Step 1 |
To enable the debug facility, enter this command:
-
debug packet logging enable {rx | tx | all} packet_count display_size
where
-
rx displays all received packets, tx displays all transmitted packets, and all displays both transmitted and received packets.
-
packet_count is the maximum number of packets to log. You can enter a value between 1 and 65535 packets, and the default value is 25 packets.
-
display_size is the number of bytes to display when printing a packet. By default, the entire packet is displayed.
Note
|
To disable the debug facility, enter this command: debug packet logging disable .
|
-
debug packet logging acl driver rule_index action npu_encap port
where
-
rule_index is a value between 1 and 6 (inclusive).
-
action is permit, deny, or disable.
-
npu_encap specifies the NPU encapsulation type, which determines how packets are filtered. The possible values include dhcp, dot11-mgmt,
dot11-probe, dot1x, eoip-ping, iapp, ip, lwapp, multicast, orphan-from-sta, orphan-to-sta, rbcp, wired-guest, or any.
-
port is the physical port for packet transmission or reception.
-
Use these commands to configure packet-logging ACLs:
debug packet logging acl eth rule_index action dst src type vlan
where
-
rule_index is a value between 1 and 6 (inclusive).
-
action is permit, deny, or disable.
-
dst is the destination MAC address.
-
src is the source MAC address.
-
type is the two-byte type code (such as 0x800 for IP, 0x806 for ARP). This parameter also accepts a few common string values such
as “ip” (for 0x800) or “arp” (for 0x806).
-
vlan is the two-byte VLAN ID.
-
debug packet logging acl ip rule_index action src dst proto src_port dst_port
where
-
proto is a numeric or any string recognized by getprotobyname(). The controller supports the following strings: ip, icmp, igmp,
ggp, ipencap, st, tcp, egp, pup, udp, hmp, xns-idp, rdp, iso-tp4, xtp, ddp, idpr-cmtp, rspf, vmtp, ospf, ipip, and encap.
-
src_port is the UDP/TCP two-byte source port (for example, telnet, 23) or “any.” The controller accepts a numeric or any string recognized
by getservbyname(). The controller supports the following strings: tcpmux, echo, discard, systat, daytime, netstat, qotd,
msp, chargen, ftp-data, ftp, fsp, ssh, telnet, smtp, time, rlp, nameserver, whois, re-mail-ck, domain, mtp, bootps, bootpc,
tftp, gopher, rje, finger, www, link, kerberos, supdup, hostnames, iso-tsap, csnet-ns, 3com-tsmux, rtelnet, pop-2, pop-3,
sunrpc, auth, sftp, uucp-path, nntp, ntp, netbios-ns, netbios-dgm, netbios-ssn, imap2, snmp, snmp-trap, cmip-man, cmip-agent,
xdmcp, nextstep, bgp, prospero, irc, smux, at-rtmp, at-nbp, at-echo, at-zis, qmtp, z3950, ipx, imap3, ulistserv, https, snpp,
saft, npmp-local, npmp-gui, and hmmp-ind.
-
dst_port is the UDP/TCP two-byte destination port (for example, telnet, 23) or “any.” The controller accepts a numeric or any string
recognized by getservbyname(). The controller supports the same strings as those for the src_port .
-
debug packet logging acl eoip-eth rule_index action dst src type vlan
-
debug packet logging acl eoip-ip rule_index action src dst proto src_port dst_port
-
debug packet logging acl lwapp-dot11 rule_index action dst src bssid snap_type
where
-
debug packet logging acl lwapp-ip rule_index action src dst proto src_port dst_port
Note
|
To remove all configured ACLs, enter this command: debug packet logging acl clear-all .
|
|