Cool Cisco Certification exam Debug Tricks – Syslog & AS Number

Home > Blogs > Cisco > Cool Cisco Certification exam Debug Tricks – Syslog & AS Number

Cool Cisco Certification exam Debug Tricks – Syslog & AS Number

Like This Blog 2 Mark Jacob
Added by October 1, 2012

If you are studying for a Cisco certification exam, odds are that you work in lab-type situations frequently. Maybe you use GNS3 or even one of the Virtual Lab solutions offered on the Cisco website. If that is the case, I have a couple of cool tricks to share with you.

One of them is related to syslog traffic. If you are not inclined to create an actual syslog server inside your virtual environment, but you still want to verify that syslog messages are being sent and received, try this process on one of your routers (the one you want to be your ‘fake’ syslog server).

First, create an extended access-list to match syslog traffic:

(config)# ip access-list extended 101
(config-ext-nacl)# permit udp any host eq syslog

(The ip address is assigned to a Loopback interface on the syslog-receiving router.)

Now create a debug command to watch for traffic matching that access-list:

# debug ip packet 101

Now if you go to another device in your virtual network (or real one too, this works either way) and configure it to send syslog messages to, you will see that traffic happens on the receiving device. Here’s a sample of output you can expect to see:

virtual network output cisco debugging tricks

We are not really concerned here about deciphering the content, we just want to verify that syslog messages are being sent and received. The above output shows that we have succeeded!

A second cool trick is one for which I have been hunting myself for a while. I wanted to know how a person could retrieve the Autonomous System (AS) number in use if I wasn’t ‘in the know.’ For instance, I am on a router which is in the network, but on which the EIGRP routing protocol has not been configured. In this case, how can I determine the AS number in use? This is a trivial matter if my router IS running EIGRP and is already configured with the correct AS number. show ip eigrp topology will return the results I seek. Here is some sample output from that command:

show ip eigrp topology cisco debugging tricks

The AS number is clearly evident. But when I am not configured, what can I do? I presented this challenge in a recent class and a student named Cara returned the next day with the following suggestion (she did not claim credit; she said someone told her, but I still appreciated her sharing).
First, create an extended access list to identify what you wish to observe. As EIGRP uses the multicast address of to communicate, let’s latch on to that:

(config)# ip access-list extended 102
(config-ext-nacl)#permit ip any host

That’s all we need. Now we need to debug with the ‘dump’ keyword to push the raw data to the screen:

# debug ip packet detail 102 dump

Here is some sample output:

debug ip packet detail dump cisco debugging tricks

What we want to focus on here is the fifth hex chunk AFTER the E000000A. We can see above that the fifth chunk is hex 64. Some quick arithmetic will reveal that this is decimal value 100. Voila! There it is! The AS number in use is 100. That is so cool.

Now I have searched the net for that little gem, but I didn’t find that information until after Cara shared with me. But it is out there; apparently I need to refine my search engine skills even further. It must be a question of knowing what questions to ask. (Isn’t it always?!) Oh well, I am happy that I can sleep now that this persistent gnawing at my brain has been put to rest.

If you have any cool debug tricks you would like to share, I would love to hear about them!

Mark Jacob
Cisco Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

0 642 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

IPv6 Port Redirection

0 293 0

In this video, Cisco CCNA and CompTIA Network + Instructor Mark Jacob demonstrates how to do port redirections in IPv6. If you have any questions or comments, please feel free to post them. Until next time. Mark Jacob Cisco and CompTIA Network + Instructor – Interface Technical Training Phoenix, AZ

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 608 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

  1. Avatar Interface Technical Training

    Hi Stan, and thanks for your comment!

    It does, in fact, look like the sixth ‘chunk’ of output, but if you look closely at the far left column, it is actually incrementing (in hex), like an odometer. I checked various sources but I can’t find anywhere that states what the official name for this column of information is called (if you know, please share), so I just use it as an output line identifier to keep track of what line I am watching. Note the screen shot in my blog and you can see that the last two digits are proceeding in this pattern: 50, 60, 70, 80, 90 A0, B0, and so on. If you disregard this counter column, the data we seek are in the fifth chunk as noted.

    Thanks again for reading with an eye for detail!

  2. Avatar Stan

    In your AS number article above you said the 5th ‘ chunk’ after the E000000A gives the info. Is it not the 6th?

Share your thoughts...

Please fill out the comment form below to post a reply.