Cisco ルータの OS である IOS には、その名も debug というデバッグ (というか、ネットワークの状況把握)用のコマンドが用意されています。 ここではデバッグ用コマンドの使い方について説明します。
まずログインし、特権モードに入ります
cclrc@cclrc201:~$ telnet router1 Trying 10.180.150.204... Connected to router1e0. Escape character is '^]'. User Access Verification Password: router1>enable Password:
仮想端末の状態を確認します。ここがきちんと設定されていないと、 デバッグの結果を telent の画面に表示できません。
router1#show line vty 0
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
* 2 VTY - - - - - 2 0 0/0
Line 2, Location: "", Type: "kterm"
Length: 25 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: Ready, Active, No Exit Banner
Capabilities: none
Modem state: Ready
Special Chars: Escape Hold Stop Start Disconnect Activation
^^x none - - none
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
00:10:00 never none not set
Idle Session Disconnect Warning
never
Modem type is unknown.
Session limit is not set.
Time since activation: 00:00:13
Editing is enabled.
History is enabled, history size is 10.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed transports are pad v120 telnet rlogin. Preferred is telnet.
No output characters are padded
No special data dispatching characters
Timeouts: のところの Idle EXEC というのは、一定時間内(ここでは10分) に端末からのコマンド入力がなければセッションを切断しますということです。 長時間の監視を行いたいので、ここは無制限にしました。
router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. router1(config)#line vty 0 router1(config-line)#no exec-timeout router1(config-line)#exit router1(config)#exit router1# 5d19h: %SYS-5-CONFIG_I: Configured from console by vty0 (10.181.141.1)
最後の1行は、 vty0 という仮想端末から設定が変更されたというメッセージです。 行頭の 5d19h は起動時からの通算稼動時間(uptime)です。
では、本題の debug コマンドです。 何ができるか見てみましょう。
router1#debug ?
aaa AAA Authentication, Authorization and Accounting
access-expression Boolean access expression
all Enable all debugging
arp IP ARP and HP Probe transactions
async Async interface information
callback Callback activity
cdp CDP information
chat Chat scripts activity
compress COMPRESS traffic
confmodem Modem configuration database
cpp Cpp information
custom-queue Custom output queueing
dhcp DHCP client activity
dialer Dial on Demand
dnsix Dnsix information
domain Domain Name System
dxi atm-dxi information
eigrp EIGRP Protocol information
entry Incoming queue entries
ethernet-interface Ethernet network interface events
frame-relay Frame Relay
ip IP information
lapb LAPB protocol transactions
lex LAN Extender protocol
list Set interface or/and access list for the next debug
command
llc2 LLC2 type II Information
modem Modem control/process activation
nhrp NHRP protocol
ntp NTP information
nvram Debug NVRAM behavior
packet Log unknown packets
pad X25 PAD protocol
pcbus PCbus interface information
ppp PPP (Point to Point Protocol) information
printer LPD printer protocol
priority Priority output queueing
probe HP Probe Proxy Requests
radius RADIUS protocol
rif RIF cache transactions
serial Serial interface information
smf Software MAC filter
snapshot Snapshot activity
snmp SNMP information
spanning Spanning-tree information
standby Hot standby protocol
tacacs TACACS authentication and authorization
tbridge Transparent Bridging
telnet Incoming telnet connections
tftp TFTP packets
token Token Ring information
tunnel Generic Tunnel Interface
v120 V120 information
vtemplate Virtual Template information
x25 X.25 information
むむむ、1つ1つ説明するには、ちとつらいものがありますね (といって、意味がわからないのをごまかしたりする)。
たとえば、特定のパケットを表示させるといったことができます。
router1#show debug ←現在の debug 状況:なし router1#debug ip icmp ←icmp パケットを表示させる ICMP packet debugging is on router1#terminal monitor ← debug の出力を端末に表示させる。 router1# 5d19h: ICMP: echo reply sent, src 10.181.250.170, dst 10.181.141.71 (10.181.141.71 さんからの ping に対する、10.180.151.170 さんからの返事が、このルータを通過したことを示します) 5d19h: ICMP: echo reply sent, src 10.180.151.204, dst 10.181.141.71 router1#undebug ip icmp ←icmp パケットの表示をやめる ICMP packet debugging is off
ここから、都合により別のルータを使います。
cclrc@cclrc201:~$ telnet router2 Trying 10.97.2.205... Connected to router2e0. Escape character is '^]'. User Access Verification Password: router2>enable Password:
こんな感じのルータです。
router2#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-I-L), Version 11.2(18), RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Mon 05-Apr-99 19:52 by jaturner Image text-base: 0x0302315C, data-base: 0x00001000 ROM: System Bootstrap, Version 11.0(10c), SOFTWARE BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1) router2 uptime is 1 week, 4 days, 23 hours, 43 minutes System restarted by power-on System image file is "flash:c2500-i-l.112-18", booted via flash cisco 2500 (68030) processor (revision L) with 6144K/2048K bytes of memory. Processor board ID 13269705, with hardware revision 00000000 Bridging software. X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. 2 Ethernet/IEEE 802.3 interface(s) 2 Serial network interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read ONLY) Configuration register is 0x2102
ここでは、INS による発呼/着呼について追ってみましょう。 では、デバッグを開始します。
router2#debug dialer ←ダイヤルオンデマンド機能のログ Dial on demand events debugging is on router2#debug ppp ? authentication CHAP and PAP authentication error Protocol errors and error statistics multilink Multilink activity negotiation Protocol parameter negotiation packet Low-level PPP packet dump router2#debug ppp negotiation ←ppp ネゴシエーションのログ PPP protocol negotiation debugging is on router2#config terminal Enter configuration commands, one per line. End with CNTL/Z. router2(config)#line vty 0 router2(config-line)#no exec-timeout router2(config-line)#exit router2(config)#exit router2#terminal monitor router2# 1w4d: Se0 LCP: I CONFREQ [Closed] id 20 len 19 1w4d: Se0 LCP: MRU 512 (0x01040200) 1w4d: Se0 LCP: AuthProto CHAP (0x0305C22305) 1w4d: Se0 LCP: MagicNumber 0x69460186 (0x050669460186) 1w4d: Se0 LCP: Lower layer not up, discarding packet 1w4d: %LINK-3-UPDOWN: Interface Serial0, changed state to up 1w4d: Serial0: Dialer received incoming call from←着信した 1w4d: Se0 PPP: Treating connection as a callin 1w4d: Se0 PPP: Phase is ESTABLISHING, Passive Open 1w4d: Se0 LCP: State is Listen 1w4d: Se0 LCP: I CONFREQ [Listen] id 21 len 19 1w4d: Se0 LCP: MRU 512 (0x01040200) 1w4d: Se0 LCP: AuthProto CHAP (0x0305C22305) 1w4d: Se0 LCP: MagicNumber 0x69460186 (0x050669460186) 1w4d: Se0 LCP: O CONFREQ [Listen] id 48 len 19 1w4d: Se0 LCP: MRU 512 (0x01040200) 1w4d: Se0 LCP: AuthProto CHAP (0x0305C22305) 1w4d: Se0 LCP: MagicNumber 0x4E3219DB (0x05064E3219DB) 1w4d: Se0 LCP: O CONFACK [Listen] id 21 len 19 1w4d: Se0 LCP: MRU 512 (0x01040200) 1w4d: Se0 LCP: AuthProto CHAP (0x0305C22305) 1w4d: Se0 LCP: MagicNumber 0x69460186 (0x050669460186) 1w4d: Se0 LCP: I CONFACK [ACKsent] id 48 len 19 1w4d: Se0 LCP: MRU 512 (0x01040200) 1w4d: Se0 LCP: AuthProto CHAP (0x0305C22305) 1w4d: Se0 LCP: MagicNumber 0x4E3219DB (0x05064E3219DB) 1w4d: Se0 LCP: State is Open 1w4d: Se0 PPP: Phase is AUTHENTICATING, by both ← CHAP 認証開始 1w4d: Se0 CHAP: O CHALLENGE id 48 len 32 from "router2" 1w4d: Se0 CHAP: I CHALLENGE id 7 len 32 from "router3" 1w4d: Se0 CHAP: Waiting for peer to authenticate first 1w4d: Se0 CHAP: I RESPONSE id 48 len 32 from "router3" 1w4d: Se0 CHAP: O SUCCESS id 48 len 4 1w4d: Se0 CHAP: Processing saved Challenge, id 7 1w4d: Se0 CHAP: O RESPONSE id 7 len 32 from "router2" 1w4d: Se0 CHAP: I SUCCESS id 7 len 4 1w4d: Se0 PPP: Phase is UP 1w4d: Se0 IPCP: O CONFREQ [Closed] id 48 len 10 1w4d: Se0 IPCP: Address 10.181.241.1 (0x03060AB5F101) 1w4d: Se0 IPCP: I CONFREQ [REQsent] id 7 len 10 1w4d: Se0 IPCP: Address 10.181.241.200 (0x03060AB5F1C8) 1w4d: Se0 IPCP: O CONFACK [REQsent] id 7 len 10 1w4d: Se0 IPCP: Address 10.181.241.200 (0x03060AB5F1C8) 1w4d: Se0 IPCP: I CONFACK [ACKsent] id 48 len 10 1w4d: Se0 IPCP: Address 10.181.241.1 (0x03060AB5F101) 1w4d: Se0 IPCP: State is Open 1w4d: dialer Protocol up for Se0 1w4d: Se0 IPCP: Install route to 10.181.241.200 ←経路が追加された 1w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to up 1w4d: Serial0: idle timeout ←無通信監視タイムアウトで切断フェーズへ 1w4d: Serial0: disconnecting call 1w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down 1w4d: %LINK-3-UPDOWN: Interface Serial0, changed state to down 1w4d: Se0 IPCP: State is Closed 1w4d: Se0 PPP: Phase is TERMINATING 1w4d: Se0 LCP: State is Closed 1w4d: Se0 PPP: Phase is DOWN 1w4d: Se0 IPCP: Remove route to 10.181.241.200 ←経路が削除された 1w4d: Serial0: re-enable timeout
とてもすべてをご紹介することはできませんが、ま、 こんなこともできるよという例でした。
