You can use the diagnose debug flow commands to do a policy simulation. An example of the output:
fw01 (root) # diagnose debug enable
fw01 (root) # diagnose debug flow show console enable
show trace messages on console
fw01 (root) # diagnose debug flow filter addr 10.10.1.25
fw01 (root) # diagnose debug flow trace start 5
You can stop the trace with the following commands:
fw01 (root) # diagnose debug flow trace stop
fw01 (root) # diagnose debug flow show console disable
do not show trace messages on console
fw01 (root) # diagnose debug disable
I have a network with two Catalyst 3750E switch stacks, which are connected with a 2 x 10Gbps Etherchannel. Every stack facilitates a ring topology of approximately 10 to 15 Catalyst 2960 switches. Two of the 2960 are connected with 1Gbps links to a switch stack to create the ring topology. So lets say that 7 24-ports Catalyst 2960 switch share a 1 Gbps link to the switch stack. With this customer, this won’t be any problem, because there are no heavy users and/or applications.
But let’s imagine that a link between a Catalyst 3750E and Catalyst 2960 switch or between two Catalyst 2960 switches is giving problems and the Catalyst 2960 cannot handle the receiving traffic. You need to find some way to slow done the traffic. I normally start thinking about the usage of IEEE 802.3x FlowControl.
Flow control enables connected Ethernet ports to control traffic rates during congestion by allowing congested nodes to pause link operation at the other end. If one port experiences congestion and cannot receive any more traffic, it notifies the other port by sending a pause frame to stop sending until the condition clears. Upon receipt of a pause frame, the sending device stops sending any data packets, which prevents any loss of data packets during the congestion period.
But after reading some documentation, FlowControl isn’t an option. When a link between both switches gets congested the Catalyst 2960 would have to send a pause frame to the Catalyst 3750E and that’s the problem.
Both, Catalyst 3750E and Catalyst 2960, can only receive, but not send, pause frames. So configuring FlowControl between Catalyst 3750E and Catalyst 2960 is useless, because no switch can inform the counterpart about the congested link.