How to (more) safely run debugs on Cisco routers
Running debug commands can bring a busy router to a crawl. Not sending the output to the console can help. This tech-recipe describes turning off console debugging output and techniques for viewing debug information in a router-friendly way.
Some debug commands, like
debug ip packet detail
can cause a router to stop responding while it attempts to display all the data you’ve requested. Frequently, it’s trying to force a lot of data down a 9600 baud (slow) console port.
So, we can turn this off!
no logging console
But, now debugs are not very useful, since they won’t display. We can telnet to the router, then
to send all the debug output down the pipe to the telnet client. Better, but this can still backfire.
We can just push all the messages to a buffer:
then view them with
Another option which will make some debug commands, like
debug ip packet
safer is to specify an access-list for just the traffic you want. For example:
access-list 100 permit ip any host 18.104.22.168
access-list 100 permit ip host 22.214.171.124 any
debug ip packet detail 100
Will give you IP packet detail for any packets coming from or going to a host with ip address 126.96.36.199.
NOTE: Corrected on 4/9/2009 by abanks, based on AWfki’s comment.
Follow the reactions below and share your own thoughts.