To understand what is the outgoing IP port of a packet, according to a specific source, type the debug res:iprtr lsn:9 cmd:src.src.src.src-dst.dst.dst.dst command.
For example:
[17:45:39] ABILIS_CPX:debug res:iprtr lsn:9 cmd:192.168.0.29-192.168.5.254
RES:Iprtr ---------------------------------------------------------------------
IP_Router_general_properties
BufferLength:127 Date/Time:05/06/2015 08:05:44 TraceTime:56839854
Route query information
Route query for SRC:192.168.000.029 and DST:192.168.005.254.
Outgoing IP to Load Balancing ID:1
By typing the debug res:iprtr lsn:0 command it is possible to display the help of the debug command.
[17:45:39] ABILIS_CPX:debug res:iprtr lsn:0
RES:Iprtr ---------------------------------------------------------------------
IP_Router_general_properties
BufferLength:3214 Date/Time:05/06/2015 08:03:30 TraceTime:56705561
Usage:
LSN:0 == This help
LSN:1 == Complete debug
LSN:2 == Upper/Lower NCB status
LSN:3 == Display ICMP header of the last 10 packets with chksum err
LSN:3 CMD:EXT == Display ICMP extended of checksum errors
LSN:3 CMD:CLR == Clear the ICMP checksum failures history
LSN:4 == NAT/ROUTE statistics display
LSN:4 CMD:CLR == NAT/ROUTE statistics clear
LSN:5 == Speed-limit status information
LSN:6 == Speed-limit error information
LSN:6 CMD:CLR == Speed-limit error clear
LSN:7 == Queue packet status information for ALL IP-RES
LSN:7 CMD:<IP-xx> == Queue packet status information for specific IP-RES
LSN:8 CMD:<IP-xx> == Queue flow information
LSN:9 CMD:src.src.src.src-dst.dst.dst.dst == Route query
LSN:10 == Queue forced discards for ALL IP-RES
LSN:10 CMD:<IP-xx> == Queue forced discards for specific IP-RES
LSN:11 == Queue total discards for ALL IP-RES
LSN:11 CMD:<IP-xx> == Queue total discards for specific IP-RES
LSN:12 CMD:CLR == Queue forced/total discards clear
LSN:13 == All reassembler statistics
LSN:13 CMD:<prot> == Specific protocol reassembler statistics
LSN:14 == All reassembler descriptor information
LSN:14 CMD:<prot> == Specific protocol reassembler descriptor information
LSN:15 == Registered IPs for ALL IP-RES
LSN:15 CMD:<IP-xx> == Registered IPs for specific IP-RES
LSN:16 == Registered MAC/IPs for ALL IP-RES
LSN:16 CMD:<IP-xx> == Registered MAC/IPs for specific IP-RES
LSN:17 == Queue BYTEs status information for ALL IP-RES
LSN:17 CMD:<IP-xx> == Queue BYTEs status information for specific IP-RES
LSN:18 == Load balancing configuration by ID
LSN:19 == PING status information for ALL IP-RES
LSN:19 CMD:<IP-xx> == PING status information for specific IP-RES
LSN:20 CMD:<IP-xx> == Extended PING status information for specific IP-RES
LSN:21 CMD:<IP-xx> == Extended queue flow information
LSN:22 CMD:<IP-xx> == IPACL request tracer information
LSN:22 CMD:CLR == Clear IPACL request tracer information
LSN:23 CMD:<IP-xx> == DHCP client information for specific IP-RES
LSN:24 == Load balancing configuration by IP-RES
LSN:25 == IP Shaping queue status information for ALL IP-RES
LSN:25 CMD:<IP-xx> == IP Shaping queue status information for specific IP-RES
LSN:26 == Lower IP-Res overhead information for ALL IP-RES
LSN:26 CMD:<IP-xx> == Lower IP-Res overhead information for specific IP-RES
LSN:27 CMD:<IP-xx> == Display MSS-CLAMP statistics for specific IP-RES
LSN:28 CMD:<IP-xx> == Clear MSS-CLAMP statistics for specific IP-RES
LSN:29 == IP headers of last 100 packets with unknown protocol
LSN:29 CMD:CLR == Clear the unknown protocol history
LSN:31 == Display information on FIFO node manual-check corruption
LSN:32 CMD:<IP-xx> == Display Throughput statistics for specific IP-RES
In the ACLBYPASS
parameter it is possible to
set a source/destination IP address that bypasses the IPACL (IP Access
Control List).
ACLBYPASS
parameter is used only AFTER IPACL
check, and only if it returned a DENY. The result is that packets
matching IPACL PERMIT entries will get IPCOS
and
TOS-O
as specified in the IPACL, while packets
matching a DENY entry may be passed because of match with
ACLBYPASS
with the assigment of
IPCOS
=COSDFT
and
TOS
unchanged.
[19:03:49] ABILIS_CPX:d p iprtr
RES:Iprtr ---------------------------------------------------------------------
Run DESCR:IP_Router_general_properties
- General --------------------------------------------------------------
R-ID:AUTO (192.168.000.201)
maxroute:500 DFTTTL:255 ps:2048
DEF-LOCAL-AD:0 DEF-STATIC-AD:1 DEF-OSPF-AD:110 DEF-RIP-AD:120
pvc:0 bsvc:0 LINKS:3 virtual:0
- IP Access List -------------------------------------------------------
ACL:YES ACLBYPASS:192.168.0.232
COS:ENABLED COSDFT:NORMAL
COSBALANCE:NO NORMRATE:50 LOWRATE:50
- IP Trace -------------------------------------------------------------
tracerec:100
- Ppp-Dns --------------------------------------------------------------
PPP-DNS-PRI:000.000.000.000 PPP-DNS-SEC:000.000.000.000
Type the command debug res:ip-1 layer:lan lsn:2 or d d ip-1 arp For example:
[19:03:49] ABILIS_CPX:debug res:ip-1 layer:lan lsn:2
RES:Ip-1 - IP over LAN (LAN) -------------------------------------------------- Lan_locale BufferLength:1782 Date/Time:05/06/2015 08:13:52 TraceTime:57327407 ----+----------------+------------------+-----------+----------- ID|IP |MAC |State | Expiry [s] ----+----------------+------------------+-----------+----------- 1|192.168.000.058 |00-40-F4-BB-E6-2F |VALID | 3 2|192.168.000.208 |00-08-54-50-16-1E |VALID | 106 3|192.168.000.251 |00-48-54-13-21-22 |VALID | 26 4|192.168.000.024 |00-08-54-02-00-78 |VALID | 53 5|192.168.000.005 |00-0C-6E-DE-2C-15 |VALID | 103 6|192.168.000.029 |00-40-CA-63-34-E3 |VALID | 1 7|192.168.000.250 |00-40-CA-63-34-A2 |VALID | 103 9|192.168.000.067 |00-13-8F-7E-21-33 |VALID | 84 10|192.168.000.009 |00-48-54-13-23-E7 |VALID | 99 11|192.168.000.085 |00-04-61-75-56-F5 |VALID | 107 12|192.168.000.090 |00-40-CA-6D-1D-24 |VALID | 108 13|192.168.000.035 |00-40-CA-63-34-82 |VALID | 35 14|192.168.000.025 |00-40-CA-63-35-15 |VALID | 60 15|192.168.000.033 |00-40-CA-63-34-F8 |VALID | 76 16|192.168.000.126 |00-80-48-B3-45-4B |VALID | 20 ... [19:03:49] ABILIS_CPX:d d ip-1 arp
----+----------------+------------------+-----------+----------- ID|IP |MAC |State | Expiry [s] ----+----------------+------------------+-----------+----------- 1|192.168.000.058 |00-40-F4-BB-E6-2F |VALID | 3 2|192.168.000.208 |00-08-54-50-16-1E |VALID | 106 3|192.168.000.251 |00-48-54-13-21-22 |VALID | 26 4|192.168.000.024 |00-08-54-02-00-78 |VALID | 53 5|192.168.000.005 |00-0C-6E-DE-2C-15 |VALID | 103 6|192.168.000.029 |00-40-CA-63-34-E3 |VALID | 1 7|192.168.000.250 |00-40-CA-63-34-A2 |VALID | 103 9|192.168.000.067 |00-13-8F-7E-21-33 |VALID | 84 10|192.168.000.009 |00-48-54-13-23-E7 |VALID | 99 11|192.168.000.085 |00-04-61-75-56-F5 |VALID | 107 12|192.168.000.090 |00-40-CA-6D-1D-24 |VALID | 108 13|192.168.000.035 |00-40-CA-63-34-82 |VALID | 35 14|192.168.000.025 |00-40-CA-63-35-15 |VALID | 60 15|192.168.000.033 |00-40-CA-63-34-F8 |VALID | 76 16|192.168.000.126 |00-80-48-B3-45-4B |VALID | 20 ...
By typing the debug res:ip-1 layer:lan lsn:0 command it is possible to display the help of the debug command.
[19:03:49] ABILIS_CPX:debug res:ip-1 layer:lan lsn:0
RES:Ip-1 - IP over LAN (LAN) --------------------------------------------------
Lan_locale
BufferLength:479 Date/Time:05/06/2015 08:16:54 TraceTime:57510220
IPLAN DEBUG INFO:
LSN:0 This help message
LSN:1 IPLAN driver object
LSN:2 ARP cache: only VALID items
LSN:3 ARP cache: only VALID & OUTDATED items
LSN:4 ARP cache: all items
LSN:5 Registered local IP addresses
LSN:6 Registered multicast MAC addresses
LSN:7 Registered virtual MAC/IP addresses
LSN:8 Registered aliases
LSN:9 Current timer state (ticks)
LSN:11 NCBs at upper interface
LSN:12 Local Addresses summary
LSN:20 Sessions to Ethernet
Type the command d nat maps ip:<ip_address>. For example:
[13:01:23] ABILIS_CPX:d nat maps
Number of records in standard table: 39 S A TYPE SRC-ADDRESS SP/ID DST-ADDRESS DP/ID ALS-ADDRESS ALIAS TM ------------------------------------------------------------------------------- IOS UDP 192.168.030.001 5060 083.211.227.015 5060 192.168.001.100 1024 80 IOS UDP 192.168.030.002 11826 087.241.097.125 49152 192.168.001.100 6339 139 IOS UDP 192.168.030.002 11826 096.028.041.076 44121 192.168.001.100 1121 37 IOS TCP 192.168.030.002 59013 205.188.005.066 443 192.168.001.100 1027 358 IOS UDP 192.168.030.002 11826 178.150.129.152 61956 192.168.001.100 6331 136 IOS TCP 192.168.030.003 1038 074.125.232.112 80 192.168.001.100 6342 353 IOS TCP 192.168.030.003 1041 074.125.232.112 80 192.168.001.100 6343 355 IOS TCP 192.168.030.002 38353 064.004.061.088 1863 192.168.001.100 1032 336 IOS UDP 192.168.030.002 11826 178.049.048.004 31799 192.168.001.100 6334 123 IOS TCP 192.168.030.003 1042 074.125.232.116 80 192.168.001.100 6344 355 IOS UDP 192.168.030.002 11826 178.213.109.009 58305 192.168.001.100 6336 125 IOS TCP 192.168.030.003 1043 063.245.209.093 80 192.168.001.100 6345 360 IOS TCP 192.168.030.003 1044 212.058.244.057 80 192.168.001.100 6346 360 IOS TCP 192.168.030.003 1045 195.022.200.144 80 192.168.001.100 6347 360 IOS UDP 192.168.030.002 11826 079.100.139.017 20685 192.168.001.100 6236 86 IOS UDP 192.168.030.002 11826 087.248.174.154 19652 192.168.001.100 6239 86 IOS UDP 192.168.030.002 11826 184.190.196.131 37255 192.168.001.100 3701 96 IOS UDP 192.168.030.002 11826 098.232.048.010 47217 192.168.001.100 3706 81 IOS UDP 192.168.030.002 11826 217.201.019.166 51716 192.168.001.100 5801 61 IOS UDP 192.168.030.002 11826 188.186.052.100 47055 192.168.001.100 5808 82 IOS UDP 192.168.030.002 11826 203.218.109.047 12984 192.168.001.100 4482 97 IOS UDP 192.168.030.002 11826 094.242.051.070 52094 192.168.001.100 1376 125 IOS UDP 192.168.030.002 11826 086.075.015.096 26070 192.168.001.100 3601 136 IOS UDP 192.168.030.002 11826 067.247.155.048 22434 192.168.001.100 2935 96 IOS UDP 192.168.030.002 11826 119.246.064.215 15665 192.168.001.100 4627 8 IOS UDP 192.168.030.002 11826 094.041.075.151 12840 192.168.001.100 5340 38 IOS UDP 192.168.030.002 11826 079.041.083.069 42176 192.168.001.100 6115 76 IOS UDP 192.168.030.002 11826 079.040.142.006 44256 192.168.001.100 4713 11 IOS UDP 192.168.030.002 11826 190.052.139.104 18460 192.168.001.100 5419 136 IOS UDP 192.168.030.002 11826 077.071.136.116 26322 192.168.001.100 5421 136 IOS UDP 192.168.030.002 11826 090.150.168.098 18684 192.168.001.100 5422 41 IOS UDP 192.168.030.002 11826 084.252.032.040 23716 192.168.001.100 6204 82 IOS UDP 192.168.030.002 11826 124.146.059.056 13975 192.168.001.100 4035 96 IOS UDP 192.168.030.002 11826 085.076.191.108 63279 192.168.001.100 4036 96 IOS UDP 192.168.030.002 11826 093.105.147.184 12357 192.168.001.100 4150 104 IOS UDP 192.168.030.002 11826 077.087.008.009 51520 192.168.001.100 3274 16 IOS UDP 192.168.030.002 11826 024.123.109.130 52283 192.168.001.100 3275 25 IOS UDP 192.168.030.002 11826 059.178.047.179 10028 192.168.001.100 4966 121 IOS UDP 192.168.030.002 11826 088.111.166.121 22324 192.168.001.100 4978 96 [13:01:32] ABILIS_CPX:d nat maps ip:192.168.30.3
Number of records in standard table: 34 S A TYPE SRC-ADDRESS SP/ID DST-ADDRESS DP/ID ALS-ADDRESS ALIAS TM ------------------------------------------------------------------------------- IOS TCP 192.168.030.003 1038 074.125.232.112 80 192.168.001.100 6342 320 IOS TCP 192.168.030.003 1041 074.125.232.112 80 192.168.001.100 6343 322 IOS TCP 192.168.030.003 1042 074.125.232.116 80 192.168.001.100 6344 322 IOS TCP 192.168.030.003 1045 195.022.200.144 80 192.168.001.100 6347 327
By typing the debug res:nat lsn:0 command it is possible to display the help of the debug command.
[19:03:49] ABILIS_CPX:d nat maps ?
D NAT MAPS [filter:val] Display any NAT active maps matching the
specified filter(s)
Allowed filters on active maps:
IP: Separate records by IP: ipadd[/mask]
S: Separate records by source IP: ipadd[/mask]
D: Separate records by destination IP: ipadd[/mask]
A: Separate records by alias IP: ipadd[/mask]
SIDEIN: Separate records by input side of translation [IN, OUT, VPN, DMZ]
SIDEOUT: Separate records by output side of translation [IN, OUT, VPN, DMZ]
ADDR: Separate records by address type [SRC, DST]
TYPE: Separate records by type of record [ICMP, TCP, UDP, FRAG, DNS, FTP
FTPC, FTPD, SNMP, SNTP, PPTP,
PPTPC, PPTPD]
PORT: Separate records by source or destination port [1..65535]
SP: Separate records by source port [1..65535]
DP: Separate records by destination port [1..65535]
ID: Separate records by id [1..65535]
ALIAS: Separate records by alias port/id [1..65535]
Active map fields:
S Side (incoming/outgoing, can be I, O, V, D)
A Address type (source/destination, can be S, D
TYPE Protocol type
SRC-ADDRESS Source IP address
SP/ID Source port/id
DST-ADDRESS Destination IP address
DP/ID Destination port/id
ALS-ADDRESS Alias IP address
ALIAS Alias port/id
TM Map lifetime
Tip | |
---|---|
Type debug res:nat lsn:0 to display the help of the debug command. |