Just wanted to share a new trick. In the dark old days to verify traffic was flowing across an interface you would create an ACL that matched the interesting traffic and then run ‘debug ip packet’. This also required disabling CEF on any of the interfaces in question so that the traffic would be process switched.
However, now you can use the same ACL with the ‘debug ip cef packet’ command. I recommend narrowing down to the interface in question, and you do need to specify input vs. output direction. One other note, it seems like if the ACL you are using to specify traffic has the log keyword then the debug will not work. I am not certain if this is a bug or a feature.