[c-nsp] nexus logging L3 ACL and mac source ?
Jeffrey G. Fitzwater
jfitz at Princeton.EDU
Mon Jun 24 10:29:35 EDT 2013
In IOS when we had an L3 ACL with "deny log-input" the log entry would show the VLAN and MAC SRC for ACE hit….
%SEC-6-IPACCESSLOGP: list router-in denied udp n.n.n.n(137) (Vlan176 00de.adee.675a) -> n.n.n.n(137), 67 packets
But in NX-OS this does not appear possible with 6.1.2.
FIXES in NX-OS 6.2.1
I see from bug doc that in NX-OS 6.2.1 logging will now show vlan name, and if it was from a DENY or PERMIT action; But no mention if the SRC MAC is part of these changes.
https://tools.cisco.com/bugsearch/bug/CSCth67151
https://tools.cisco.com/bugsearch/bug/CSCte69784
Does anybody know if there will be a way to see the SRC MAC when a DENY LOG or PERMIT log ACE is hit in NX-OS 6.2.1?
Thanks for any help.
Jeff FItzwater
OIT Network Systems
Princeton University
More information about the cisco-nsp
mailing list