Central Site Remote Access Switch 551
T
RACE
M
ESSAGES
IP Filters Trace Messages
IP F
ILTERS
T
RACE
M
ESSAGES
You can trace packets that are discarded as a result of IP Filters. Enable this feature by using the
ip
filter trace discard
command, and disable it with
ip filter trace off
. Note that
when you enable this feature, the report log has the potential of filling quickly. Use the feature
wisely, and be sure to turn it off once you’ve completed your troubleshooting. Access the discarded
packet information via the report log by using the
dr
command.
Each discarded packet will cause a log report of the following format:
(F) _:_:_:_:# 9a00 [IPFILT] <filtername>/condition # at <application point name>/in/out
{IP} Src: xxx.xxx.xxx.xxx Dst: xxx.xxx.xxx.xxx Pr: n
{UDP} Src: n Dst: n
The first line indicates:
•
the number of the condition within that filter which matched the packet and consequently
caused a discard action,
•
the point at which the filter was applied, or a designation of global. For an IP network interface,
this will be the configured name of the interface. For a device-based filter, this will be the con-
figured device’s name.
•
In or Out, corresponding to INPUT or OUTPUT application.
The next lines contain a brief decode of the packet which was discarded. In particular, the packet
fields which comprise the packet type comparisons are displayed. The key IP fields are always
displayed on one line. If the IP protocol is one of the explicitly recognized values (ICMP, UDP,
TCP), the next line will contain a decode of the key fields of that protocol.
Sample IP Filter Trace Discard logs:
(I) 10:11:50.43
# 9A00:
[IPFILT] UDP/1 at Intf. lan/Out
(I) 10:11:50.43
# 9A00:
{IP} Src: 128.131.0.1 Dst: 128.131.0.7 Pr:17
(I) 10:11:50.43
# 9A00:
{UDP} Src: 5001 Dst: 69
•
Filter UDP, condition 1, applied at interface lan’s OUTPUT
(I) 10:11:50.71
# 9A00:
[IPFILT] ICMP/1 at Global
(I) 10:11:50.71
# 9A00:
{IP} Src: 0.0.0.0 Dst: 128.131.0.7 Pr:1
(I) 10:11:50.71
# 9A00:
{ICMP} Code: 8 Type: 0
•
Filter ICMP, condition 1, applied globally