Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

How to debug what packets are being dropped on HP A-series (Comware)?

Apachez-
Trusted Contributor

How to debug what packets are being dropped on HP A-series (Comware)?

Since HP A-series (Comware) doesnt support logging of dropped packets the way for example Cisco does (where one can see srcip, dstip etc of the dropped packet in syslog) I wonder how one can troubleshoot what is being dropped by the packet-filter (ACL)?

 

In this case I think its a bug in 1809P09 for HP 5820X-24XG-SFP+ (JC102A) because once I detected I had an ACL reporting huge amoung of dropped traffic I rebooted the device and now its another ACL who reports huge amount of dropped traffic (where it isnt supposed to - that is the expected amount of dropped traffic should be close to 0).

 

Like this:

 

 rule 180 deny ip (3092485 times matched)

2 REPLIES
Vince-Whirlwind
Honored Contributor

Re: How to debug what packets are being dropped on HP A-series (Comware)?

Add "logging" to your rule line.

Apachez-
Trusted Contributor

Re: How to debug what packets are being dropped on HP A-series (Comware)?

As I wrote in my first line that doesnt work on Comware-devices.

 

What happens when you have a rule such as:

 

rule 180 deny ip logging (21598 times matched)

 

is that this shows up in the syslog every 5th minute:

 

"

%Jan 19 10:12:21:493 2012 <name_of_switch> ACL/6/log: Number 3147
rule 180 deny ip logging 21598 packet(s)

"

 

And the frequency of this is put in your syslog is made by:

 

"

[R1]acl logging frequence ?
INTEGER<0-1440> Value of time frequence(minutes), it must be a multiple of 5

"