debug platform packet-trace enable
debug platform condition start
Initiate traffic from the subnet.
Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the commands used in this section.
Verify
There is currently no verification procedure available for this configuration.
Troubleshoot
This section provides information you can use in order to troubleshoot your configuration.
Router #sh debugging
IOSXE Conditional Debug Configs:
Conditional Debug Global State: Start
Conditions Direction
----------------------------------------------------------------------------------------------|---------
GigabitEthernet0/0/1 & IPV4 ACL [102] both
Feature Condition Type Value
-----------------------|-----------------------|--------------------------------
Feature Type Submode Level
------------|-------------|----------------------------------------------------------------------------------------------|----------
IOSXE Packet Tracing Configs:
debug platform packet-trace enable
debug platform packet-trace packet 16 fia-trace data-size 2048
Packet Infra debugs:
Ip Address Port
------------------------------------------------------|----------
show platform packet-trace packet 0 shows the first packet that is traced.
Summary shows that the input packe t is received on gig 0/0/1 and forwarded on to output interface gig 0/0/2 and the state is fwd.
In path trace you can find source and destination ip address.
To verify if the packet is policy based, check: IPV4_INPUT_PBR field.
Feature: FIA_TRACE
Entry : 0x10f81c00 - IPV4_INPUT_PBR
Lapsed time: 23220 ns
Router#sh platform packet-trace packet 0
Packet: 0 CBUG ID: 458151
Summary
Input : GigabitEthernet0/0/1
Output : GigabitEthernet0/0/2
State : FWD
Timestamp
Start : 355835562633335 ns (12/28/2016 08:11:52.433136 UTC)
Stop : 355835562660187 ns (12/28/2016 08:11:52.433163 UTC)
Path Trace
Feature: IPV4
Source : 192.168.3.10
Destination : 74.125.200.189
Protocol : 17 (UDP)
SrcPort : 56018
DstPort : 443
Feature: FIA_TRACE
Entry : 0x10f82018 - DEBUG_COND_INPUT_PKT
Lapsed time: 2060 ns
Feature: FIA_TRACE
Entry : 0x10f81c38 - IPV4_INPUT_SRC_LOOKUP_ISSUE
Lapsed time: 2160 ns
Feature: FIA_TRACE
Entry : 0x10f81c34 - IPV4_INPUT_DST_LOOKUP_CONSUME
Lapsed time: 3080 ns
Feature: FIA_TRACE
Entry : 0x10f81c2c - IPV4_INPUT_SRC_LOOKUP_CONSUME
Lapsed time: 700 ns
Feature: FIA_TRACE
Entry : 0x10f82000 - IPV4_INPUT_FOR_US_MARTIAN
Lapsed time: 800 ns
Feature: FIA_TRACE
Entry : 0x10f81c14 - IPV4_INPUT_FNF_FIRST
Lapsed time: 15280 ns
Feature: FIA_TRACE
Entry : 0x10f81ff4 - IPV4_INPUT_VFR
Lapsed time: 620 ns
Feature: FIA_TRACE
Entry : 0x10f81c00 - IPV4_INPUT_PBR
Lapsed time: 23220 ns
Feature: FIA_TRACE
Entry : 0x10f816f4 - IPV4_INPUT_TCP_ADJUST_MSS
Lapsed time: 1500 ns
Feature: FIA_TRACE
Entry : 0x10f81e90 - IPV4_INPUT_LOOKUP_PROCESS
Lapsed time: 5100 ns
Feature: FIA_TRACE
Related Information