http://kb.juniper.net/InfoCenter/index?page=content&id=KB5536&actp=search
Set logging the debug to the console (not sure that this is required might be an old command)
set console dbuf
Set your filters to match the interesting traffic
set ffilter src-ip xx.xx.xx.xx dst-ip yy.yy.yy.yy
set ffilter src-ip yy.yy.yy.yy dst-ip xx.xx.xx.xx
unset ffilter ? (to remove, usually use id "0")
Start the debug
Debug flow basic
(can also use 'debug flow drop' to only see drop/deny)
Generate your traffic
ping yy.yy.yy.yy
Stop the debug
Press ESC when finished or 'undebug all'
Show the debug output
get db stream
Clear the debug to do a fresh test without a wall of text
clear db
There is a lot of output but if you read through you should see the routing, nat and policy(ACL) matching and what happened to the traffic.
No comments:
Post a Comment