|
|
Use the debug clns esis events EXEC command to display uncommon End System-to-Intermediate System (ES-IS) events, including previously unknown neighbors, neighbors that have aged out, and neighbors that have changed roles (ES to IS, for example). The no form of this command disables debugging output.
[no] debug clns esis eventsThe following is sample output from the debug clns esis events command:
Router# debug clns esis events
ES-IS: ISH from aa00.0400.2c05 (Ethernet1), HT 30 ES-IS: ESH from aa00.0400.9105 (Ethernet1), HT 150 ES-IS: ISH sent to All ESs (Ethernet1): NET 49.0001.AA00.0400.6904.00, HT 299, HLEN 20
The following line indicates that the router received a hello packet (ISH) from the IS at MAC address aa00.0400.2c05 on the Ethernet1 interface. The hold time (or number of seconds to consider this packet valid before deleting it) for this packet is 30 seconds.
ES-IS: ISH from aa00.0400.2c05 (Ethernet1), HT 30
The following line indicates that the router received a hello packet (ESH) from the ES at MAC address aa00.0400.9105 on the Ethernet1 interface. The hold time is 150 seconds.
ES-IS: ESH from aa00.0400.9105 (Ethernet1), HT 150
The following line indicates that the router sent an IS hello packet on the Ethernet0 interface to all ESs on the network. The network entity title (NET) address of the router is 49.0001.0400.AA00.6904.00; the hold time for this packet is 299 seconds; and the header length of this packet is 20 bytes.
ES-IS: ISH sent to All ESs (Ethernet1): NET 49.0001.AA00.0400.6904.00, HT 299, HLEN 20
Use the debug clns esis packets EXEC command to enable display information on End System-to-Intermediate System (ES-IS) packets that the router has received and sent. The no form of this command disables debugging output.
[no] debug clns esis packetsThe following is sample output from the debug clns esis packets command:
Router# debug clns esis packets ES-IS: ISH sent to All ESs (Ethernet0): NET 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00, HT 299, HLEN 33 ES-IS: ISH sent to All ESs (Ethernet1): NET 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00, HT 299, HLEN 34 ES-IS: ISH from aa00.0400.6408 (Ethernet0), HT 299 ES-IS: ISH sent to All ESs (Tunnel0): NET 47.0005.80ff.ef00.0000.0001.5940.1600.O906.4023.00, HT 299, HLEN 34 IS-IS: ESH from 0000.0c00.bda8 (Ethernet0), HT 300
The following line indicates that the router has sent an IS hello packet on Ethernet0 to all ESs on the network. This hello packet indicates that the NET of the router is 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00. The hold time for this packet is 299 seconds. The packet header is 33 bytes in length.
ES-IS: ISH sent to All ESs (Ethernet0): NET 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00, HT 299, HLEN 33
The following line indicates that the router has sent an IS hello packet on Ethernet1 to all ESs on the network. This hello packet indicates that the network entity title (NET) of the router is 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00. The hold time for this packet is 299 seconds. The packet header is 33 bytes in length.
ES-IS: ISH sent to All ESs (Ethernet1): NET 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00, HT 299, HLEN 34
The following line indicates that the router received a hello packet on Ethernet0 from an intermediate system, aa00.0400.6408. The hold time for this packet is 299 seconds.
ES-IS: ISH from aa00.0400.6408 (Ethernet0), HT 299
The following line indicates that the router has sent an IS hello packet on Tunnel0 to all ESs on the network. This hello packet indicates that the NET of the router is 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00. The hold time for this packet is 299 seconds. The packet header is 33 bytes in length.
ES-IS: ISH sent to All ESs (Tunnel0): NET 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00, HT 299, HLEN 34
The following line indicates that on Ethernet0, the router received a hello packet from an end system with an SNPA of 0000.0c00.bda8. The hold time for this packet is 300 seconds.
IS-IS: ESH from 0000.0c00.bda8 (Ethernet0), HT 300
Use the debug clns events EXEC command to display CLNS events that are occurring at the router. The no form of this command disables debugging output.
[no] debug clns eventsThe following is sample output from the debug clns events command:
Router# debug clns events
CLNS: Echo PDU received on Ethernet3 from 39.0001.2222.2222.2222.00!
CLNS: Sending from 39.0001.3333.3333.3333.00 to 39.0001.2222.2222.2222.00
via 2222.2222.2222 (Ethernet3 0000.0c00.3a18)
CLNS: Forwarding packet size 117
from 39.0001.2222.2222.2222.00
to 49.0002.0001.AAAA.AAAA.AAAA.00
via 49.0002 (Ethernet3 0000.0c00.b5a3)
CLNS: RD Sent on Ethernet3 to 39.0001.2222.2222.2222.00 @ 0000.0c00.3a18,
redirecting 49.0002.0001.AAAA.AAAA.AAAA.00 to 0000.0c00.b5a3
The following line indicates that the router received an echo PDU on Ethernet3 from source network service access point (NSAP) 39.0001.2222.2222.2222.00. The exclamation point at the end of the line has no significance.
CLNS: Echo PDU received on Ethernet3 from 39.0001.2222.2222.2222.00!
The following lines indicate that the router at source NSAP 39.0001.3333.3333.3333.00 is sending a CLNS echo packet to destination NSAP 39.0001.2222.2222.2222.00 via an IS with system ID 2222.2222.2222. The packet is being sent on the Ethernet3 interface, with a MAC address of 0000.0c00.3a18.
CLNS: Sending from 39.0001.3333.3333.3333.00 to 39.0001.2222.2222.2222.00
via 2222.2222.2222 (Ethernet3 0000.0c00.3a18)
The following lines indicate that a CLNS echo packet 117 bytes in size is being sent from source NSAP 39.0001.2222.2222.2222.00 to destination NSAP 49.0002.0001.AAAA.AAAA.AAAA.00 via the router at NSAP 49.0002. The packet is being forwarded on the Ethernet3 interface, with a MAC address of 0000.0c00.b5a3.
CLNS: Forwarding packet size 117
from 39.0001.2222.2222.2222.00
to 49.0002.0001.AAAA.AAAA.AAAA.00
via 49.0002 (Ethernet3 0000.0c00.b5a3)
The following lines indicate that the router sent a redirect packet on the Ethernet3 interface to the NSAP 39.0001.2222.2222.2222.00 at MAC address 0000.0c00.3a18 to indicate that NSAP 49.0002.0001.AAAA.AAAA.AAAA.00 can be reached at MAC address 0000.0c00.b5a3.
CLNS: RD Sent on Ethernet3 to 39.0001.2222.2222.2222.00 @ 0000.0c00.3a18,
redirecting 49.0002.0001.AAAA.AAAA.AAAA.00 to 0000.0c00.b5a3
Use the debug clns igrp packets EXEC command to display debugging information on all ISO-IGRP routing activity. The no form of this command disables debugging output.
[no] debug clns igrp packetsThe following is sample output from the debug clns igrp packets command:
Router# debug clns igrp packets
ISO-IGRP: Hello sent on Ethernet3 for DOMAIN_green1 ISO-IGRP: Received hello from 39.0001.3333.3333.3333.00, (Ethernet3), ht 51 ISO-IGRP: Originating level 1 periodic update ISO-IGRP: Advertise dest: 2222.2222.2222 ISO-IGRP: Sending update on interface: Ethernet3 ISO-IGRP: Originating level 2 periodic update ISO-IGRP: Advertise dest: 0001 ISO-IGRP: Sending update on interface: Ethernet3 ISO-IGRP: Received update from 3333.3333.3333 (Ethernet3) ISO-IGRP: Opcode: area ISO-IGRP: Received level 2 adv for 0001 metric 1100 ISO-IGRP: Opcode: station ISO-IGRP: Received level 1 adv for 3333.3333.3333 metric 1100
The following line indicates that the router is sending a hello packet to advertise its existence in the DOMAIN_green1 domain:
ISO-IGRP: Hello sent on Ethernet3 for DOMAIN_green1
The following line indicates that the router received a hello packet from a certain network service access point (NSAP) on the Ethernet3 interface. The hold time for this information is 51 seconds.
ISO-IGRP: Received hello from 39.0001.3333.3333.3333.00, (Ethernet3), ht 51
The following lines indicate that the router is generating a Level 1 update to advertise reachability to destination NSAP 2222.2222.2222 and that it is sending that update to all systems that can be reached through the Ethernet3 interface:
ISO-IGRP: Originating level 1 periodic update ISO-IGRP: Advertise dest: 2222.2222.2222 ISO-IGRP: Sending update on interface: Ethernet3
The following lines indicate that the router is generating a Level 2 update to advertise reachability to destination area 1 and that it is sending that update to all systems that can be reached through the Ethernet3 interface:
ISO-IGRP: Originating level 2 periodic update ISO-IGRP: Advertise dest: 0001 ISO-IGRP: Sending update on interface: Ethernet3
The following lines indicate that the router received an update from NSAP 3333.3333.3333 on Ethernet3. This update indicated the area the router at this NSAP could reach.
ISO-IGRP: Received update from 3333.3333.3333 (Ethernet3) ISO-IGRP: Opcode: area
The following lines indicate that the router received an update advertising that the source of that update can reach area 1 with a metric of 1100. A station opcode indicates that the update included system addresses.
ISO-IGRP: Received level 2 adv for 0001 metric 1100 ISO-IGRP: Opcode: station
Use the debug clns packet EXEC command to display information about packet receipt and forwarding to the next interface. The no form of this command disables debugging output.
[no] debug clns packetThe following is sample output from the debug clns packet command:
Router# debug clns packet
CLNS: Forwarding packet size 157 from 47.0023.0001.0000.0000.0003.0001.1920.3614.3002.00 STUPI-RBS to 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4017.00 via 1600.8906.4017 (Ethernet0 0000.0c00.bda8) CLNS: Echo PDU received on Ethernet0 from 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4017.00! CLNS: Sending from 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00 to 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4017.00 via 1600.8906.4017 (Ethernet0 0000.0c00.bda8)
In the following lines, the first line indicates that a Connectionless Network Service (CLNS) packet of size 157 bytes is being forwarded. The second line indicates the network service access point (NSAP) and system name of the source of the packet. The third line indicates the destination NSAP for this packet. The fourth line indicates the next-hop system ID, interface, and SNPA of the router interface used to forward this packet.
CLNS: Forwarding packet size 157 from 47.0023.0001.0000.0000.0003.0001.1920.3614.3002.00 STUPI-RBS to 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4017.00 via 1600.8906.4017 (Ethernet0 0000.0c00.bda8)
In the following lines, the first line indicates that the router received an Echo PDU on the specified interface from the source NSAP. The second line indicates which source NSAP is used to send a CLNS packet to the destination NSAP, as shown on the third line. The fourth line indicates the next-hop system ID, interface, and SNPA of the router interface used to forward this packet.
CLNS: Echo PDU received on Ethernet0 from 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4017.00! CLNS: Sending from 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4023.00 to 47.0005.80ff.ef00.0000.0001.5940.1600.8906.4017.00 via 1600.8906.4017 (Ethernet0 0000.0c00.bda8)
Use the debug clns routing EXEC command to display debugging information for all Connectionless Network Service (CLNS) routing cache updates and activities involving the CLNS routing table. The no form of this command disables debugging output.
[no] debug clns routingThe following is sample output from the debug clns routing command:
Router# debug clns routing
CLNS-RT: cache increment:17 CLNS-RT: Add 47.0023.0001.0000.0000.0003.0001 to prefix table, next hop 1920.3614.3002 CLNS-RT: Aging cache entry for: 47.0023.0001.0000.0000.0003.0001.1920.3614.3002.06 CLNS-RT: Deleting cache entry for: 47.0023.0001.0000.0000.0003.0001.1920.3614.3002.06
The following line indicates that a change to the routing table has resulted in an addition to the fast-switching cache:
CLNS-RT: cache increment:17
The following line indicates that a specific prefix route was added to the routing table, and indicates the next-hop system ID to that prefix route. In other words, when the router receives a packet with the prefix 47.0023.0001.0000.0000.0003.0001 in that packet's destination address, it forwards that packet to the router with the MAC address 1920.3614.3002.
CLNS-RT: Add 47.0023.0001.0000.0000.0003.0001 to prefix table, next hop 1920.3614.3002
The following lines indicate that the fast-switching cache entry for a certain network service access point (NSAP) has been invalidated and then deleted:
CLNS-RT: Aging cache entry for: 47.0023.0001.0000.0000.0003.0001.1920.3614.3002.06 CLNS-RT: Deleting cache entry for: 47.0023.0001.0000.0000.0003.0001.1920.3614.3002.06
Use the debug cls message EXEC command to display information about Cisco Link Services (CLS) messages. The no form of this command disables debugging output.
[no] debug cls messageThe debug cls message command displays the primitives (state), selector, header length, and data size.
The following is sample output from the debug cls message command. For example, CLS-->DLU indicates the direction of the flow that is described by the status. From CLS to DLU, a request was established to the connection end point. The header length is 48 bytes, and the data size is 104 bytes.
Router# debug cls message
(FRAS Daemon:CLS-->DLU): ID_STN.Ind to uSAP: 0x607044C4 sel: LLC hlen: 40, dlen: 54 (FRAS Daemon:CLS-->DLU): ID_STN.Ind to uSAP: 0x6071B054 sel: LLC hlen: 40, dlen: 46 (FRAS Daemon:DLU-->SAP): REQ_OPNSTN.Req to pSAP: 0x608021F4 sel: LLC hlen: 48, dlen: 104 (FRAS Daemon:CLS-->DLU): REQ_OPNSTN.Cfm(NO_REMOTE_STN) to uCEP: 0x607FFE84 sel: LLC hlen: 48, dlen: 104
The status possibilities include the following: enabled, disabled, request open station, open station, close station, activate SA, deactivate SAP, XID, XID station, connect station, signal station, connect, disconnect, connected, data, flow, unnumbered data, modify SAP, test, activate ring, deactivate ring, test station, and unnumbered data station.
debug fras error
debug fras message
debug fras state
 | Caution Use the debug cls vdlc command with caution because it can generate a significant amount of output. |
The debug cls message command displays primitive state transitions, selector, and source and destination media access control (MAC) and service access points (SAPs).
Also use the show cls command to display additional information on CLS VDLC.
The following messages are sample output from the debug cls vdlc command. In the following scenario, the SNA service point---also called native service point (NSP)---is setting up two connections through VDLC and data link switching (DLSw): one from NSP to VDLC and one from DLSw to VDLC. VDLC's task is to join the two.
The NSP initiates a connection from 4000.05d2.0001 as follows:
VDLC: Req Open Stn Req PSap 0x7ACE00, port 0x79DF98 4000.05d2.0001(0C)->4000.1060.1000(04)
In the next message, VDLC sends a test station request to DLSw for destination address 4000.1060.1000.
VDLC: Send UFrame E3: 4000.05d2.0001(0C)->4000.1060.1000(00)
In the next two messages, DLSw replies with test station response, and NSP goes to a half-open state. NSP is waiting for the DLSw connection to VDLC.
VDLC: Sap to Sap TEST_STN_RSP VSap 0x7B68C0 4000.1060.1000(00)->4000.05d2.0001(0C) VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_OPENING->VDLC_HALF_OPEN
The NSP sends an exchange identification (XID) and changes state as follows:
VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_HALF_OPEN->VDLC_XID_RSP_PENDING VDLC: CEP to SAP ID_REQ 4000.05d2.0001(0C)->4000.1060.1000(04) via bridging SAP (DLSw)
In the next several messages, DLSw initiates its connection, which matches the half-open connection with NSP.
VDLC: Req Open Stn Req PSap 0x7B68C0, port 0x7992A0 4000.1060.1000(04)->4000.05d2.0001(0C) VDLC: two-way connection established VDLC: 4000.1060.1000(04)->4000.05d2.0001(0C): VDLC_IDLE->VDLC_OPEN
In the following messages, DLSw sends an XID response, and NSP's connection goes from the state XID Response Pending to Open. The XID exchange follows:
VDLC: CEP to CEP ID_RSP 4000.1060.1000(04)->4000.05d2.0001(0C) VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_XID_RSP_PENDING->VDLC_OPEN VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_OPEN->VDLC_XID_RSP_PENDING VDLC: CEP to CEP ID_REQ 4000.05d2.0001(0C)->4000.1060.1000(04) VDLC: CEP to CEP ID_RSP 4000.1060.1000(04)->4000.05d2.0001(0C) VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_XID_RSP_PENDING->VDLC_OPEN VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_OPEN->VDLC_XID_RSP_PENDING VDLC: CEP to CEP ID_REQ 4000.05d2.0001(0C)->4000.1060.1000(04) VDLC: CEP to CEP ID_RSP 4000.1060.1000(04)->4000.05d2.0001(0C) VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_XID_RSP_PENDING->VDLC_OPEN VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_OPEN->VDLC_XID_RSP_PENDING VDLC: CEP to CEP ID_REQ 4000.05d2.0001(0C)->4000.1060.1000(04) VDLC: CEP to CEP ID_RSP 4000.1060.1000(04)->4000.05d2.0001(0C) VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_XID_RSP_PENDING->VDLC_OPEN VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_OPEN->VDLC_XID_RSP_PENDING VDLC: CEP to CEP ID_REQ 4000.05d2.0001(0C)->4000.1060.1000(04)
When DLSw is ready to connect, the front-end processor (FEP) sends a set asynchronous balanced mode extended (SABME) command as follows:
VDLC: CEP to CEP CONNECT_REQ 4000.1060.1000(04)->4000.05d2.0001(0C) VDLC: 4000.05d2.0001(0C)->4000.1060.1000(04): VDLC_XID_RSP_PENDING->VDLC_OPEN
In the following messages, NSP accepts the connection and sends an unnumbered acknowledgment (UA) to the FEP:
VDLC: CEP to CEP CONNECT_RSP 4000.05d2.0001(0C)->4000.1060.1000(04) VDLC: FlowReq QUENCH OFF 4000.1060.1000(04)->4000.05d2.0001(0C)
The following messages show the data flow:
VDLC: DATA 4000.1060.1000(04)->4000.05d2.0001(0C) VDLC: DATA 4000.05d2.0001(0C)->4000.1060.1000(04) ... VDLC: DATA 4000.1060.1000(04)->4000.05d2.0001(0C) VDLC: DATA 4000.05d2.0001(0C)->4000.1060.1000(04)
debug cls message
debug dlsw core message
The following is sample output from the debug compress command:
Router# debug compress
DECOMPRESS xmt_paks 5 rcv_sync 5
COMPRESS xmt_paks 10 version 1
COMPRESS xmt_paks 11 version 1
DECOMPRESS xmt_paks 6 rcv_sync 6
COMPRESS xmt_paks 12 version 1
COMPRESS xmt_paks 13 version 1
DECOMPRESS xmt_paks 7 rcv_sync 7
COMPRESS xmt_paks 14 version 1
COMPRESS xmt_paks 15 version 1
Table 26 describes significant debug compress output fields.
| Field | Description |
|---|---|
DECOMPRESS xmt_paks | The sequence count in the compression header received with this frame. |
COMPRESS xmt_paks | The sequence count of this frame is modulo 256 (except zero only occurs on initialization). This value is part of the compression header sent with each frame. |
DECOMPRESS rcv_sync | The received internal sequence count, which is verified against the DECOMPRESS xmt_paks count. If these counts do not match, a Link Access Procedure, Balanced (LAPB) reset will occur. On LAPB reset, a compression reinitialization occurs. Compression reinitialization initializes the dictionaries and xmt_paks and rcv_sync counts. |
To limit output for some debugging commands based on specified conditions, use the debug condition EXEC command. The no form of this command removes the specified condition.
debug condition {username username | called dial-string | caller dial-string}
username username | Generates debugging messages for interfaces with the specified username. |
called dial-string | Generates debugging messages for interfaces with the called party number. |
caller dial-string | Generates debugging messages for interfaces with the calling party number. |
condition-id | Removes the condition indicated. |
all | Removes all debugging conditions, conditions specified by the debug condition interface command. Use this keyword to disable conditional debugging and reenable debugging for all interfaces. |
All debugging messages for enabled protocol-specific debug commands are generated.
Use the debug condition command to restrict the debug output for some commands. If any debug condition commands are enabled, output is only generated for interfaces associated with the specified username, called party number, or calling party number. In addition, this command enables debugging output for conditional debugging events. Messages are displayed as different interfaces meet specific conditions.
The no form of this command removes the debug condition specified by the condition identifier. The condition identifier is displayed after you enter a debug condition command or in the output of the show debug condition command. If the last condition is removed, debugging output resumes for all interfaces. You will be asked for confirmation before removing the last condition or all conditions.
Not all debugging output is affected by the debug condition command. Some commands generate output whenever they are enabled, regardless of whether or not they meet any conditions. The commands that are affected by the debug condition commands are generally related to dial access functions, where a large amount of output is expected. Output from the following commands is controlled by the debug condition command:
In the following example, the router only displays debugging messages for interfaces that use a username of fred. The condition identifier displayed after the command is entered identifies this particular condition.
Router# debug condition username fred
Condition 1 set
debug condition interface
show debug condition
To limit output for some debugging commands based on the interface, use the debug condition interface EXEC command. The no form of this command removes the interface condition and resets the interface so that it must be triggered by a condition.
debug condition interface interface
interface | Interface type and number. |
all | All interfaces. |
All debug messages for enabled debugging commands are displayed.
Use this command to restrict the debug output for some commands to output based on its related interface. When you enter this command, debugging output is turned off for all interfaces except the specified interface. In addition, this command enables debugging output for conditional debugging events. Messages are displayed as different interfaces meet specific conditions.
The no form of the command has two functions:
You will be asked for confirmation before removing the last condition or all conditions.
Not all debugging output is affected by the debug condition command. Some commands generate output whenever they are enabled, regardless of whether or not they meet any conditions. The commands that are affected by the debug condition commands are generally related to dial access functions, where a large amount of output is expected. Output from the following commands is controlled by the debug condition command:
In this example, only debug command output related to serial interface 1 is displayed. The condition identifier for this command is 1.
Router# debug condition interface serial1
Condition 1 set
debug condition
show debug condition
Use the debug confmodem EXEC command to display information associated with the discovery and configuration of the modem attached to the router. The no form of this command disables debugging output.
[no] debug confmodemThe debug confmodem command is used in debugging configurations that use the modem autoconfig command.
The following is sample output from the debug confmodem command. In the first three lines, the router is searching for a speed at which it can communicate with the modem. The remaining lines show the actual sending of the modem command.
Router# debug confmodem
TTY4:detection speed(115200) response ------ TTY4:detection speed(57600) response ------ TTY4:detection speed(38400) response ---OK--- TTY4:Modem command: --AT&F&C1&D2S180=3S190=1S0=1-- TTY4: Modem configuration succeeded TTY4: Done with modem configuration
The CPP protocol allows a router to engage in negotiation over an ISDN B channel to establish connections with a Combinet bridge.
The debug cpp event command displays events such as CPP sequencing, group creation, and keepalives.
One or more of the messages in Table 27 appear when you use the debug cpp event command. Each message begins with the short name of the interface the event occurred on (for example, SERIAL0:1 or BRI0:1) and might contain one or more packet sequence numbers or remote site names.
| Message | Description |
|---|---|
BRI0:1: negotiation complete | The call was set up on the interface (in this example, BRI0:1). |
BRI0:1: negotiation timed out | The call timed out. |
BRI0:1: sending negotiation packet | The negotiation packet was sent to set up the call. |
BRI0:1: out of sequence packet - got 10, range 1 8 | A packet was received that was out of sequence. The first number displayed in the message is the sequence number received and the following numbers are the range of valid sequence numbers. |
BRI0:1: Sequence timer expired - Lost 11 Trying sequence 12 | The timer expired before the packet was received. The first number displayed in the message is the sequence number of the packet that was lost, and the second number is the next sequence number. |
BRI0:1: Line Integrity Violation | This message occurs when the router fails to maintain keepalives. |
BRI0:1: create cpp group ber19 | This message occurs when a dialer group is created on the remote site (in this example, ber19). |
debug cpp negotiation
debug cpp packet
The CPP protocol allows a router to engage in negotiation over an ISDN B channel to establish connections with a Combinet bridge.
The debug cpp negotiation command displays events such as the type of packet and packet size being sent.
The following is sample output from the debug cpp negotiation command. In this example, a sample connection is shown.
Router# debug cpp negotiation
%LINK-3-UPDOWN: Interface BRI0: B-Channel 2, changed state to down %LINK-3-UPDOWN: Interface BRI0, changed state to up %SYS-5-CONFIG_I: Configured from console by console %LINK-3-UPDOWN: Interface BRI0: B-Channel 1, changed state to up BR0:1:(I) NEG packet - len 77 attempting proto:2 ether id:0040.f902.c7b4 port 1 number:5559876 port 2 number:5559876 origination port:1 remote name:berl9 password is correct
Table 28 describes the fields and messages in the output.
| Field | Description |
|---|---|
BR0:1 (I) NEG packet - len 77 | Interface name, packet type, and packet size. |
attempting proto: | CPP protocol type. |
ether id: | Ethernet address of the destination router. |
port 1 number: | ISDN phone number of remote B channel #1. |
port 2 number: | ISDN phone number of remote B channel #2. |
origination port: | B channel 1 or 2 called. |
remote name: | Remote site name to which this call is connecting. |
password is correct | Password is accepted so the connection is established. |
debug cpp event
debug cpp packet
The CPP protocol allows a router to engage in negotiation over an ISDN B channel to establish connections with a Combinet bridge.
The debug cpp packet command displays the hexadecimal values of the packets.
The following is sample output from the debug cpp packet command. This example shows the interface name, packet type, packet size, and the hexadecimal values of the packet.
Router# debug cpp packet
BR0:1:input packet - len 60 00 00 00 00 00 00 00 40 F9 02 C7 B4 08 0.!6 00 01 08 00 06 04 00 02 00 40 F9 02 C7 B4 83 6C A1 02!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 64/66/68 ms BR0:1 output packet - len 116 06 00 00 40 F9 02 C7 B4 00 00 0C 3E 12 3A 08 00 45 00 00 64 00 01 00 00 FF 01 72 BB 83 6C A1 01
debug cpp event
debug cpp negotiation
The following is sample output from the debug crypto ipsec command. In this example, security associations (SAs) have been successfully established.
Router#debug crypto ipsec
IPSec requests SAs between 172.21.114.123 and 172.21.114.67, on behalf of the permit ip host 172.21.114.123 host 172.21.114.67 command. It prefers to use the transform set esp-des w/esp-md5-hmac, but it will also consider ah-sha-hmac.
00:24:30: IPSEC(sa_request): ,
(key eng. msg.) src= 172.21.114.123, dest= 172.21.114.67,
src_proxy= 172.21.114.123/255.255.255.255/0/0 (type=1),
dest_proxy= 172.21.114.67/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 120s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
00:24:30: IPSEC(sa_request): ,
(key eng. msg.) src= 172.21.114.123, dest= 172.21.114.67,
src_proxy= 172.21.114.123/255.255.255.255/0/0 (type=1),
dest_proxy= 172.21.114.67/255.255.255.255/0/0 (type=1).,
protocol= AH, transform= ah-sha-hmac ,
lifedur= 120s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0.
IKE asks for SPIs from IPSec. For inbound security associations, IPSec controls its own SPI space.
00:24:34: IPSEC(key_engine): got a queue event...
00:24:34: IPSEC(spi_response): getting spi 302974012ld for SA
from 172.21.114.67 to 172.21.114.123 for prot 3
00:24:34: IPSEC(spi_response): getting spi 525075940ld for SA
from 172.21.114.67 to 172.21.114.123 for prot 2
IKE will ask IPSec if it accepts the SA proposal. In this case, it will be the one sent by the local IPSec in the first place.
00:24:34: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 172.21.114.67, src= 172.21.114.123,
dest_proxy= 172.21.114.67/255.255.255.255/0/0 (type=1),
src_proxy= 172.21.114.123/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
After the proposal is accepted, IKE finishes the negotiations, generates the keying material, and then notifies IPSec of the new security associations (one security association for each direction).
00:24:35: IPSEC(key_engine): got a queue event...
The following output pertains to the inbound SA. The conn_id value references an entry in the crypto engine connection table.
00:24:35: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 172.21.114.123, src= 172.21.114.67,
dest_proxy= 172.21.114.123/255.255.255.255/0/0 (type=1),
src_proxy= 172.21.114.67/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 120s and 4608000 kb,
spi= 0x120F043C(302974012), conn_id= 29, keysize= 0, flags= 0x4
The following output pertains to the outbound SA:
00:24:35: IPSEC(initialize_sas): ,
(key eng. msg.) src= 172.21.114.123, dest= 172.21.114.67,
src_proxy= 172.21.114.123/255.255.255.255/0/0 (type=1),
dest_proxy= 172.21.114.67/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 120s and 4608000kb,
spi= 0x38914A4(59315364), conn_id= 30, keysize= 0, flags= 0x4
IPSec now installs the security association information into its security association database.
00:24:35: IPSEC(create_sa): sa created,
(sa) sa_dest= 172.21.114.123, sa_prot= 50,
sa_spi= 0x120F043C(302974012),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 29
00:24:35: IPSEC(create_sa): sa created,
(sa) sa_dest= 172.21.114.67, sa_prot= 50,
sa_spi= 0x38914A4(59315364),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 30
The following is sample output for the debug crypto ipsec command as seen on the peer router. In this example, IKE asks IPSec if it will accept an SA proposal. Although the peer sent two proposals, IPSec accepted the first proposal.
00:26:15: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 172.21.114.67, src= 172.21.114.123,
dest_proxy= 172.21.114.67/255.255.255.255/0/0 (type=1),
src_proxy= 172.21.114.123/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
IKE asks for SPIs.
00:26:15: IPSEC(key_engine): got a queue event...
00:26:15: IPSEC(spi_response): getting spi 59315364ld for SA
from 172.21.114.123 to 172.21.114.67 for prot 3
IKE does the remaining processing, completing the negotiation and generating keys. It then tells IPSec about the new SAs.
00:26:15: IPSEC(key_engine): got a queue event...
The following output pertains to the inbound SA:
00:26:15: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 172.21.114.67, src= 172.21.114.123,
dest_proxy= 172.21.114.67/0.0.0.0/0/0 (type=1),
src_proxy= 172.21.114.123/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 120s and 4608000kb,
spi= 0x38914A4(59315364), conn_id= 25, keysize= 0, flags= 0x4
The following output pertains to the outbound SA:
00:26:15: IPSEC(initialize_sas): ,
(key eng. msg.) src= 172.21.114.67, dest= 172.21.114.123,
src_proxy= 172.21.114.67/0.0.0.0/0/0 (type=1),
dest_proxy= 172.21.114.123/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 120s and 4608000kb,
spi= 0x120F043C(302974012), conn_id= 26, keysize= 0, flags= 0x4
IPSec now installs the security association information into its security association database.
00:26:15: IPSEC(create_sa): sa created,
(sa) sa_dest= 172.21.114.67, sa_prot= 50,
sa_spi= 0x38914A4(59315364),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 25
00:26:15: IPSEC(create_sa): sa created,
(sa) sa_dest= 172.21.114.123, sa_prot= 50,
sa_spi= 0x120F043C(302974012),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 26
The following is sample output from the debug crypto isakmp command for an IKE peer that initiates an IKE negotiation.
First, IKE negotiates its own security association (SA), checking for a matching IKE policy:
MyRouter# debug crypto isakmp
20:26:58: ISAKMP (8): beginning Main Mode exchange 20:26:58: ISAKMP (8): processing SA payload. message ID = 0 20:26:58: ISAKMP (8): Checking ISAKMP transform 1 against priority 10 policy 20:26:58: ISAKMP: encryption DES-CBC 20:26:58: ISAKMP: hash SHA 20:26:58: ISAKMP: default group 1 20:26:58: ISAKMP: auth pre-share 20:26:58: ISAKMP (8): atts are acceptable. Next payload is 0
IKE has found a matching policy. Next, the IKE SA is used by each peer to authenticate the other peer:
20:26:58: ISAKMP (8): SA is doing pre-shared key authentication 20:26:59: ISAKMP (8): processing KE payload. message ID = 0 20:26:59: ISAKMP (8): processing NONCE payload. message ID = 0 20:26:59: ISAKMP (8): SKEYID state generated 20:26:59: ISAKMP (8): processing ID payload. message ID = 0 20:26:59: ISAKMP (8): processing HASH payload. message ID = 0 20:26:59: ISAKMP (8): SA has been authenticated
Next, IKE negotiates to set up the IPSec SA by searching for a matching transform set:
20:26:59: ISAKMP (8): beginning Quick Mode exchange, M-ID of 767162845 20:26:59: ISAKMP (8): processing SA payload. message ID = 767162845 20:26:59: ISAKMP (8): Checking IPSec proposal 1 20:26:59: ISAKMP: transform 1, ESP_DES 20:26:59: ISAKMP: attributes in transform: 20:26:59: ISAKMP: encaps is 1 20:26:59: ISAKMP: SA life type in seconds 20:26:59: ISAKMP: SA life duration (basic) of 600 20:26:59: ISAKMP: SA life type in kilobytes 20:26:59: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 20:26:59: ISAKMP: authenticator is HMAC-MD5 20:26:59: ISAKMP (8): atts are acceptable.
A matching IPSec transform set has been found at the two peers. Now the IPSec SA can be created (one SA is created for each direction):
20:26:59: ISAKMP (8): processing NONCE payload. message ID = 767162845 20:26:59: ISAKMP (8): processing ID payload. message ID = 767162845 20:26:59: ISAKMP (8): processing ID payload. message ID = 767162845 20:26:59: ISAKMP (8): Creating IPSec SAs 20:26:59: inbound SA from 155.0.0.2 to 155.0.0.1 (proxy 155.0.0.2 to 155.0.0.1 ) 20:26:59: has spi 454886490 and conn_id 9 and flags 4 20:26:59: lifetime of 600 seconds 20:26:59: lifetime of 4608000 kilobytes 20:26:59: outbound SA from 155.0.0.1 to 155.0.0.2 (proxy 155.0.0.1 to 155.0.0.2 ) 20:26:59: has spi 75506225 and conn_id 10 and flags 4 20:26:59: lifetime of 600 seconds 20:26:59: lifetime of 4608000 kilobytes
Encryption and authentication are provided by a software service on the router called a crypto engine. The crypto engine performs authentication through DSS public and private keys when a connection is set up. DSS is a means of sending a "signature" at the end of a message that positively identifies the author of the message. The signature cannot be forged or duplicated by others, so whoever received a message with a DSS signature knows exactly who sent the message.
If the process of exchanging DSS public keys with a peer router by means of the config crypto key-exchange command is not successful, try to exchange DSS public keys again after enabling the debug crypto key-exchange command to help you diagnose the problem.
The following is sample output from the debug crypto key-exchange command. The first shows output from the initiating router in a key exchange. The second shows output from the passive router in a key exchange. The number of bytes received should match the number of bytes sent from the initiating side, although the number of messages can be different.
Router# debug crypto key-exchange
CRYPTO-KE: Sent 4 bytes. CRYPTO-KE: Sent 2 bytes. CRYPTO-KE: Sent 2 bytes. CRYPTO-KE: Sent 2 bytes. CRYPTO-KE: Sent 64 bytes. Router# debug crypto key-exchange
CRYPTO-KE: Received 4 bytes. CRYPTO-KE: Received 2 bytes. CRYPTO-KE: Received 2 bytes. CRYPTO-KE: Received 2 bytes. CRYPTO-KE: Received 49 bytes. CRYPTO-KE: Received 15 bytes.
Encryption and authentication are provided by a software service on the router called a crypto engine. The crypto engine performs authentication through DSS public and private keys when a connection is set up. DSS is a means of sending a "signature" at the end of a message that positively identifies the author of the message. The signature cannot be forged or duplicated by others, so whoever receives a message with a DSS signature knows exactly who sent the message.
When connections are not completing, use the debug crypto sesmgmt command to follow the progress of connection messages as a first step in diagnosing the problem. You see a record of each connection message as the router discovers it, and can track its progress through the necessary signing, verifying, and encryption session setup operations. Other significant connection setup events, such as the pregeneration of Diffie-Hellman public numbers, are also shown. For information on Diffie-Hellman public numbers, refer to the Security Configuration Guide.
Also use the show crypto connections command to display additional information on connections.
The following is sample output from the debug crypto sesmgmt command. The first shows messages from a router that initiates a successful connection. The second shows messages from a router that receives a connection.
Router# debug crypto sesmgmt
CRYPTO: Dequeued a message: Inititate_Connection CRYPTO: DH gen phase 1 status for conn_id 2 slot 0:OK CRYPTO: Signing done. Status:OK CRYPTO: ICMP message sent: s=172.21.114.163, d=172.21.114.162 CRYPTO-SDU: send_nnc_req: NNC Echo Request sent CRYPTO: Dequeued a message: CRM CRYPTO: DH gen phase 2 status for conn_id 2 slot 0:OK CRYPTO: Verify done. Status=OK CRYPTO: Signing done. Status:OK CRYPTO: ICMP message sent: s=172.21.114.163, d=172.21.114.162 CRYPTO-SDU: recv_nnc_rpy: NNC Echo Confirm sent CRYPTO: Create encryption key for conn_id 2 slot 0:OK CRYPTO: Replacing -2 in crypto maps with 2 (slot 0) Router# debug crypto sesmgmt
CRYPTO: Dequeued a message: CIM CRYPTO: Verify done. Status=OK CRYPTO: DH gen phase 1 status for conn_id 1 slot 0:OK CRYPTO: DH gen phase 2 status for conn_id 1 slot 0:OK CRYPTO: Signing done. Status:OK CRYPTO: ICMP message sent: s=172.21.114.162, d=172.21.114.163 CRYPTO-SDU: act_on_nnc_req: NNC Echo Reply sent CRYPTO: Create encryption key for conn_id 1 slot 0:OK CRYPTO: Replacing -2 in crypto maps with 1 (slot 0) CRYPTO: Dequeued a message: CCM CRYPTO: Verify done. Status=OK
Use the debug dbconn all privileged EXEC command to turn on all debug flags for Database Connection. The Database Connection debug flags include appc, config, drda, event, and tcp. Use the no form of this command to disable all debugging output.
[no] debug dbconn allDebugging is not enabled for Database Connection.
The debug dbconn all command displays debug output for APPC, Database Connection configuration, DRDA, error messages, event traces, and TCP.
See the sample outputs provided for the debug dbconn appc, debug dbconn config, debug dbconn drda, debug dbconn event, and debug dbconn tcp commands.
debug appn
debug dbconn appc
debug dbconn config
debug dbconn drda
debug dbconn event
debug dbconn tcp
Use the debug dbconn privileged EXEC command to display APPC-related trace or error messages. Use the no form of this command to disable debugging output.
[no] debug dbconn appcIn a router with stable Database Connection, the alias_cp_name field in the trace message should not be blank. There should be no other APPC error message. You can use APPN debug commands with this debug command to track APPN-related errors.
The following is sample output from the debug dbconn appc command.
In a normal situation, only the following message is displayed:
DBCONN-APPC: alias_cp_name is "ASH"
The following error messages are displayed if there is a network configuration error or other APPN related problem:
DBCONN-APPC-612C2B28: APPC error: opcode 0x1, primary_rc 0x0003, secondary_rc 0x00000004 DBCONN-APPC-612C2B28: Verb block = DBCONN-APPC-612C2B28: 0001 0200 0003 0000 0000 0004 0020 100C DBCONN-APPC-612C2B28: 610A 828B 0000 0000 0000 0000 0000 0000 DBCONN-APPC-612C2B28: 0000 0000 8014 0003 0000 0000 0000 0000 DBCONN-APPC-612C2B28: D3E4 F6F2 E2E3 C1D9 C4C2 F240 4040 4040 DBCONN-APPC-612C2B28: 4040 4040 4040 4040 4040 4040 4040 4040 DBCONN-APPC-612C2B28: 4040 4040 4040 4040 4040 4040 4040 4040 DBCONN-APPC-612C2B28: 4040 4040 4040 4040 4040 4040 4040 4040 DBCONN-APPC-612C2B28: 4040 4040 4040 4040 0200 0000 0000 0000 DBCONN-APPC-612C2B28: 0000 0000 D4C5 D9D9 C9C5 4040 4040 D7C5 DBCONN-APPC-612C2B28: E3C5 D940 4040 4040 0000 0000 0000 0000 DBCONN-APPC-612C2B28: 00E2 E3C1 D9E6 4BE3 D6D9 C3C8 4040 4040 DBCONN-APPC-612C2B28: 4040 0000 0000 0000 0000 0000 DBCONN-APPC-612C2B28: ALLOCATE verb block = DBCONN-APPC-612C2B28: 0001 0200 0003 0000 0000 0004 0020 100C DBCONN-APPC-612C2B28: 610A 828B 0000 0000 0000 0000 0000 0000 DBCONN-APPC-612C2B28: 0000 0000 8014 0003 0000 0000 0000 0000 DBCONN-APPC-612C2B28: D3E4 F6F2 E2E3 C1D9 C4C2 F240 4040 4040 DBCONN-APPC-612C2B28: 4040 4040 4040 4040 4040 4040 4040 4040 DBCONN-APPC-612C2B28: 4040 4040 4040 4040 4040 4040 4040 4040 DBCONN-APPC-612C2B28: 4040 4040 4040 4040 4040 4040 4040 4040 DBCONN-APPC-612C2B28: 4040 4040 4040 4040 0200 0000 0000 0000
You can use the debug appn command to obtain more information.
The following message is displayed if a database connection is manually cleared and there is an outstanding APPC verb pending:
DBCONN-APPC-%612C2B28: Canceling pending APPC verb 0x1
debug appn
debug dbconn all
debug dbconn config
debug dbconn drda
debug dbconn event
debug dbconn tcp
Use the debug dbconn config privileged EXEC command to display trace or error messages for Database Connection configuration and control blocks. Use the no form of this command to disable debugging output.
[no] debug dbconn configMost of the messages for Database Connection and control blocks do not report any errors. If a connection is inactive and cannot be cleared, use this command with debug dbconn appc, debug dbconn tcp, and debug appn commands to locate the problem. The alias_cp_name field must match the configured APPN cpname.
The following is sample output from the debug dbconn config command:
DBCONN-CONFIG: alias_cp_name is "ASH " DBCONN-CONFIG: connection 612BDAAC matching server on 198.147.235.5:0 with rdbname=STELLA DBCONN-CONFIG: APPN shutdown; clearing connection 1234abcd DBCONN-CONFIG: created server 612C2720 DBCONN-CONFIG: server 612C2720 (listen 60F72E94) is active DBCONN-CONFIG: server 612C2720 (listen 60F72E94) is active DBCONN-CONFIG: new connection 612BDAAC DBCONN-CONFIG: listen 60F72E94 accepts connection 612BDAAC DBCONN-CONFIG: server 60F74614 takes connection 612BDAAC DBCONN-CONFIG: listen 60F72E94 releases connection 612BDAAC DBCONN-CONFIG: server 60F74614 releases connection 612BDAAC DBCONN-CONFIG: deleting connection 612BDAAC DBCONN-CONFIG: listen 60F72E94 abandons connection 612BDAAC DBCONN-CONFIG: server 612C2720 abandons connection 612BDAAC DBCONN-CONFIG: deleting server 612C2720 DBCONN-CONFIG: daemon 60381738 takes zombie connection 612BDAAC DBCONN-CONFIG: daemon 60381738 releases zombie connection 612BDAAC
debug appn
debug dbconn all
debug dbconn appc
debug dbconn drda
debug dbconn event
debug dbconn tcp
Use the debug dbconn drda privileged EXEC command to display error messages and stream traces for DRDA. Use the no form of this command to disable debugging output.
[no] debug dbconn drdaThe DRDA debug messages display the result of parsing a DRDA stream. These messages are useful for debugging if a database connection cannot be established or the clients receive errors. An example of a DRDA client is StarSQL.
The following is sample output from the debug dbconn drda command:
DBCONN-DRDA-611404E4: DSS X'0056D0010001', length 86, end of chain, REQDSS, correlator 1 DBCONN-DRDA-611404E4: End-of-chain received DBCONN-DRDA-611404E4: EXCSAT.MGRLVLLS: AR Manager X'0102' at level 1 DBCONN-DRDA-611404E4: OBJECT X'0056D0010001', in COLLECTION X'ABCD', length 100, code point X'ABCD'SECCHK DBCONN-PARSER-63518301: object parser level 2 DBCONN-DRDA-611404E4: DSS SEGMENT X'0056D0010001', length 100 DBCONN-DRDA-611404E4: Syntax error in data stream, SYNERRCD = 1
debug appn
debug dbconn all
debug dbconn appc
debug dbconn config
debug dbconn event
debug dbconn tcp
Use the debug dbconn event privileged EXEC command to display trace or error messages for Database Connection events. Use the no form of this command to disable debugging output.
[no] debug dbconn eventIf Database Connection is stable on the Cisco router, only the following types of trace messages should appear for this command: dispatch, post, flush events, event discarded, and send to. The trace message for "Calling foreign event callback" is displayed if APPN is stopped while Database Connection remains configured on the router. When other error messages are displayed, use the debug dbconn appc and debug dbconn drda commands to obtain more information.
The following is sample output from the debug dbconn event command. A normal trace for the debug dbconn event displays as follows:
DBCONN-EVENT: Dispatch to 60FD6C00, from 0, msg 60F754CC, msgid 6468 'dh', buffer 0. DBCONN-EVENT: [*] Post to 61134240(cn), from 60EC5470(tc), msg 611419E4, msgid 0x6372 'cr', buffer 612BF68C. DBCONN-EVENT: Flush events called for pto 61182742, pfrom 61239837. DBCONN-EVENT: Event discarded: to 61182742 (cn), from 61239837(ap), msg 61339273, msgid 0x6372 'cr' buffer 0. DBCONN-EVENT: == Send to 1234abcd, from 22938acd, msg 72618394, msgid 0x6372 'cr', buffer 0.
The following message is displayed if APPN is stopped, but Database Connection remains configured on the router:
DBCONN-EVENT: Calling foreign event callback for wakeup: major = 0x00001111, minor = 0x00111189.
If the following messages are displayed, contact Cisco technical support personnel:
DBCONN-TCPFSM-1234abcd: Cannot occur in state 2 on input 6363 ('cc')
DBCONN-APPCFSM-1234abcd: Cannot occur in state 3 on input 6363 ('cc')
debug appn
debug dbconn all
debug dbconn appc
debug dbconn config
debug dbconn drda
debug dbconn tcp
Use the debug dbconn tcp privileged EXEC command to display error messages and traces for TCP. Use the no form of this command to disable debugging output.
[no] debug dbconn tcpIn a normal situation, TCP-related debug messages are not displayed. TCP-related error messages are not displayed if the router is running out of resources or an error exists with the TCP driver.
The following is sample output from the debug dbconn tcp command:
DBCONN-TCP-63528473: tcpdriver_passive_open returned NULL DBCONN-TCP-63528473: (no memory) tcp_reset(63829482) returns 4 DBCONN-TCP: tcp_accept(74625348,&error) returns tcb 63829482, error 4 DBCONN-TCP: (no memory) tcp_reset(63829482) returns 4 DBCONN-TCP-63528473: (open) tcp_create returns 63829482, error = 4 DBCONN-TCP-63528473: tcb_connect(63829482,1.2.3.4,2010) returns 4 DBCONN-TCP-63528473: (open error) tcp_reset(63829482) returns 4 DBCONN-TCP-63528473: tcp_create returns 63829482, error = 4 DBCONN-TCP-63528473: tcb_bind(63829482,0.0.0.0,2001) returns 4 DBCONN-TCP-63528473: tcp_listen(63829482,,) returns 4 DBCONN-TCP-63528473: (errors) Calling tcp_close (63829482)
debug dbconn all
debug dbconn config
debug dbconn drda
debug dbconn event
debug ip
Use the debug decnet adj EXEC command to display debugging information on DECnet adjacencies. The no form of this command disables debugging output.
[no] debug decnet adjThe following is sample output from the sample debug decnet adj command:
Router# debug decnet adj
DNET-ADJ: Level 1 hello from 1.3 DNET-ADJ: sending hellos DNET-ADJ: Sending hellos to all routers on interface Ethernet0, blksize 1498 DNET-ADJ: Level 1 hello from 1.3 DNET-ADJ: 1.5 adjacency initializing DNET-ADJ: sending triggered hellos DNET-ADJ: Sending hellos to all routers on interface Ethernet0, blksize 1498 DNET-ADJ: Level 1 hello from 1.3 DNET-ADJ: 1.5 adjacency up DNET-ADJ: Level 1 hello from 1.5 DNET-ADJ: 1.5 adjacency down, listener timeout
The following line indicates that the router is sending hellos to all routers on this segment, which in this case is Ethernet 0:
DNET-ADJ: Sending hellos to all routers on interface Ethernet0, blksize 1498
The following line indicates that the router has heard a hello from address 1.5 and is creating an adjacency entry in its table. The initial state of this adjacency will be initializing.
DNET-ADJ: 1.5 adjacency initializing
The following line indicates that the router is sending an unscheduled (triggered) hello as a result of some event, such as new adjacency being heard:
DNET-ADJ: sending triggered hellos
The following line indicates that the adjacency with 1.5 is now up, or active:
DNET-ADJ: 1.5 adjacency up
The following line indicates that the adjacency with 1.5 has timed out, because no hello has been heard from adjacency 1.5 in the time interval originally specified in the hello from 1.5:
DNET-ADJ: 1.5 adjacency down, listener timeout
The following line indicates that the router is sending an unscheduled hello, as a result of some event, such as the adjacency state changing:
DNET-ADJ: hello update triggered by state changed in dn_add_adjacency
Use the debug decnet connects EXEC command to display debugging information of all connect packets that are filtered (permitted or denied) by DECnet access lists. The no form of this command disables debugging output.
[no] debug decnet connectsWhen you use connect packet filtering, it may be helpful to use the decnet access-group configuration command to apply the following basic access list:
access-list 300 permit 0.0 63.1023 eq any
You can then log all connect packets transmitted on interfaces to which you applied this list, in order to determine those elements on which your connect packets must be filtered.
The following is sample output from the debug decnet connects command:
Router# debug decnet connects
DNET-CON: list 300 item #2 matched src=19.403 dst=19.309 on Ethernet0: permitted srcname="RICK" srcuic=[0,017] dstobj=42 id="USER"
Table 29 describes significant fields in the output.
| Field | Description |
|---|---|
DNET-CON: | Indicates that this is a debug decnet connects packet |
list 300 item #2 matched | Indicates that a packet matched the second item in access list 300 |
src = 19.403 | Indicates the source DECnet address for the packet |
dst = 19.309 | Indicates the destination DECnet address for the packet |
on Ethernet0: | Indicates the router interface on which the access list filtering the packet was applied |
permitted | Indicates that the access list permitted the packet |
srcname = "RICK" | Indicates the originator user of the packet |
srcuic = [0,017] | Indicates the source UIC of the packet |
dstobj = 42 | Indicates that DECnet object 42 is the destination |
id="USER" | Indicates the access user |
Use the debug decnet events EXEC command to display debugging information on DECnet events. The no form of this command disables debugging output.
[no] debug decnet eventsThe following is sample output from the debug decnet events command:
Router# debug decnet events
DNET: Hello from area 50 rejected - exceeded `max area' parameter (45) DNET: Hello from area 50 rejected - exceeded `max area' parameter (45)
The following line indicates that the router received a hello from a router whose area was greater than the max-area parameter with which this router was configured:
DNET: Hello from area 50 rejected - exceeded'max area' parameter (45)
The following line indicates that the router received a hello from a router whose node ID was greater than the max-node parameter with which this router was configured:
DNET: Hello from node 1002 rejected - exceeded'max node' parameter (1000)
Use the debug decnet packet EXEC command to display debugging information on DECnet packet events. The no form of this command disables debugging output.
[no] debug decnet packetThe following is sample output from the debug decnet packet command:
Router# debug decnet packet
DNET-PKT: src 1.4 dst 1.5 sending to PHASEV DNET-PKT: Packet fwded from 1.4 to 1.5, via 1.5, snpa 0000.3080.cf90, TokenRing0
The following line indicates that the router is sending a converted packet addressed to node 1.5 to Phase V:
DNET-PKT: src 1.4 dst 1.5 sending to PHASEV
The following line indicates that the router forwarded a packet from node 1.4 to node 1.5. The packet is being sent to the next hop of 1.5 whose subnetwork point of attachment (MAC address) on that interface is 0000.3080.cf90.
DNET-PKT: Packet fwded from 1.4 to 1.5, via 1.5, snpa 0000.3080.cf90, TokenRing0
Use the debug decnet routing EXEC command to display all DECnet routing-related events occurring at the router. The no form of this command disables debugging output.
[no] debug decnet routingThe following is sample output from the debug decnet routing command:
Router# debug decnet routing
DNET-RT: Received level 1 routing from 1.3 on Ethernet0 at 1:16:34 DNET-RT: Sending routes DNET-RT: Sending normal routing updates on Ethernet0 DNET-RT: Sending level 1 routing updates on interface Ethernet0 DNET-RT: Level1 routes from 1.5 on Ethernet0: entry for node 5 created DNET-RT: route update triggered by after split route pointers in dn_rt_input DNET-RT: Received level 1 routing from 1.5 on Ethernet 0 at 1:18:35 DNET-RT: Sending L1 triggered routes DNET-RT: Sending L1 triggered routing updates on Ethernet0 DNET-RT: removing route to node 5
The following line indicates that the router has received a level 1 update on interface Ethernet 0:
DNET-RT: Received level 1 routing from 1.3 on Ethernet0 at 1:16:34
The following line indicates that the router is sending its scheduled updates on interface Ethernet 0:
DNET-RT: Sending normal routing updates on Ethernet0
The following line indicates that the route will send an unscheduled update on this interface as a result of some event. In this case, the unscheduled update is a result of a new entry created in the interface's routing table.
DNET-RT: route update triggered by after split route pointers in dn_rt_input
The following line indicates that the router sent the unscheduled update on Ethernet 0:
DNET-RT: Sending L1 triggered routes DNET-RT: Sending L1 triggered routing updates on Ethernet0
The following line indicates that the router removed the entry for node 5 because the adjacency with node 5 timed out, or the route to node 5 through a next-hop router went away:
DNET-RT: removing route to node 5
Use the debug dialer events EXEC command to display debugging information about the packets received on a dialer interface. The no form of this command disables debugging output.
[no] debug dialer eventsWhen DDR is enabled on the interface, information concerning the cause of any call (called the Dialing cause) is displayed. The following line of output for an IP packet lists the name of the DDR interface and the source and destination addresses of the packet:
Dialing cause: Serial0: ip (s=172.16.1.111 d=172.16.2.22)
The following line of output for a bridged packet lists the DDR interface and the type of packet (in hexadecimal). For information on these packet types, see the "Ethernet Type Codes" appendix of the Bridging and IBM Networking Command Reference publication.
Dialing cause: Serial1: Bridge (0x6005)
Most messages are self-explanatory; however, messages that may need some explanation are described in Table 30.
| Message | Description |
|---|---|
Dialer0: Already xxx call(s) in progress on Dialer0, dialing not allowed | This message occurs when the number of calls in progress (xxx) exceeds the maximum number of calls set on the interface. |
Dialer0: No free dialer - starting fast idle timer | This message occurs when all the lines in the interface or rotary group are busy and a packet is waiting to be sent to the destination. |
BRI0: rotary group to xxx overloaded (yyy) | This message occurs when the number dialer (xxx) exceeds the load set on the interface (yyy). |
BRI0: authenticated host xxx with no matching dialer profile | This message occurs when no dialer profile matches xxx, the remote host's CHAP name or remote name. |
BRI0: authenticated host xxx with no matching dialer map | This message occurs when no dialer map matches xxx, the remote host's CHAP name or remote name. |
BRI0: Can't place call, verify configuration | This message occurs when you have not set the dialer string or dialer pool on an interface. |
Table 31 describes the messages that the debug dialer events command can generate for a serial interface used as a V.25bis dialer for dial-on-demand routing (DDR).
| Message | Description |
|---|---|
Serial 0: Dialer result = xxxxxxxxxx | This message displays the result returned from the V.25bis dialer. It is useful in debugging if calls are failing. On some hardware platforms, this message cannot be displayed due to hardware limitations. Possible values for the xxxxxxxxxx variable depend on the V.25bis device with which the router is communicating. |
Serial 0: No dialer string defined. Dialing cannot occur. | This message is displayed when a packet is received that should cause a call to be placed. However, there is no dialer string configured, so dialing cannot occur. This message usually indicates a configuration problem. |
Serial 0: Attempting to dial xxxxxxxxxx | This message indicates that a packet has been received that passes the dial-on-demand access lists. That packet causes phone number xxxxxxxxxx to be dialed. |
Serial 0: Unable to dial xxxxxxxxxx | This message is displayed if for some reason the phone call to xxxxxxxxxx cannot be placed. This failure might be due to a lack of memory, full output queues, or other problems. |
Serial 0: disconnecting call | This message is displayed when the router hangs up a call. |
Serial 0: idle timeout Serial 0: re-enable timeout Serial 0: wait for carrier timeout | One of these three messages is displayed when a dialer timer expires. These messages are mostly informational, but are useful for debugging a disconnected call or call failure. |
Use the debug dialer packets EXEC command to display debugging information about the packets received on a dialer interface. The no form of this command disables debugging output.
[no] debug dialer packetsThe following is sample output from the debug dialer packets command. The following message shows the interface type, the type of packet (protocol) being sent, the source and destination addresses, the size of the packet, and the default action for the packet (in this example, PERMIT).
Router# debug dialer packets
BRI0: ip (s=10.1.1.8, d=10.1.1.1), 100 bytes, interesting (ip PERMIT)
|
|