[c-nsp] ACL logging on n5k

Lincoln Dale ltd at cisco.com
Wed Aug 11 00:53:35 EDT 2010 

N7K supports ACL logging, ACL time ranges, MAC packet-classify functionality etc., N5K does not currently support them.
the mistake is that documentation was carried over to N5K from N7K without being changed.


cheers,

lincoln.
  
On 11/08/2010, at 5:58 AM, Arie Vayner (avayner) wrote:

> Yes, it seems that ACL logging is not yet support on N5K, and CSCth28899
> is there to track its introduction (no timeframe yet...)
> 
> I am checking why the command reference shows as if it is supported...
> 
> Arie
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Arvind .cisconsp
> Sent: Tuesday, August 10, 2010 15:31
> To: Tassos Chatzithomaoglou
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ACL logging on n5k
> 
> http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method
> =fetchBugDetails&bugId=CSCth28899
> 
> <http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?metho
> d=fetchBugDetails&bugId=CSCth28899>State:
> New
> Severity: Enhancement
> Version: 4.2(1)N1(1)
> 
> On Tue, Aug 10, 2010 at 7:09 AM, Tassos Chatzithomaoglou
> <achatz at forthnet.gr
>> wrote:
> 
>> n5k(config-acl)# deny ip any any ?
>> <CR>
>> dscp        Match packets with given dscp value
>> fragments   Check non-initial fragments
>> precedence  Match packets with given precedence value
>> 
>> n5k(config-acl)# deny ip any any log
>>                            ^
>> % Invalid ip address at '^' marker.
>> n5k(config-acl)#
>> 
>> 
>> "time-range" option is also not available.
>> 
>> There must be something i'm missing...
>> 
>> --
>> Tassos
>> 
>> 
>> Arie Vayner (avayner) wrote on 10/08/2010 13:50:
>> 
>> Seems to be in 4.1(3) too...
>>> 
> http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/command
>>> /reference/rel_4_1/security_cmd_ref.html#wp1279114
>>> 
>>> Strange...
>>> 
>>> Arie
>>> 
>>> -----Original Message-----
>>> From: cisco-nsp-bounces at puck.nether.net
>>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tassos
>>> Chatzithomaoglou
>>> Sent: Tuesday, August 10, 2010 13:35
>>> To: cisco-nsp at puck.nether.net
>>> Subject: Re: [c-nsp] ACL logging on n5k
>>> 
>>> I'm using 4.1(3)N2(1) and the "log" option is not available.
>>> Should i guess an upgrade is needed, although release notes do not
>>> mention anything?
>>> 
>>> --
>>> Tassos
>>> 
>>> 
>>> Arie Vayner (avayner) wrote on 10/08/2010 12:43:
>>> 
>>> 
>>>> Tassos,
>>>> 
>>>> Looking here:
>>>> 
>>>> 
>>>> 
>>> 
> http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/command
>>> 
>>> 
>>>> /reference/rel_4_2_1_N2_1/security_cmd_ref.html#wp1279114
>>>> 
>>>> I can see the 'log' option listed...
>>>> 
>>>> Arie
>>>> 
>>>> -----Original Message-----
>>>> From: cisco-nsp-bounces at puck.nether.net
>>>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tassos
>>>> Chatzithomaoglou
>>>> Sent: Monday, August 09, 2010 22:22
>>>> To: cisco-nsp at puck.nether.net
>>>> Subject: [c-nsp] ACL logging on n5k
>>>> 
>>>> N5k datasheet says it's supported, but i couldn't find any other
>>>> reference.
>>>> Is it supported and if yes, how do you enable it?
>>>> 
>>>> --
>>>> Tassos
>>>> 
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>> 
>>>> 
>>>> 
>>>> 
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> 
>>> 
>>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list