[c-nsp] Logging Problem - Access Lists - GSR
Paul Stewart
pstewart at nexicomgroup.net
Tue Jan 23 09:01:03 EST 2007
Hi there...
We brought up a GSR a little while back and I finally got around to putting
some access-lists on BGP interfaces... little later than I should be.. but
anyways...
I have the following:
core1-rtr-mb#sh access-lists 150
Extended IP access list 150
deny ip xxx.xxx.xxx.0 0.0.31.255 any log-input (26 matches)
deny ip yyy.yyy.yyy.0 0.0.31.255 any log-input (8 matches)
permit ip any any (1038288538 matches)
I wanted the log-input to tell me which interface it sees spoofed packets on
but I get the following:
SLOT 7:Jan 23 06:18:02: %SEC-6-IPACCESSLOGP: list 150 denied udp
216.168.124.162(0) (FastEthernet5 ) -> 216.168.124.162(0), 1 packet
SLOT 5:Jan 23 06:32:13: %SEC-6-IPACCESSLOGP: list 150 denied udp
66.79.239.237(0) (GigabitEthernet0 ) -> 66.79.239.237(0), 1 packet
SLOT 5:Jan 23 07:01:22: %SEC-6-IPACCESSLOGP: list 150 denied udp
216.168.107.12(0) (GigabitEthernet0 ) -> 216.168.107.12(0), 1 packet
SLOT 5:Jan 23 07:57:22: %SEC-6-IPACCESSLOGP: list 150 denied udp
216.168.107.12(0) (GigabitEthernet0 ) -> 216.168.107.12(0), 1 packet
SLOT 5:Jan 23 08:08:08: %SEC-6-IPACCESSLOGP: list 150 denied udp
216.168.115.15(0) (GigabitEthernet0 ) -> 216.168.115.15(0), 1 packet
SLOT 7:Jan 23 08:13:01: %SEC-6-IPACCESSLOGDP: list 150 denied icmp
66.79.234.100 (FastEthernet1 ) -> 66.79.234.100 (0/0), 1 packet
These are not valid interface names.. is this confirmation or a bug in IOS??
IOS (tm) GS Software (C12KPRP-K4P-M), Version 12.0(32)S5, RELEASE SOFTWARE
(fc2)
Thanks in advance,
Paul Stewart
Network Administrator
Nexicom Inc.
http://www.nexicom.net/
More information about the cisco-nsp
mailing list