[c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

Jeff Kell jeff-kell at utc.edu
Thu May 7 12:14:18 EDT 2009

We have some 3550 EMIs that have some ACLs on their SVIs.  I just ran
across (through troubleshooting something else) a case where an access
list with "deny ...  log" is NOT being logged.

I ran some other cases across the access list, with some additional
logging, and I have been unable to get any logging out of the egress ACL
(ip access-group foo-ACL out).

Ingress logging works fine.  Egress logging is nonexistent.  Not just
dropping the occasional ones, but entirely nonexistent.  The egress
filtering (by the ACL) works, it just doesn't log.

I have known for some time that ACL counters are borked on most
lower-end Catalysts, but I thought ACL logging worked.

It doesn't appear to be a known bug, but then my searching abilities may
be lacking.

Bug or feature?


More information about the cisco-nsp mailing list