デバッグ用コマンド

Cisco ルータの OS である IOS には、その名も debug というデバッグ (というか、ネットワークの状況把握)用のコマンドが用意されています。 ここではデバッグ用コマンドの使い方について説明します。

まずログインし、特権モードに入ります

cclrc@cclrc201:~$ telnet router1
Trying 10.180.150.204...
Connected to router1e0.
Escape character is '^]'.


User Access Verification

Password: 
router1>enable 
Password: 

仮想端末の状態を確認します。ここがきちんと設定されていないと、 デバッグの結果を telent の画面に表示できません。

router1#show line vty 0
 Tty Typ     Tx/Rx     A Modem  Roty AccO AccI  Uses    Noise   Overruns
*  2 VTY               -    -      -    -    -     2        0        0/0

Line 2, Location: "", Type: "kterm"
Length: 25 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: Ready, Active, No Exit Banner
Capabilities: none
Modem state: Ready
Special Chars: Escape  Hold  Stop  Start  Disconnect  Activation
                ^^x    none   -     -       none         
Timeouts:      Idle EXEC    Idle Session   Modem Answer  Session   Dispatch
               00:10:00        never                        none     not set
                            Idle Session Disconnect Warning
                              never 
Modem type is unknown.
Session limit is not set.
Time since activation: 00:00:13
Editing is enabled.
History is enabled, history size is 10.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed transports are pad v120 telnet rlogin.  Preferred is telnet.
No output characters are padded
No special data dispatching characters

Timeouts: のところの Idle EXEC というのは、一定時間内(ここでは10分) に端末からのコマンド入力がなければセッションを切断しますということです。 長時間の監視を行いたいので、ここは無制限にしました。

router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
router1(config)#line vty 0
router1(config-line)#no exec-timeout 
router1(config-line)#exit
router1(config)#exit
router1#
5d19h: %SYS-5-CONFIG_I: Configured from console by vty0 (10.181.141.1)

最後の1行は、 vty0 という仮想端末から設定が変更されたというメッセージです。 行頭の 5d19h は起動時からの通算稼動時間(uptime)です。

では、本題の debug コマンドです。 何ができるか見てみましょう。

router1#debug ?
  aaa                 AAA Authentication, Authorization and Accounting
  access-expression   Boolean access expression
  all                 Enable all debugging
  arp                 IP ARP and HP Probe transactions
  async               Async interface information
  callback            Callback activity
  cdp                 CDP information
  chat                Chat scripts activity
  compress            COMPRESS traffic
  confmodem           Modem configuration database
  cpp                 Cpp information
  custom-queue        Custom output queueing
  dhcp                DHCP client activity
  dialer              Dial on Demand
  dnsix               Dnsix information
  domain              Domain Name System
  dxi                 atm-dxi information
  eigrp               EIGRP Protocol information
  entry               Incoming queue entries
  ethernet-interface  Ethernet network interface events
  frame-relay         Frame Relay
  ip                  IP information
  lapb                LAPB protocol transactions
  lex                 LAN Extender protocol
  list                Set interface or/and access list for the next debug
                      command
  llc2                LLC2 type II Information
  modem               Modem control/process activation
  nhrp                NHRP protocol
  ntp                 NTP information
  nvram               Debug NVRAM behavior
  packet              Log unknown packets
  pad                 X25 PAD protocol
  pcbus               PCbus interface information
  ppp                 PPP (Point to Point Protocol) information
  printer             LPD printer protocol
  priority            Priority output queueing
  probe               HP Probe Proxy Requests
  radius              RADIUS protocol
  rif                 RIF cache transactions
  serial              Serial interface information
  smf                 Software MAC filter
  snapshot            Snapshot activity
  snmp                SNMP information
  spanning            Spanning-tree information
  standby             Hot standby protocol
  tacacs              TACACS authentication and authorization
  tbridge             Transparent Bridging
  telnet              Incoming telnet connections
  tftp                TFTP packets
  token               Token Ring information
  tunnel              Generic Tunnel Interface
  v120                V120 information
  vtemplate           Virtual Template information
  x25                 X.25 information

むむむ、1つ1つ説明するには、ちとつらいものがありますね (といって、意味がわからないのをごまかしたりする)。

たとえば、特定のパケットを表示させるといったことができます。

router1#show debug  ←現在の debug 状況:なし
router1#debug ip icmp  ←icmp パケットを表示させる
ICMP packet debugging is on
router1#terminal monitor  ← debug の出力を端末に表示させる。
router1#
5d19h: ICMP: echo reply sent, src 10.181.250.170, dst 10.181.141.71
(10.181.141.71 さんからの ping に対する、10.180.151.170 
さんからの返事が、このルータを通過したことを示します)
5d19h: ICMP: echo reply sent, src 10.180.151.204, dst 10.181.141.71
router1#undebug ip icmp  ←icmp パケットの表示をやめる
ICMP packet debugging is off

ここから、都合により別のルータを使います。

cclrc@cclrc201:~$ telnet router2
Trying 10.97.2.205...
Connected to router2e0.
Escape character is '^]'.


User Access Verification

Password: 
router2>enable
Password: 

こんな感じのルータです。

router2#show version 
Cisco Internetwork Operating System Software 
IOS (tm) 2500 Software (C2500-I-L), Version 11.2(18), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 05-Apr-99 19:52 by jaturner
Image text-base: 0x0302315C, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)

router2 uptime is 1 week, 4 days, 23 hours, 43 minutes
System restarted by power-on
System image file is "flash:c2500-i-l.112-18", booted via flash

cisco 2500 (68030) processor (revision L) with 6144K/2048K bytes of memory.
Processor board ID 13269705, with hardware revision 00000000
Bridging software.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

ここでは、INS による発呼/着呼について追ってみましょう。 では、デバッグを開始します。

router2#debug dialer  ←ダイヤルオンデマンド機能のログ
Dial on demand events debugging is on

router2#debug ppp ?
  authentication  CHAP and PAP authentication
  error           Protocol errors and error statistics
  multilink       Multilink activity
  negotiation     Protocol parameter negotiation
  packet          Low-level PPP packet dump

router2#debug ppp negotiation  ←ppp ネゴシエーションのログ
PPP protocol negotiation debugging is on
router2#config terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
router2(config)#line vty 0
router2(config-line)#no exec-timeout 
router2(config-line)#exit
router2(config)#exit
router2#terminal monitor 
router2#
1w4d: Se0 LCP: I CONFREQ [Closed] id 20 len 19
1w4d: Se0 LCP:    MRU 512 (0x01040200)
1w4d: Se0 LCP:    AuthProto CHAP (0x0305C22305)
1w4d: Se0 LCP:    MagicNumber 0x69460186 (0x050669460186)
1w4d: Se0 LCP: Lower layer not up, discarding packet
1w4d: %LINK-3-UPDOWN: Interface Serial0, changed state to up
1w4d: Serial0: Dialer received incoming call from   ←着信した
1w4d: Se0 PPP: Treating connection as a callin
1w4d: Se0 PPP: Phase is ESTABLISHING, Passive Open
1w4d: Se0 LCP: State is Listen
1w4d: Se0 LCP: I CONFREQ [Listen] id 21 len 19
1w4d: Se0 LCP:    MRU 512 (0x01040200)
1w4d: Se0 LCP:    AuthProto CHAP (0x0305C22305)
1w4d: Se0 LCP:    MagicNumber 0x69460186 (0x050669460186)
1w4d: Se0 LCP: O CONFREQ [Listen] id 48 len 19
1w4d: Se0 LCP:    MRU 512 (0x01040200)
1w4d: Se0 LCP:    AuthProto CHAP (0x0305C22305)
1w4d: Se0 LCP:    MagicNumber 0x4E3219DB (0x05064E3219DB)
1w4d: Se0 LCP: O CONFACK [Listen] id 21 len 19
1w4d: Se0 LCP:    MRU 512 (0x01040200)
1w4d: Se0 LCP:    AuthProto CHAP (0x0305C22305)
1w4d: Se0 LCP:    MagicNumber 0x69460186 (0x050669460186)
1w4d: Se0 LCP: I CONFACK [ACKsent] id 48 len 19
1w4d: Se0 LCP:    MRU 512 (0x01040200)
1w4d: Se0 LCP:    AuthProto CHAP (0x0305C22305)
1w4d: Se0 LCP:    MagicNumber 0x4E3219DB (0x05064E3219DB)
1w4d: Se0 LCP: State is Open
1w4d: Se0 PPP: Phase is AUTHENTICATING, by both  ← CHAP 認証開始
1w4d: Se0 CHAP: O CHALLENGE id 48 len 32 from "router2"
1w4d: Se0 CHAP: I CHALLENGE id 7 len 32 from "router3"
1w4d: Se0 CHAP: Waiting for peer to authenticate first
1w4d: Se0 CHAP: I RESPONSE id 48 len 32 from "router3"
1w4d: Se0 CHAP: O SUCCESS id 48 len 4
1w4d: Se0 CHAP: Processing saved Challenge, id 7
1w4d: Se0 CHAP: O RESPONSE id 7 len 32 from "router2"
1w4d: Se0 CHAP: I SUCCESS id 7 len 4
1w4d: Se0 PPP: Phase is UP
1w4d: Se0 IPCP: O CONFREQ [Closed] id 48 len 10
1w4d: Se0 IPCP:    Address 10.181.241.1 (0x03060AB5F101)
1w4d: Se0 IPCP: I CONFREQ [REQsent] id 7 len 10
1w4d: Se0 IPCP:    Address 10.181.241.200 (0x03060AB5F1C8)
1w4d: Se0 IPCP: O CONFACK [REQsent] id 7 len 10
1w4d: Se0 IPCP:    Address 10.181.241.200 (0x03060AB5F1C8)
1w4d: Se0 IPCP: I CONFACK [ACKsent] id 48 len 10
1w4d: Se0 IPCP:    Address 10.181.241.1 (0x03060AB5F101)
1w4d: Se0 IPCP: State is Open
1w4d: dialer Protocol up for Se0
1w4d: Se0 IPCP: Install route to 10.181.241.200 ←経路が追加された
1w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up
1w4d: Serial0: idle timeout  ←無通信監視タイムアウトで切断フェーズへ
1w4d: Serial0: disconnecting call
1w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
1w4d: %LINK-3-UPDOWN: Interface Serial0, changed state to down
1w4d: Se0 IPCP: State is Closed
1w4d: Se0 PPP: Phase is TERMINATING
1w4d: Se0 LCP: State is Closed
1w4d: Se0 PPP: Phase is DOWN
1w4d: Se0 IPCP: Remove route to 10.181.241.200 ←経路が削除された
1w4d: Serial0: re-enable timeout

とてもすべてをご紹介することはできませんが、ま、 こんなこともできるよという例でした。