4/7/08

Debugging Traffic Using ACLs

ACLs can be used to debug traffic on a router. Running debugs on a router is resource consuming and could potentially use almost all system resources, such as memory and processing power. Excessive debugging under high load conditions may cause unexpected interruptions or in some cases cause the device to crash. Therefore, debugging commands need to be used with extreme caution. Before enabling debugging, inspect the CPU load by using the show processes cpu command and verify that sufficient CPU is available before running the
debugs.

One way of reducing the impact of the debug command on a device is to use an ACL to selectively define the traffic criteria that needs to be examined. This concept does not do any packet filtering; it is used only for controlled monitoring.

Below Example shows a configuration that enables debugging only for packets between the
hosts 10.1.1.1 and 192.168.1.1 using the debug ip packet [detail] command.

Example: Debugging Traffic Using ACL Example
Router(config)# access-list 101 permit ip host 10.1.1.1 host 192.168.1.1
Router(config)# access-list 101 permit ip host 192.168.1.1 host 10.1.1.1
Router(config)# end


Router# debug ip packet detail 101
IP packet debugging is on (detailed) for access list 101



Caution
On the router console, when debugs are running, usually the router prompt is not seen because debugs tend to scroll very fast on the console screen, especially when the debug is intensive. However, use the no debug all or undebug all commands to stop the debugs (Type this command as blind-folded.)

How to Change JKS KeyStore Private Key Password

Use following keytool command to change the key store password >keytool  -storepasswd  -new [new password ]  -keystore  [path to key stor...