[c-nsp] ACL logging on n5k

Arie Vayner (avayner) avayner at cisco.com
Tue Aug 10 15:58:57 EDT 2010


Yes, it seems that ACL logging is not yet support on N5K, and CSCth28899
is there to track its introduction (no timeframe yet...)

I am checking why the command reference shows as if it is supported...

Arie

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Arvind .cisconsp
Sent: Tuesday, August 10, 2010 15:31
To: Tassos Chatzithomaoglou
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ACL logging on n5k

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method
=fetchBugDetails&bugId=CSCth28899

<http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?metho
d=fetchBugDetails&bugId=CSCth28899>State:
New
Severity: Enhancement
Version: 4.2(1)N1(1)

On Tue, Aug 10, 2010 at 7:09 AM, Tassos Chatzithomaoglou
<achatz at forthnet.gr
> wrote:

> n5k(config-acl)# deny ip any any ?
> <CR>
>  dscp        Match packets with given dscp value
>  fragments   Check non-initial fragments
>  precedence  Match packets with given precedence value
>
> n5k(config-acl)# deny ip any any log
>                             ^
> % Invalid ip address at '^' marker.
> n5k(config-acl)#
>
>
> "time-range" option is also not available.
>
> There must be something i'm missing...
>
> --
> Tassos
>
>
> Arie Vayner (avayner) wrote on 10/08/2010 13:50:
>
>  Seems to be in 4.1(3) too...
>>
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/command
>> /reference/rel_4_1/security_cmd_ref.html#wp1279114
>>
>> Strange...
>>
>> Arie
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tassos
>> Chatzithomaoglou
>> Sent: Tuesday, August 10, 2010 13:35
>> To: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] ACL logging on n5k
>>
>> I'm using 4.1(3)N2(1) and the "log" option is not available.
>> Should i guess an upgrade is needed, although release notes do not
>> mention anything?
>>
>> --
>> Tassos
>>
>>
>> Arie Vayner (avayner) wrote on 10/08/2010 12:43:
>>
>>
>>> Tassos,
>>>
>>> Looking here:
>>>
>>>
>>>
>>
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/command
>>
>>
>>> /reference/rel_4_2_1_N2_1/security_cmd_ref.html#wp1279114
>>>
>>> I can see the 'log' option listed...
>>>
>>> Arie
>>>
>>> -----Original Message-----
>>> From: cisco-nsp-bounces at puck.nether.net
>>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tassos
>>> Chatzithomaoglou
>>> Sent: Monday, August 09, 2010 22:22
>>> To: cisco-nsp at puck.nether.net
>>> Subject: [c-nsp] ACL logging on n5k
>>>
>>> N5k datasheet says it's supported, but i couldn't find any other
>>> reference.
>>> Is it supported and if yes, how do you enable it?
>>>
>>> --
>>> Tassos
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>
>>>
>>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list