[c-nsp] LOG ACL
Ed Ravin
eravin at panix.com
Sun Jan 29 23:27:17 EST 2006
On Sun, Jan 29, 2006 at 10:57:37PM -0500, Melvin C. Etheridge wrote:
> I would like to create a ACL to just log traffic to and from a ip going
> through one of my adsl routers.
>
> What would be the best way to word the ACL to do this?
Something like this:
ip access list extended log_an_ip
permit ip host 1.2.3.4 any log
permit ip any host 1.2.3.4 log
permit ip any any
deny ip any any
You need the deny at the end in some environments because the ACL
will be optimized into a no-op since it permits all traffic.
More information about the cisco-nsp
mailing list