CCIE 400-101: Network Principles - debug, conditional debug, ping, traceroute with extended options


  • debug provides invaluable, real-time information for troubleshooting a problem.
  • Use debug commands with caution.
  • debug commands can be very noisy and spitting excessive output on the console can easily crash an IOS device. This is because IOS automatically prioritizes console output ahead of other router functions.
  • Before you start a debug command, always consider the output that this command will generate and the amount of time this can take.
  • Before debugging, look at your CPU load with the show processes cpu command. Verify that you have ample CPU available before you begin the debugs.
  • Routers can display debug outputs to various interfaces, including the console, aux, and vty ports.
  • Routers can also log messages to an internal buffer to an external syslog server.
  • By default, logging is enabled on the console port and the console port always processes debug output even if another method (such as vty or buffer) is used to capture the output.
  • Hence, Cisco recommends to have the no logging console enabled at all times.
  • To see debug output over a Telnet connection, use the terminal monitor command.
  • To log messages to an internal buffer instead of the console (default), use the logging buffered command.
  • The logging buffered command copies log messages to an internal buffer instead of writing them to the console.
  • The buffer is circular in nature, so newer messages overwrite older messages.
  • The show logging command displays the messages logged in the buffer from oldest to newest.
  • The buffer size and severity level can also be manually defined (logging buffered <size> and logging buffered <severity-level>, respectively).
  • Enable msec timestamps for accurate timing of debug outputs.
  • Stop debugging using no debug all or undebug all (u all).


Conditional debug

  • Conditional debug is a powerful tool to filter out unnecessary debug output. 
  • It allows IOS to display information that matches only specified parameters. 
  • For example, an access-list can be referenced in the debug ip packet command to narrow down the lengthy output traffic between specific hosts. 
  • See also: IOS Conditional Debugging.

pingtraceroute with extended options

  • The ping command is a very common and powerful tool for troubleshooting IP reachability.
  • Ping uses a series of ICMP messages to verify connectivity.
  • The ping is successful only if:
    • the echo request reaches the destination, and
    • the destination is able to send an echo reply back to the source before the timeout expires (two seconds by default).
  • Ping uses different codes to signify specific conditions:
    • ! = receipt of a reply
    • . = timeout while waiting for a reply
    • U = a destination unreachable error was received
    • Q = source quench (destination too busy)
    • M = could not fragment
    • ? = unknown packet type
    • & = packet lifetime exceeded


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

  • The extended ping is used to perform a more advanced check of host reachability and network connectivity.
  • There is a multitude of options that can be set with the extended ping.
  • Example: When a normal ping command is sent from a router, the source address of the ping is the IP address of the interface that the packet uses to exit the router. If an extended ping command is used, the source IP address can be changed to any IP address on the router.

Router A#ping
Protocol [ip]:
Target IP address:
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/97/132 ms

  • The traceroute command is used to discover the routes that packets actually take when traveling to their destination.
  • Three datagrams are sent, each with a TTL value of 1.
  • The TTL value of 1 causes the datagram to timeout at the first router, which then responds with an ICMP time exceeded message.
  • The next set of datagrams is sent with an initial TTL+1, causing the second router to return the ICMP time exceeded message.
  • This process continues until the packets actually reach the destination.
  • The traceroute also has a list of possible output codes:
    • xx msec = RTT for each node for the specified number of probes
    • * = the probe timed out
    • A = administratively prohibited (for example, an access-list)
    • Q = source quench (destination too busy)
    • I = user interrupted test
    • U = port unreachable
    • H = host unreachable
    • N = network unreachable
    • P = protocol unreachable
    • T = timeout
    • ? = unknown packet type



Type escape sequence to abort.
Tracing the route to

  1 4 msec 4 msec 4 msec
  2 20 msec 16 msec 16 msec
  3 16 msec *  16 msec 

  • The extended traceroute is a variation of the regular traceroute command.
  • Much like the extended ping, the extended traceroute is more granular and allows the administrator to set various parameters.

Router A>enable
Router A#traceroute
Protocol [ip]:
Target IP address:   
Source address:
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to

  1 16 msec 16 msec 16 msec
  2 28 msec 28 msec 32 msec
  3 32 msec 28 msec *   

See: Using the Extended ping and Extended traceroute Commands.