Cool Cisco Certification exam Debug Tricks – Syslog & AS Number

Home > Blogs > Cisco > Cool Cisco Certification exam Debug Tricks – Syslog & AS Number

Cool Cisco Certification exam Debug Tricks – Syslog & AS Number

Like This Blog 2 Mark Jacob
Added by October 1, 2012

If you are studying for a Cisco certification exam, odds are that you work in lab-type situations frequently. Maybe you use GNS3 or even one of the Virtual Lab solutions offered on the Cisco website. If that is the case, I have a couple of cool tricks to share with you.

One of them is related to syslog traffic. If you are not inclined to create an actual syslog server inside your virtual environment, but you still want to verify that syslog messages are being sent and received, try this process on one of your routers (the one you want to be your ‘fake’ syslog server).

First, create an extended access-list to match syslog traffic:

(config)# ip access-list extended 101
(config-ext-nacl)# permit udp any host 10.250.250.2 eq syslog

(The ip address 10.250.250.2 is assigned to a Loopback interface on the syslog-receiving router.)

Now create a debug command to watch for traffic matching that access-list:

# debug ip packet 101

Now if you go to another device in your virtual network (or real one too, this works either way) and configure it to send syslog messages to 10.250.250.2, you will see that traffic happens on the receiving device. Here’s a sample of output you can expect to see:

virtual network output cisco debugging tricks

We are not really concerned here about deciphering the content, we just want to verify that syslog messages are being sent and received. The above output shows that we have succeeded!

A second cool trick is one for which I have been hunting myself for a while. I wanted to know how a person could retrieve the Autonomous System (AS) number in use if I wasn’t ‘in the know.’ For instance, I am on a router which is in the network, but on which the EIGRP routing protocol has not been configured. In this case, how can I determine the AS number in use? This is a trivial matter if my router IS running EIGRP and is already configured with the correct AS number. show ip eigrp topology will return the results I seek. Here is some sample output from that command:

show ip eigrp topology cisco debugging tricks

The AS number is clearly evident. But when I am not configured, what can I do? I presented this challenge in a recent class and a student named Cara returned the next day with the following suggestion (she did not claim credit; she said someone told her, but I still appreciated her sharing).
First, create an extended access list to identify what you wish to observe. As EIGRP uses the multicast address of 224.0.0.10 to communicate, let’s latch on to that:

(config)# ip access-list extended 102
(config-ext-nacl)#permit ip any host 224.0.0.10

That’s all we need. Now we need to debug with the ‘dump’ keyword to push the raw data to the screen:

# debug ip packet detail 102 dump

Here is some sample output:

debug ip packet detail dump cisco debugging tricks

What we want to focus on here is the fifth hex chunk AFTER the E000000A. We can see above that the fifth chunk is hex 64. Some quick arithmetic will reveal that this is decimal value 100. Voila! There it is! The AS number in use is 100. That is so cool.

Now I have searched the net for that little gem, but I didn’t find that information until after Cara shared with me. But it is out there; apparently I need to refine my search engine skills even further. It must be a question of knowing what questions to ask. (Isn’t it always?!) Oh well, I am happy that I can sleep now that this persistent gnawing at my brain has been put to rest.

If you have any cool debug tricks you would like to share, I would love to hear about them!
Enjoy,

Mark Jacob
Cisco Instructor – Interface Technical Training
Phoenix, AZ

Videos You May Like

Agile Methodology in Project Management

0 162 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Windows 10 Managing, Deploying and Configuring – December 2, 2015

0 444 1

In this recorded Windows 10 training webinar from December 2, 2015, Windows Server instructor Rick Trader presents the deployment and management of Windows 10 Enterprise and the new Provisioning capability in Windows 10. Learn how to manage Windows 10 deployments using System Center Configuration Manager, Mobile Device Management and Intune. Also included in his presentation … Continue reading Windows 10 Managing, Deploying and Configuring – December 2, 2015

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 647 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.