Almost every aspect of the router's configuration can have debugging enabled. For example, we could say:

 debug chat

With debugging on, any chat script activity is logged to the router's console (or to the syslog server, if configured). To disable logging, use the undebug command:

 undebug chat

If you forget what debugging you turned on, use the undebug all command to turn all debugging off:

 undebug all

There is a debug all command, butunless you have major problemsthere is rarely a good need for it. When it is executed, all debug information possible is flooded to your screen. You'll be overwhelmed with data, even if logging is enabled. The best practice is to activate debugging only for the items in which you're interested.

16.3.1. Using Debugging in Practice

The debug command is an extremely powerful troubleshooting tool. Assume that you have a serial interface on a router named Baltimore. At the other end of this interface is a router named New-York with an IP address of You are having trouble communicating with the New-York router. One strategy for analyzing the problem is to enable IP packet debugging on the Baltimore router to see if packets from New-York are arriving. To do so, use the command debug ip packet:

 baltimore#debug ip packet
 IP packet debugging is on
 IP: s= (Serial0), d=, len 72, rcvd 2
 IP: s= (Serial1), d=, len 72, rcvd 2
 IP: s= (local), d= (Ethernet0), len 72, sending
 IP: s= (local), d= (Serial0), len 72, sending
 IP: s= (local), d= (Serial1), len 72, sending
 IP: s= (Serial0), d=, len 72, rcvd 2
 IP: s= (Serial1), d=, len 72, rcvd 2
 baltimore#undebug ip packet

This command is very dangerous: it produces a great deal of output and could render a busy router useless. The problem arises because logging debug messages takes priority in IOS. To get around this problem, we could use an access list to limit which packets are displayed. We will cover that trick in a moment.

The s field in the output indicates the source of the packets. This short transcript shows that we've received packets from a number of hosts, including two packets from the New-York router's IP address. Therefore, we are capable of receiving from the other end. Now that we have confirmed that we have communication between the two sites, we can troubleshoot other items, such as our routing configuration.

A safer way to use this commandone that doesn't risk overwhelming the router with its logging dutiesis to combine the debug command with an access list that limits which packets get displayed. In the following example, we set up an access list that controls which packets are logged:

 baltimore(config)#access-list 1 permit
 baltimore#debug ip packet 1
 IP packet debugging is on for access list 1

This command is still somewhat dangerous because you still don't know how much traffic will make it through the access list. But it's significantly less likely to cause problems than enabling packet debugging without some form of access control. Other debug commands aren't as dangerous; we can enable them with some level of confidence that the router won't be overworked. For example, let's debug RIP packets:

 baltimore#debug ip rip
 RIP protocol debugging is on
 1d07h: RIP: sending v1 update to via Ethernet0 (
 1d07h: subnet, metric 1
 1d07h: subnet, metric 1
 1d07h: RIP: sending v1 update to via Serial0 (
 1d07h: subnet, metric 1
 1d07h: subnet, metric 1
 1d07h: RIP: sending v1 update to via Serial1 (
 1d07h: subnet, metric 1
 1d07h: subnet, metric 1
 baltimore#undebug ip rip
 RIP protocol debugging is off

This output shows that we are sending RIP updates from each of our active interfaces. The next step is to see whether the end routers are receiving the updates. To check, you can turn on debugging on the remote routers, continuing until you have discovered the problem.

There are debug commands for just about everything within the router. When you need help, use the debug ? command to get you started. If you forget what you enabled, always remember that undebug all disables all debug output. The debug list command

The debug list command allows us to apply an access list or interface to a specific debug command. It's an effective way to control the load debugging places on your router and to limit the amount of debugging output you have to look through. This command takes an access list number or an interface name as an argument; it applies to the next debug statement. For example, assume that we're using EIGRP for routing and we're having problems communicating with the router at We could use the command debug ip eigrp, but that would bombard us with output for all the EIGRP routers. Instead, we first create an access list that permits traffic from We then use the debug list command to apply the access list to the following debug statement. Finally, we can give the command debug ip eigrp:

 router1#undebug all
 router1#config terminal
 router1(config)#access-list 10 permit host
 router1#debug list 10
 router1#debug ip eigrp
 IP-EIGRP Route Events debugging is on
 for access list: 10

The router responds by saying that EIGRP route event debugging is enabled for access list 10.

The debug list command can also apply to specific interfaces. In the next example, we limit the output from the debug ip eigrp command to EIGRP traffic through ethernet0:

 router1#undebug all
 router1#debug list ethernet0
 router1#debug ip packet
 IP-EIGRP Route Events debugging is on
 for interface: ethernet0

You can apply a debug list to just about any debugging command.

Getting Started

IOS Images and Configuration Files

Basic Router Configuration

Line Commands

Interface Commands

Networking Technologies

Access Lists

IP Routing Topics

Interior Routing Protocols

Border Gateway Protocol

Quality of Service

Dial-on-Demand Routing

Specialized Networking Topics

Switches and VLANs

Router Security

Troubleshooting and Logging

Quick Reference

Appendix A Network Basics


Cisco IOS in a Nutshell
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
ISBN: 0596008694
EAN: 2147483647
Year: 2006
Pages: 1031
Authors: James Boney © 2008-2020.
If you may any questions please contact us: