[c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)
Jeff Kell
jeff-kell at utc.edu
Thu May 7 12:14:18 EDT 2009
We have some 3550 EMIs that have some ACLs on their SVIs. I just ran
across (through troubleshooting something else) a case where an access
list with "deny ... log" is NOT being logged.
I ran some other cases across the access list, with some additional
logging, and I have been unable to get any logging out of the egress ACL
(ip access-group foo-ACL out).
Ingress logging works fine. Egress logging is nonexistent. Not just
dropping the occasional ones, but entirely nonexistent. The egress
filtering (by the ACL) works, it just doesn't log.
I have known for some time that ACL counters are borked on most
lower-end Catalysts, but I thought ACL logging worked.
It doesn't appear to be a known bug, but then my searching abilities may
be lacking.
Bug or feature?
Jeff
More information about the cisco-nsp
mailing list