From: Scott Strobeck (scott@strobeck.net)
Date: Thu Jul 31 2008 - 13:12:10 ART
Chris,
This is typical behavior with cef-switched traffic. If it never makes
it to the CPU, then it can't be monitored. So, yes, you should disable
'ip cef' in the lab to run these debugs. I can't think of any downside
to disabling cef except the higher cpu, which isn't an issue in a lab.
Just remember to re-enable it when you're done. . . who knows what those
scripts check for!!
Scott
Christopher Copley wrote:
> Experts,
>
> I am working with TCP intercept and noticed I can only get my router to
> see watched traffic and get any debug output unless I disable cef
> switching. My config looks like this...
>
> ===================================
> no ip cef
>
> access-list 199 permit tcp any 150.1.4.0 0.0.0.255 eq www
>
> ip tcp intercept list 199
> ip tcp intercept connection-timeout 3600
> ip tcp intercept max-incomplete low 1200
> ip tcp intercept max-incomplete high 1500
> ip tcp intercept drop-mode random
> ===================================
>
> Is this normal behavior? And if I am in the lab and I am only able to get
> any tcp intercept debug output to work is to disable cef should I do it?
>
> Thanks
> Chris
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:58 ART