[c-nsp] Logging Connections

Manu Chao linux.yahoo at gmail.com
Tue Dec 27 07:57:36 EST 2011

*Why not using following command on your SVI:*

*ip accounting output*-*packets*

On Thu, Dec 15, 2011 at 12:35 PM, miroku <bundaberg440ml at gmail.com> wrote:

> Hi all,
> We are experiencing a bit of he said she said between a number of
> different clients/service providers.  The situation is a remote site
> (lets say is experiencing connectivity issues to a couple
> of hosts within our infrastructure (lets say and
>  I beleive that an upstream firewall is blocking certain
> traffic from the host which is the cause of the problem, but the
> firewall team claim otherwise.  I would like to setup logging on our
> infrastructure to see if we are receiving the packets .  Whats the
> best way to do this and would this have any impact to other hosts
> within the SVI when the ACL is applied.
> Our SVI is setup something like this (Active for HSRP) (its a 6500)
> interface Vlan10
>  ip address secondary
>  ip address secondary
>  ip address
>  no ip redirects
>  standby 14 ip
>  standby 14 ip secondary
>  standby 14 ip secondary
>  standby 14 priority 130
>  standby 14 preempt delay minimum 60 sync 60
>  standby 14 authentication <password>
> end
> I would like to implement an extended access-list for logging would
> this work and would it impact other hosts on the SVI when it is
> applied as currently their is no ACL on the SVI.
> #
>  ip access-list extended 100
>  permit ip host host log
>  permit ip host host log
>  permit ip any any
>  int vlan 10
>  ip access-group 100 out
> Your comments would be greatly appreciated.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list