[c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

Seth Mattinen sethm at rollernet.us
Thu May 7 19:02:14 EDT 2009


Jeff Kell wrote:
> We have some 3550 EMIs that have some ACLs on their SVIs.  I just ran
> across (through troubleshooting something else) a case where an access
> list with "deny ...  log" is NOT being logged.
> 
> I ran some other cases across the access list, with some additional
> logging, and I have been unable to get any logging out of the egress ACL
> (ip access-group foo-ACL out).
> 
> Ingress logging works fine.  Egress logging is nonexistent.  Not just
> dropping the occasional ones, but entirely nonexistent.  The egress
> filtering (by the ACL) works, it just doesn't log.
> 
> I have known for some time that ACL counters are borked on most
> lower-end Catalysts, but I thought ACL logging worked.
> 
> It doesn't appear to be a known bug, but then my searching abilities may
> be lacking.
> 
> Bug or feature?
> 

Never personally expected it to work when it's not hitting the CPU.

~Seth


More information about the cisco-nsp mailing list