Cisco IOS XR IP Addresses and Services Debug Command Reference, Release 3.6
Access List Debug Commands on Cisco IOS XR Software
Download this chapter
Access List Debug Commands on Cisco IOS XR SoftwareAccess List Debug Commands on Cisco IOS XR Software
Download the complete book
Cisco IOS XR IP Addresses and Services Debug Command Reference, Release 3.6Cisco IOS XR IP Addresses and Services Debug Command Reference, Release 3.6 (PDF - 3 MB)
give_us_feedback

Table Of Contents

Access List Debug Commands on Cisco IOS XR Software

debug ipv4 access-list cfg-agent

debug ipv4 access-list cls

debug ipv4 access-list dispatch

debug ipv4 access-list dll

debug ipv4 access-list manager

debug ipv6 access-list cfg-agent

debug ipv6 access-list daemon

debug ipv6 access-list dll


Access List Debug Commands on Cisco IOS XR Software

This chapter describes the commands used to debug access list problems.

debug ipv4 access-list cfg-agent

To enable IP version 4 (IPv4) access list configuration agent debugging, use the debug ipv4 access-list cfg-agent command in EXEC mode. To disable the debugging of the IPv4 access list configuration agent, use the no form of this command.

debug ipv4 access-list cfg-agent {all | errors | info | regexp regular-expression | trace}

no debug ipv4 access-list cfg-agent {all | errors | info | regexp regular-expression | trace}

Syntax Description

all

Displays all IPv4 ACL configuration agent-related debug information (all debug types).

errors

Displays IPv4 ACL configuration agent error debug information.

info

Displays IPv4 ACL configuration agent detailed debug information.

regexp regular-expression

Displays IPv4 ACL configuration agent function flow debug information.

trace

Displays IPv4 ACL configuration agent function calls trace debug information.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.4.0

This command was introduced on the Cisco CRS-1 and Cisco XR 12000 Series Router.

Release 3.5.0

No modification.

Release 3.6.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID
Operations

ipv4

read

acl

read


Examples

The following example shows how to enable IPv4 access list configuration agent debugging: 

RP/0/RP0/CPU0:router# debug ipv4 access-list cfg-agent all

debug ipv4 access-list cls

To enable IP version 4 (IPv4) access list classification debugging, use the debug ipv4 access-list cls command in EXEC mode. To disable the debugging of the IPv4 access list classification, use the no form of this command.

debug ipv4 access-list cls {all | data | errors | info | match | regexp function | trace}

no debug ipv4 access-list cls {all | data | errors | info | match | regexp function | trace}

Syntax Description

all

Displays all IPv4 ACL classification debug information (all debug types).

data

Displays IPv4 ACL classification related debug information.

errors

Displays IPv4 ACL classification error debug information.

info

Displays IPv4 ACL classification detailed debug information.

match

Displays IPv4 ACL classification match debug information.

regexp function

Displays IPv4 ACL classification function flow debug information.

trace

Displays IPv4 ACL classification function calls for trace debug information.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.4.0

This command was introduced on the Cisco CRS-1 and Cisco XR 12000 Series Router.

Release 3.5.0

The trace keyword was added.

Release 3.6.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID
Operations

ipv4

read

acl

read


Examples

The following example shows how to enable ACL classification debugging: 

RP/0/RP0/CPU0:router# debug ipv4 access-list cls all

debug ipv4 access-list dispatch

To enable IP version 4 (IPv4) access list dispatcher debugging, use the debug ipv4 access-list dispatch command in EXEC mode. To disable the debugging of the IPv4 access list dispatch, use the no form of this command.

debug ipv4 access-list dispatch {all | data | ens | errors | info | regexp regular-expression | timers | trace}

no debug ipv4 access-list dispatch {all | data | ens | errors | info | regexp regular-expression | timers | trace}

Syntax Description

all

Displays all IPv4 ACL dispatcher debug information (all debug types).

data

Displays IPv4 ACL dispatcher-related debug information.

ens

Displays IPv4 ACL dispatcher Event Notification Service (ENS) and Name Registration Service (NRS)-related debug information.

errors

Displays IPv4 ACL dispatcher error debug information.

info

Displays IPv4 ACL dispatcher detailed debug information.

regexp regular-expression

Displays IPv4 ACL dispatcher function flow debug information.

timers

Displays IPv4 ACL dispatcher timer debug information.

trace

Displays IPv4 ACL dispatcher trace of function calls for debug information.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.4.0

This command was introduced on the Cisco CRS-1 and Cisco XR 12000 Series Router.

Release 3.5.0

The trace keyword was added.

Release 3.6.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID
Operations

ipv4

read

acl

read


Examples

The following example shows how to enable IPv4 access list dispatch debugging: 

RP/0/RP0/CPU0:router# debug ipv4 access-list dispatch all

debug ipv4 access-list dll

To enable IP version 4 (IPv4) access list dynamic link library (DLL) debugging, use the debug ipv4 access-list dll command in EXEC mode. To disable the debugging of the IPv4 access list DLL, use the no form of this command.

debug ipv4 access-list dll {all | data | errors | info | match | nexthops | regexp regular-expression | timers | trace} [location node-id]

no debug ipv4 access-list dll {all | data | errors | info | match | nexthops | regexp regular-expression | timers | trace} [location node-id]

Syntax Description

all

Displays all IPv4 ACL DLL debug information (all debug types).

data

Displays IPv4 ACL DLL-related debug information.

errors

Displays IPv4 ACL DLL error debug information.

info

Displays IPv4 ACL DLL detailed debug information.

match

Displays IPv4 ACL DLL matches for debug information.

nexthops

Displays IPv4 ACL DLL next hops for debug information.

location node-id

Specifies a location. The node-id argument is entered in the rack/slot/module notation.

regexp regular-expression

Displays IPv4 ACL DLL function flow debug information.

timers

Displays IPv4 ACL DLL timer debug information.

trace

Displays IPv4 ACL DLL trace function calls for debug information.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.4.0

This command was introduced on the Cisco CRS-1 and Cisco XR 12000 Series Router.

Release 3.5.0

The following keywords were added to support ACL-based forwarding on the Cisco CRS-1:

match

nexthops

location node-id

The trace keyword was added.

Release 3.6.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID
Operations

ipv4

read

acl

read


Examples

The following example shows how to enable IPv4 access list DLL debugging: 

RP/0/RP0/CPU0:router# debug ipv4 access-list dll all

debug ipv4 access-list manager

To enable IP version 4 (IPv4) access list manager debugging, use the debug ipv4 access-list manager command in EXEC mode. To disable the debugging of the IPv4 access list manager, use the no form of this command.

debug ipv4 access-list manager {all | data | ens | errors | info | nexthops | regexp regular-expression | timers | trace}

no debug ipv4 access-list manager {all | data | ens | errors | info | nexthops | regexp regular-expression | timers | trace}

Syntax Description

all

Displays all IPv4 ACL manager debug information (all debug types).

data

Displays IPv4 ACL manager-related debug information.

ens

Displays IPv4 ACL manager Event Notification Service (ENS) and Name Registration Service (NRS)-related debug information.

errors

Displays IPv4 ACL manager error debug information.

info

Displays IPv4 ACL manager detailed debug information.

nexthops

Displays IPv4 ACL DLL next hops for debug information.

regexp regular-expression

Displays IPv4 ACL manager function flow debug information.

timers

Displays IPv4 ACL manager timer debug information.

trace

Displays IPv4 ACL manager trace of function debug information.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.4.0

This command was introduced on the Cisco CRS-1 and Cisco XR 12000 Series Router.

Release 3.5.0

The nexthops keyword was added to support ACL-based forwarding on the Cisco CRS-1.

Release 3.6.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID
Operations

ipv4

read

acl

read


Examples

The following example shows how to enable IPv4 access list manager debugging: 

RP/0/RP0/CPU0:router# debug ipv4 access-list manager all

debug ipv6 access-list cfg-agent

To enable IP version 6 (IPv6) access list (ACL) configuration agent debugging, use the debug ipv6 access-list cfg-agent command in EXEC mode. To disable the debugging of IPv6 access list configuration agent, use the no form of this command.

debug ipv6 access-list cfg-agent {all | errors | info | trace}

no debug ipv6 access-list cfg-agent {all | errors | info | trace}

Syntax Description

all

Displays all IPv6 ACL configuration agent debug information (all debug types).

errors

Displays IPv6 ACL configuration agent error debug information.

info

Displays IPv6 ACL configuration agent debug information.

trace

Displays IPv6 ACL configuration agent trace of function debug information.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 2.0

This command was introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.

Release 3.5.0

No modification.

Release 3.6.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID
Operations

ipv6

read

acl

read


Examples

The following example shows how to enable IPv6 access list configuration agent debugging for all access lists: 

RP/0/RP0/CPU0:router# debug ipv6 access-list cfg-agent all

debug ipv6 access-list daemon

To enable IP version 6 (IPv6) access list daemon debugging, use the debug ipv6 access-list daemon command in EXEC mode. To disable the debugging of IPv6 access list daemon, use the no form of this command.

debug ipv6 access-list daemon {all | ens | errors | info | trace}

no debug ipv6 access-list daemon {all | ens | errors | info | trace}

Syntax Description

all

Displays all IPv6 ACL daemon debug information (all debug types).

ens

Displays Event Notification Service (ENS) and Name Registration Service (NRS) related daemon operations debug information.

errors

Displays IPv6 ACL daemon error debug information.

info

Displays IPv6 ACL daemon debug information.

trace

Displays IPv6 ACL daemon trace of function call debug information.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 2.0

This command was introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.

Release 3.5.0

No modification.

Release 3.6.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID
Operations

ipv6

read

acl

read


Examples

The following example shows how to enable IPv6 access list daemon debugging for all access lists: 

RP/0/RP0/CPU0:router# debug ipv6 access-list daemon all

debug ipv6 access-list dll

To enable IP version 6 (IPv6) access list dynamic link library (DLL) debugging, use the debug ipv6 access-list dll command in EXEC mode. To disable the debugging of IPv6 access list DLLs, use the no form of this command.

debug ipv6 access-list dll {all | errors | info | match | trace} [location node-id]

no debug ipv6 access-list dll {all | errors | info | match | trace} [location node-id]

Syntax Description

all

Displays all IPv6 ACL DLL debug information (all debug types).

errors

Displays IPv6 ACL DLL error debug information.

info

Displays IPv6 ACL DLL debug information.

match

Displays IPv6 ACL DLL match debug information.

trace

Displays IPv6 ACL DLL trace debug information.

location node-id

Specifies a location. The node-id argument is entered in the rack/slot/module notation.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 2.0

This command was introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

This command was supported on the Cisco XR 12000 Series Router.

Release 3.3.0

No modification.

Release 3.4.0

No modification.

Release 3.5.0

The trace and location keywords were added.

Release 3.6.0

No modification.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Debugging output is assigned high priority in the CPU process and, therefore, can affect system performance. For more information about the impact on system performance when using debug commands, refer to Using Debug Commands on Cisco IOS XR Software.

Task ID

Task ID
Operations

ipv6

read

acl

read


Examples

The following example shows how to enable IPv6 access list DLL debugging for all access lists: 

RP/0/RP0/CPU0:router# debug ipv6 access-list dll all