[c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)
Seth Mattinen
sethm at rollernet.us
Thu May 7 19:02:14 EDT 2009
Jeff Kell wrote:
> We have some 3550 EMIs that have some ACLs on their SVIs. I just ran
> across (through troubleshooting something else) a case where an access
> list with "deny ... log" is NOT being logged.
>
> I ran some other cases across the access list, with some additional
> logging, and I have been unable to get any logging out of the egress ACL
> (ip access-group foo-ACL out).
>
> Ingress logging works fine. Egress logging is nonexistent. Not just
> dropping the occasional ones, but entirely nonexistent. The egress
> filtering (by the ACL) works, it just doesn't log.
>
> I have known for some time that ACL counters are borked on most
> lower-end Catalysts, but I thought ACL logging worked.
>
> It doesn't appear to be a known bug, but then my searching abilities may
> be lacking.
>
> Bug or feature?
>
Never personally expected it to work when it's not hitting the CPU.
~Seth
More information about the cisco-nsp
mailing list