The following is just a quick list of some of the top debugging that can be used for troubleshooting. Debugging is one of those necessary evils that as Network Engineers we can’t really do without. Lets face it this is the real Art behind network troubleshooting the ability to turn on the correct debugging option, and then analyze the results. It can also one of the most nerve racking tools we can’t really do without. The worst part is that when we have to rely on debugging to resolve an issue we no where near the network equipment so if something does go wrong its not going to turn out well for you or the remote location.
Let’s face it, at one time or another we’ve all enabled some combination of debugging that has brought a Router, Switch or Firewall to its knees. We didn’t mean to we were just trying to resolve an issue. Unfortunately sometimes those are the best lessons learned. There are certain debugging combination we should avoid all together unless of course you have physical console access to the equipment or your utilizing an ACL.
Warning: The following may be hazardous to your career..!
- debug ip packet
- debug ip packet detail
- logging synchronous
Debugging IP Packets safely with the help of an ACL
Router#configure terminal Router(config)#access-list 100 permit tcp host 172.16.0.10 host 192.168.8.20 Router(config)#exit Router#debug ip packet 100 detail IP packet debugging is on (detailed) for access list 100 Router#
AAA
- debug aaa accounting
- debug aaa authentication
- debug aaa authorization
TACACS or RADIUS
- debug tacacs accounting
- debug tacacs authentication
- debug tacacs authorization
- debug radius authentication
H.323
- debug voip ccapi inout
- debug h225 asn1
- debug h245 asn1
- debug cch323 all
- debug ip tcp transaction
SIP
- debug voip ccapi inout
- debug ccsip messages
- debug voip rtp session named-event
MGCP
- debug voip ccapi inout
- debug mgcp packet
- debug ip tcp transaction
- debug mgcp packets
- debug mgcp events
- debug mgcp error
- debug voip vtsp all
ISDN
- debug voip ccapi inout
- debug isdn q931
You can turn on several debugs in order to troubleshoot the Caller ID feature on POTS lines. The voice port module or VPM signaling debugs track the standard fxs-loopstart debugs with the Caller ID feature turned on. These debugs are analyzed from the perspective of the terminating router and the FXS port of that router; the Caller ID is received on this end.
POTS
- debug voip ccapi inout
- debug vpm signal
- debug vpm dsp
- debug vpm port
- debug vpm all
Collecting Syslog Server Debugs
In certain situations its helpful to send logging information to a Syslog Server for historical logging or future analyzing. Its also useful when you wan to provide Cisco TAC with logging information gathered over a certain period of time. It’s also useful to help catch problems after hours.
Available Logging Levels
0 – Emergency
1 – Alert
2 – Critical
3 – Error
4 – Warning
5 – Notification
6 – Informational
7 – Debugging
When configure a particular logging trap level keep in mind that the level or levels above are also included in the logging. For example if you were to log at level 3 it would include Error, Critical, Alert and Emergency. So for example the following configuration would include levels 0 through 3.
Router#configure terminal
Router(config)#logging trap 3
Router(config)#logging facility syslog
Router(config)#logging host XX.XX.XX.XX
Router(config)#no logging monitor
Router(config)#no logging console
Router(config)#no logging buffer
Router(config)#service timestamps debug datetime msec local
Router(config)#service timestamps log datetime msec local
Router(config)#service sequence-numbers
Router(config)#exit
Router#
Its a good idea to configure the local clock and NTP Server settings.
Router#configure terminal
Router(config)#clock timezone CST -6
Router(config)#clock summer-time CST recurring
Router(config)#ntp server 172.18.5.1
Router(config)#exit
Router#
Configure the service logging service time stamps.
Router#config t
Router(config)#service timestamps log datetime localtime
Router(config)#service timestamps debug datetime localtime msec
Router(config)#exit
Router#
Configure a logging host and increased buffer from default of 4096.
The logging buffered command copies log messages to an internal buffer instead of writing them to the console. The buffer operates in a circular fashion so that newer messages overwrite the older messages.
Router#configure terminal
Router(config)#logging host 172.18.5.20
Router(config)#logging buffered 100000 debug
Router(config)#service sequence-numbers
Router(config)#no logging monitor
Router(config)#no logging console
Router(config)#exit
Router#
It’s always a good idea to checking the CPU load after enabling the syslog logging.
Router#show processes cpu | include Syslog
259 3236 137108 23 0.00% 0.00% 0.00% 0 EEM ED Syslog
264 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
288 2888 93096 31 0.00% 0.02% 0.04% 0 Syslog
