FAQ-How to Determine Whether the USG9520 Discards a Data Packet

Publication Date:  2015-10-31 Views:  268 Downloads:  0
Issue Description
Unlike the USG2000 and USG5000, the USG9520 cannot display traffic statistics to view discarded packets. If a packet is discarded by the USG9520, no session entry is generated. Then how to rapidly determine whether a packet reaches the USG9520 and whether the USG9520 discards the packet.
Solution
When locating faults on a USG9520, you can run the following debugging commands to display packet processing statistics on the SPU. If no output is displayed, the USG9520 does not receive any packet.

1. Define an ACL for the test IP address.

acl 3999
rule 5 permit tcp source 210.21.230.28

2. Enable debugging.

terminal monitor
terminal debugging
debugging dataplane  trace acl 3999

For example, when the USG9520 receives a packet, the following inforamtion can be displayed:

HRP_M<USG9520>
# <PACKET-TRACER:3/3/8:1568246285> TCP: X.21.230.28:50697 -> X.168.225.2:21 pkt-id:8585
New packet arrived, interface: 1f42105, zone: 10, vrf: 0
# <PACKET-TRACER:3/3/8:1568246285> TCP: X.21.230.28:50697 -> X.168.225.2:21 pkt-id:8585
The receiving interface changes to 0x03f42002.
# <PACKET-TRACER:3/3/8:1568246285> TCP: X.21.230.28:50697 -> X.168.225.2:21 pkt-id:8585
DROP-PACKET:SYN-FLOOD defend

END