[c-nsp] ACL logging on n5k

Wed Aug 11 01:54:54 EDT 2010

Thx to everyone for clearing that out.
I guess i'll have to wait for some releases until it becomes available...

Just another quick question : can ethanalyser capture traffic *before 
*being dropped by an acl?

--
Tassos

Lincoln Dale wrote on 11/08/2010 07:53:
> N7K supports ACL logging, ACL time ranges, MAC packet-classify functionality etc., N5K does not currently support them.
> the mistake is that documentation was carried over to N5K from N7K without being changed.
>
>
> cheers,
>
> lincoln.
>
> On 11/08/2010, at 5:58 AM, Arie Vayner (avayner) wrote:
>
>    
>> Yes, it seems that ACL logging is not yet support on N5K, and CSCth28899
>> is there to track its introduction (no timeframe yet...)
>>
>> I am checking why the command reference shows as if it is supported...
>>
>> Arie
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Arvind .cisconsp
>> Sent: Tuesday, August 10, 2010 15:31
>> To: Tassos Chatzithomaoglou
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] ACL logging on n5k
>>
>> http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method
>> =fetchBugDetails&bugId=CSCth28899
>>
>> <http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?metho
>> d=fetchBugDetails&bugId=CSCth28899>State:
>> New
>> Severity: Enhancement
>> Version: 4.2(1)N1(1)
>>
>> On Tue, Aug 10, 2010 at 7:09 AM, Tassos Chatzithomaoglou
>> <achatz at forthnet.gr
>>      
>>> wrote:
>>>        
>>      
>>> n5k(config-acl)# deny ip any any ?
>>> <CR>
>>> dscp        Match packets with given dscp value
>>> fragments   Check non-initial fragments
>>> precedence  Match packets with given precedence value
>>>
>>> n5k(config-acl)# deny ip any any log
>>>                             ^
>>> % Invalid ip address at '^' marker.
>>> n5k(config-acl)#
>>>
>>>
>>> "time-range" option is also not available.
>>>
>>> There must be something i'm missing...
>>>
>>> --
>>> Tassos
>>>
>>>
>>> Arie Vayner (avayner) wrote on 10/08/2010 13:50:
>>>
>>> Seems to be in 4.1(3) too...
>>>        
>>>>          
>> http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/command
>>      
>>>> /reference/rel_4_1/security_cmd_ref.html#wp1279114
>>>>
>>>> Strange...
>>>>
>>>> Arie
>>>>
>>>> -----Original Message-----
>>>> From: cisco-nsp-bounces at puck.nether.net
>>>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tassos
>>>> Chatzithomaoglou
>>>> Sent: Tuesday, August 10, 2010 13:35
>>>> To: cisco-nsp at puck.nether.net
>>>> Subject: Re: [c-nsp] ACL logging on n5k
>>>>
>>>> I'm using 4.1(3)N2(1) and the "log" option is not available.
>>>> Should i guess an upgrade is needed, although release notes do not
>>>> mention anything?
>>>>
>>>> --
>>>> Tassos
>>>>
>>>>
>>>> Arie Vayner (avayner) wrote on 10/08/2010 12:43:
>>>>
>>>>
>>>>          
>>>>> Tassos,
>>>>>
>>>>> Looking here:
>>>>>
>>>>>
>>>>>
>>>>>            
>>>>          
>> http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/command
>>      
>>>>
>>>>          
>>>>> /reference/rel_4_2_1_N2_1/security_cmd_ref.html#wp1279114
>>>>>
>>>>> I can see the 'log' option listed...
>>>>>
>>>>> Arie
>>>>>
>>>>> -----Original Message-----
>>>>> From: cisco-nsp-bounces at puck.nether.net
>>>>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tassos
>>>>> Chatzithomaoglou
>>>>> Sent: Monday, August 09, 2010 22:22
>>>>> To: cisco-nsp at puck.nether.net
>>>>> Subject: [c-nsp] ACL logging on n5k
>>>>>
>>>>> N5k datasheet says it's supported, but i couldn't find any other
>>>>> reference.
>>>>> Is it supported and if yes, how do you enable it?
>>>>>
>>>>> --
>>>>> Tassos
>>>>>
>>>>> _______________________________________________
>>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>            
>>>> _
>