72.5. IP router

72.5.1. How can I query the IP routing table?

To understand what is the outgoing IP port of a packet, according to a specific source, type the debug res:iprtr lsn:9 cmd:src.src.src.src-dst.dst.dst.dst command.

For example:

[17:45:39] ABILIS_CPX:debug res:iprtr lsn:9 cmd:192.168.0.29-192.168.5.254

RES:Iprtr ---------------------------------------------------------------------
       IP_Router_general_properties                                            
       BufferLength:127    Date/Time:05/06/2015 08:05:44 TraceTime:56839854

Route query information

Route query for SRC:192.168.000.029 and DST:192.168.005.254.

Outgoing IP to Load Balancing ID:1

By typing the debug res:iprtr lsn:0 command it is possible to display the help of the debug command.

[17:45:39] ABILIS_CPX:debug res:iprtr lsn:0

RES:Iprtr ---------------------------------------------------------------------
       IP_Router_general_properties                                            
       BufferLength:3214   Date/Time:05/06/2015 08:03:30 TraceTime:56705561

Usage:
   LSN:0              == This help
   LSN:1              == Complete debug
   LSN:2              == Upper/Lower NCB status
   LSN:3              == Display ICMP header of the last 10 packets with chksum err
   LSN:3  CMD:EXT     == Display ICMP extended of checksum errors
   LSN:3  CMD:CLR     == Clear the ICMP checksum failures history
   LSN:4              == NAT/ROUTE statistics display
   LSN:4  CMD:CLR     == NAT/ROUTE statistics clear
   LSN:5              == Speed-limit status information
   LSN:6              == Speed-limit error information
   LSN:6  CMD:CLR     == Speed-limit error clear
   LSN:7              == Queue packet status information for ALL IP-RES
   LSN:7  CMD:<IP-xx> == Queue packet status information for specific IP-RES
   LSN:8  CMD:<IP-xx> == Queue flow information
   LSN:9  CMD:src.src.src.src-dst.dst.dst.dst == Route query
   LSN:10             == Queue forced discards for ALL IP-RES
   LSN:10 CMD:<IP-xx> == Queue forced discards for specific IP-RES
   LSN:11             == Queue total discards for ALL IP-RES
   LSN:11 CMD:<IP-xx> == Queue total discards for specific IP-RES
   LSN:12 CMD:CLR     == Queue forced/total discards clear
   LSN:13             == All reassembler statistics
   LSN:13 CMD:<prot>  == Specific protocol reassembler statistics
   LSN:14             == All reassembler descriptor information
   LSN:14 CMD:<prot>  == Specific protocol reassembler descriptor information
   LSN:15             == Registered IPs for ALL IP-RES
   LSN:15 CMD:<IP-xx> == Registered IPs for specific IP-RES
   LSN:16             == Registered MAC/IPs for ALL IP-RES
   LSN:16 CMD:<IP-xx> == Registered MAC/IPs for specific IP-RES
   LSN:17             == Queue BYTEs status information for ALL IP-RES
   LSN:17 CMD:<IP-xx> == Queue BYTEs status information for specific IP-RES
   LSN:18             == Load balancing configuration by ID
   LSN:19             == PING status information for ALL IP-RES
   LSN:19 CMD:<IP-xx> == PING status information for specific IP-RES
   LSN:20 CMD:<IP-xx> == Extended PING status information for specific IP-RES
   LSN:21 CMD:<IP-xx> == Extended queue flow information
   LSN:22 CMD:<IP-xx> == IPACL request tracer information
   LSN:22 CMD:CLR     == Clear IPACL request tracer information
   LSN:23 CMD:<IP-xx> == DHCP client information for specific IP-RES
   LSN:24             == Load balancing configuration by IP-RES
   LSN:25             == IP Shaping queue status information for ALL IP-RES
   LSN:25 CMD:<IP-xx> == IP Shaping queue status information for specific IP-RES
   LSN:26             == Lower IP-Res overhead information for ALL IP-RES
   LSN:26 CMD:<IP-xx> == Lower IP-Res overhead information for specific IP-RES
   LSN:27 CMD:<IP-xx> == Display MSS-CLAMP statistics for specific IP-RES
   LSN:28 CMD:<IP-xx> == Clear MSS-CLAMP statistics for specific IP-RES
   LSN:29             == IP headers of last 100 packets with unknown protocol
   LSN:29 CMD:CLR     == Clear the unknown protocol history
   LSN:31             == Display information on FIFO node manual-check corruption
   LSN:32 CMD:<IP-xx> == Display Throughput statistics for specific IP-RES

72.5.2. How does ACLBYPASS parameter work?

In the ACLBYPASS parameter it is possible to set a source/destination IP address that bypasses the IPACL (IP Access Control List).

ACLBYPASS parameter is used only AFTER IPACL check, and only if it returned a DENY. The result is that packets matching IPACL PERMIT entries will get IPCOS and TOS-O as specified in the IPACL, while packets matching a DENY entry may be passed because of match with ACLBYPASS with the assigment of IPCOS=COSDFT and TOS unchanged.

[19:03:49] ABILIS_CPX:d p iprtr

RES:Iprtr ---------------------------------------------------------------------
Run    DESCR:IP_Router_general_properties
       - General --------------------------------------------------------------
       R-ID:AUTO (192.168.000.201)
       maxroute:500       DFTTTL:255          ps:2048
       DEF-LOCAL-AD:0     DEF-STATIC-AD:1     DEF-OSPF-AD:110   DEF-RIP-AD:120
       pvc:0              bsvc:0              LINKS:3           virtual:0
       - IP Access List -------------------------------------------------------
       ACL:YES                ACLBYPASS:192.168.0.232
       COS:ENABLED            COSDFT:NORMAL
       COSBALANCE:NO          NORMRATE:50            LOWRATE:50
       - IP Trace -------------------------------------------------------------
       tracerec:100
       - Ppp-Dns --------------------------------------------------------------
       PPP-DNS-PRI:000.000.000.000  PPP-DNS-SEC:000.000.000.000

72.5.3. How can I view the Abilis ARP table?

Type the command debug res:ip-1 layer:lan lsn:2 or d d ip-1 arp For example:

[19:03:49] ABILIS_CPX:debug res:ip-1 layer:lan lsn:2

RES:Ip-1 - IP over LAN (LAN) --------------------------------------------------
       Lan_locale
       BufferLength:1782    Date/Time:05/06/2015 08:13:52 TraceTime:57327407

----+----------------+------------------+-----------+-----------
  ID|IP              |MAC               |State      | Expiry [s]
----+----------------+------------------+-----------+-----------
   1|192.168.000.058 |00-40-F4-BB-E6-2F |VALID      |          3
   2|192.168.000.208 |00-08-54-50-16-1E |VALID      |        106
   3|192.168.000.251 |00-48-54-13-21-22 |VALID      |         26
   4|192.168.000.024 |00-08-54-02-00-78 |VALID      |         53
   5|192.168.000.005 |00-0C-6E-DE-2C-15 |VALID      |        103
   6|192.168.000.029 |00-40-CA-63-34-E3 |VALID      |          1
   7|192.168.000.250 |00-40-CA-63-34-A2 |VALID      |        103
   9|192.168.000.067 |00-13-8F-7E-21-33 |VALID      |         84
  10|192.168.000.009 |00-48-54-13-23-E7 |VALID      |         99
  11|192.168.000.085 |00-04-61-75-56-F5 |VALID      |        107
  12|192.168.000.090 |00-40-CA-6D-1D-24 |VALID      |        108
  13|192.168.000.035 |00-40-CA-63-34-82 |VALID      |         35
  14|192.168.000.025 |00-40-CA-63-35-15 |VALID      |         60
  15|192.168.000.033 |00-40-CA-63-34-F8 |VALID      |         76
  16|192.168.000.126 |00-80-48-B3-45-4B |VALID      |         20
...
[19:03:49] ABILIS_CPX:d d ip-1 arp

----+----------------+------------------+-----------+-----------
  ID|IP              |MAC               |State      | Expiry [s]
----+----------------+------------------+-----------+-----------
   1|192.168.000.058 |00-40-F4-BB-E6-2F |VALID      |          3
   2|192.168.000.208 |00-08-54-50-16-1E |VALID      |        106
   3|192.168.000.251 |00-48-54-13-21-22 |VALID      |         26
   4|192.168.000.024 |00-08-54-02-00-78 |VALID      |         53
   5|192.168.000.005 |00-0C-6E-DE-2C-15 |VALID      |        103
   6|192.168.000.029 |00-40-CA-63-34-E3 |VALID      |          1
   7|192.168.000.250 |00-40-CA-63-34-A2 |VALID      |        103
   9|192.168.000.067 |00-13-8F-7E-21-33 |VALID      |         84
  10|192.168.000.009 |00-48-54-13-23-E7 |VALID      |         99
  11|192.168.000.085 |00-04-61-75-56-F5 |VALID      |        107
  12|192.168.000.090 |00-40-CA-6D-1D-24 |VALID      |        108
  13|192.168.000.035 |00-40-CA-63-34-82 |VALID      |         35
  14|192.168.000.025 |00-40-CA-63-35-15 |VALID      |         60
  15|192.168.000.033 |00-40-CA-63-34-F8 |VALID      |         76
  16|192.168.000.126 |00-80-48-B3-45-4B |VALID      |         20
...

By typing the debug res:ip-1 layer:lan lsn:0 command it is possible to display the help of the debug command.

[19:03:49] ABILIS_CPX:debug res:ip-1 layer:lan lsn:0

RES:Ip-1 - IP over LAN (LAN) --------------------------------------------------
       Lan_locale
       BufferLength:479    Date/Time:05/06/2015 08:16:54 TraceTime:57510220

IPLAN DEBUG INFO:
 LSN:0  This help message
 LSN:1  IPLAN driver object
 LSN:2  ARP cache: only VALID items
 LSN:3  ARP cache: only VALID & OUTDATED items
 LSN:4  ARP cache: all items
 LSN:5  Registered local IP addresses
 LSN:6  Registered multicast MAC addresses
 LSN:7  Registered virtual MAC/IP addresses
 LSN:8  Registered aliases
 LSN:9  Current timer state (ticks)
 LSN:11 NCBs at upper interface
 LSN:12 Local Addresses summary
 LSN:20 Sessions to Ethernet

72.5.4. How can I filter the NAT sessions?

Type the command d nat maps ip:<ip_address>. For example:

[13:01:23] ABILIS_CPX:d nat maps

Number of records in standard table: 39

S A TYPE SRC-ADDRESS     SP/ID DST-ADDRESS     DP/ID ALS-ADDRESS     ALIAS  TM
-------------------------------------------------------------------------------
IOS UDP  192.168.030.001  5060 083.211.227.015  5060 192.168.001.100  1024   80
IOS UDP  192.168.030.002 11826 087.241.097.125 49152 192.168.001.100  6339  139
IOS UDP  192.168.030.002 11826 096.028.041.076 44121 192.168.001.100  1121   37
IOS TCP  192.168.030.002 59013 205.188.005.066   443 192.168.001.100  1027  358
IOS UDP  192.168.030.002 11826 178.150.129.152 61956 192.168.001.100  6331  136
IOS TCP  192.168.030.003  1038 074.125.232.112    80 192.168.001.100  6342  353
IOS TCP  192.168.030.003  1041 074.125.232.112    80 192.168.001.100  6343  355
IOS TCP  192.168.030.002 38353 064.004.061.088  1863 192.168.001.100  1032  336
IOS UDP  192.168.030.002 11826 178.049.048.004 31799 192.168.001.100  6334  123
IOS TCP  192.168.030.003  1042 074.125.232.116    80 192.168.001.100  6344  355
IOS UDP  192.168.030.002 11826 178.213.109.009 58305 192.168.001.100  6336  125
IOS TCP  192.168.030.003  1043 063.245.209.093    80 192.168.001.100  6345  360
IOS TCP  192.168.030.003  1044 212.058.244.057    80 192.168.001.100  6346  360
IOS TCP  192.168.030.003  1045 195.022.200.144    80 192.168.001.100  6347  360
IOS UDP  192.168.030.002 11826 079.100.139.017 20685 192.168.001.100  6236   86
IOS UDP  192.168.030.002 11826 087.248.174.154 19652 192.168.001.100  6239   86
IOS UDP  192.168.030.002 11826 184.190.196.131 37255 192.168.001.100  3701   96
IOS UDP  192.168.030.002 11826 098.232.048.010 47217 192.168.001.100  3706   81
IOS UDP  192.168.030.002 11826 217.201.019.166 51716 192.168.001.100  5801   61
IOS UDP  192.168.030.002 11826 188.186.052.100 47055 192.168.001.100  5808   82
IOS UDP  192.168.030.002 11826 203.218.109.047 12984 192.168.001.100  4482   97
IOS UDP  192.168.030.002 11826 094.242.051.070 52094 192.168.001.100  1376  125
IOS UDP  192.168.030.002 11826 086.075.015.096 26070 192.168.001.100  3601  136
IOS UDP  192.168.030.002 11826 067.247.155.048 22434 192.168.001.100  2935   96
IOS UDP  192.168.030.002 11826 119.246.064.215 15665 192.168.001.100  4627    8
IOS UDP  192.168.030.002 11826 094.041.075.151 12840 192.168.001.100  5340   38
IOS UDP  192.168.030.002 11826 079.041.083.069 42176 192.168.001.100  6115   76
IOS UDP  192.168.030.002 11826 079.040.142.006 44256 192.168.001.100  4713   11
IOS UDP  192.168.030.002 11826 190.052.139.104 18460 192.168.001.100  5419  136
IOS UDP  192.168.030.002 11826 077.071.136.116 26322 192.168.001.100  5421  136
IOS UDP  192.168.030.002 11826 090.150.168.098 18684 192.168.001.100  5422   41
IOS UDP  192.168.030.002 11826 084.252.032.040 23716 192.168.001.100  6204   82
IOS UDP  192.168.030.002 11826 124.146.059.056 13975 192.168.001.100  4035   96
IOS UDP  192.168.030.002 11826 085.076.191.108 63279 192.168.001.100  4036   96
IOS UDP  192.168.030.002 11826 093.105.147.184 12357 192.168.001.100  4150  104
IOS UDP  192.168.030.002 11826 077.087.008.009 51520 192.168.001.100  3274   16
IOS UDP  192.168.030.002 11826 024.123.109.130 52283 192.168.001.100  3275   25
IOS UDP  192.168.030.002 11826 059.178.047.179 10028 192.168.001.100  4966  121
IOS UDP  192.168.030.002 11826 088.111.166.121 22324 192.168.001.100  4978   96


[13:01:32] ABILIS_CPX:d nat maps ip:192.168.30.3

Number of records in standard table: 34

S A TYPE SRC-ADDRESS     SP/ID DST-ADDRESS     DP/ID ALS-ADDRESS     ALIAS  TM
-------------------------------------------------------------------------------
IOS TCP  192.168.030.003  1038 074.125.232.112    80 192.168.001.100  6342  320
IOS TCP  192.168.030.003  1041 074.125.232.112    80 192.168.001.100  6343  322
IOS TCP  192.168.030.003  1042 074.125.232.116    80 192.168.001.100  6344  322
IOS TCP  192.168.030.003  1045 195.022.200.144    80 192.168.001.100  6347  327

By typing the debug res:nat lsn:0 command it is possible to display the help of the debug command.

[19:03:49] ABILIS_CPX:d nat maps ?

D NAT MAPS [filter:val]          Display any NAT active maps matching the
                                 specified filter(s)

Allowed filters on active maps:

IP:        Separate records by IP: ipadd[/mask]
S:         Separate records by source IP: ipadd[/mask]
D:         Separate records by destination IP: ipadd[/mask]
A:         Separate records by alias IP: ipadd[/mask]
SIDEIN:    Separate records by input  side of translation [IN, OUT, VPN, DMZ]
SIDEOUT:   Separate records by output side of translation [IN, OUT, VPN, DMZ]
ADDR:      Separate records by address type [SRC, DST]
TYPE:      Separate records by type of record [ICMP, TCP, UDP, FRAG, DNS, FTP
                                               FTPC, FTPD, SNMP, SNTP, PPTP,
                                               PPTPC, PPTPD]
PORT:      Separate records by source or destination port [1..65535]
SP:        Separate records by source port [1..65535]
DP:        Separate records by destination port [1..65535]
ID:        Separate records by id [1..65535]
ALIAS:     Separate records by alias port/id [1..65535]

Active map fields:

S           Side (incoming/outgoing, can be I, O, V, D)
A           Address type (source/destination, can be S, D
TYPE        Protocol type
SRC-ADDRESS Source IP address
SP/ID       Source port/id
DST-ADDRESS Destination IP address
DP/ID       Destination port/id
ALS-ADDRESS Alias IP address
ALIAS       Alias port/id
TM          Map lifetime
[Tip]Tip

Type debug res:nat lsn:0 to display the help of the debug command.