| Character | Description |
| nn msec | For each node, the round-trip time in milliseconds for the specified number of probes |
| * | The probe timed out |
| A | Administratively prohibited (eg: access lists) |
| Q | Source quench (destination too busy) |
| I | User interrupted test |
| U | Port unreachable |
| H | Host unreachable |
| N | Network unreachable |
| P | Protocol unreachable |
| T | Timeout |
| ? | Unknown packet type |
Below shows the output of the traceroute command in which 11.11.11.11 is an invalid IP address in the sample network and another router (3.3.3.2) has a black hole Null0 route to 0.0.0.0/0.
Router#trace 11.11.11.11 Type escape sequence to abort. Tracing the route to 11.11.11.11 1 2.2.2.2 40 msec 68 msec 40 msec 2 3.3.3.2 92 msec 24 msec 164 msec 3 3.3.3.2 !H * !H Router# Router#debug ip icmp ICMP packet debugging is on Router# Router#trace 11.11.11.11 Type escape sequence to abort. Tracing the route to 11.11.11.11 1 2.2.2.2 40 msec 16 msec 40 msec 2 3.3.3.2 108 msec 72 msec 56 msec 3 3.3.3.2 !H 00:27:17: ICMP: time exceeded rcvd from 2.2.2.2 00:27:17: ICMP: time exceeded rcvd from 2.2.2.2 00:27:17: ICMP: time exceeded rcvd from 2.2.2.2 00:27:17: ICMP: time exceeded rcvd from 3.3.3.2 00:27:17: ICMP: time exceeded rcvd from 3.3.3.2 00:27:17: ICMP: time exceeded rcvd from 3.3.3.2 00:27:18: ICMP: dst (2.2.2.1) host unreachable rcv from 3.3.3.2 * !H 00:27:21: ICMP: dst (2.2.2.1) host unreachable rcv from 3.3.3.2 Router#
Below shows the output of the traceroute command in which RT2 is configured with an access control list that blocked the UDP traceroute packets initiated by RT1:
RT1#ping 10.10.10.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/43/68 ms RT1# ====================================================================== RT2#conf t Enter configuration commands, one per line. End with CNTL/Z. RT2(config)#access-list 1 permit 1.1.1.1 RT2(config)#int s0/0 RT2(config-if)#ip access-group 1 in RT2(config-if)# ====================================================================== RT1#debug ip icmp ICMP packet debugging is on RT1# RT1#ping 10.10.10.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds: U 00:03:25.383: ICMP: dst (10.10.10.1) administratively prohibited unreachable rcv from 10.10.10.2.U 00:03:27.431: ICMP: dst (10.10.10.1) administratively prohibited unreachable rcv from 10.10.10.2.U Success rate is 0 percent (0/5) RT1# 00:03:29.467: ICMP: dst (10.10.10.1) administratively prohibited unreachable rcv from 10.10.10.2 RT1# RT1#sh run | in 0.0.0.0 ip route 0.0.0.0 0.0.0.0 10.10.10.2 RT1# RT1#trace 172.16.1.1 Type escape sequence to abort. Tracing the route to 172.16.1.1 1 10.10.10.2 !A 00:05:32.071: ICMP: dst (10.10.10.1) administratively prohibited unreachable rcv from 10.10.10.2 * !A RT1# 00:05:35.119: ICMP: dst (10.10.10.1) administratively prohibited unreachable rcv from 10.10.10.2 RT1#
No comments:
Post a Comment