[c-nsp] Logging Connections

miroku bundaberg440ml at gmail.com
Thu Dec 15 06:35:24 EST 2011

Hi all,

We are experiencing a bit of he said she said between a number of
different clients/service providers.  The situation is a remote site
(lets say is experiencing connectivity issues to a couple
of hosts within our infrastructure (lets say and  I beleive that an upstream firewall is blocking certain
traffic from the host which is the cause of the problem, but the
firewall team claim otherwise.  I would like to setup logging on our
infrastructure to see if we are receiving the packets .  Whats the
best way to do this and would this have any impact to other hosts
within the SVI when the ACL is applied.

Our SVI is setup something like this (Active for HSRP) (its a 6500)
interface Vlan10
 ip address secondary
 ip address secondary
 ip address
 no ip redirects
 standby 14 ip
 standby 14 ip secondary
 standby 14 ip secondary
 standby 14 priority 130
 standby 14 preempt delay minimum 60 sync 60
 standby 14 authentication <password>

I would like to implement an extended access-list for logging would
this work and would it impact other hosts on the SVI when it is
applied as currently their is no ACL on the SVI.
 ip access-list extended 100
 permit ip host host log
 permit ip host host log
 permit ip any any
 int vlan 10
 ip access-group 100 out

Your comments would be greatly appreciated.

More information about the cisco-nsp mailing list