[c-nsp] nexus logging L3 ACL and mac source ?

Phil Mayers p.mayers at imperial.ac.uk
Mon Jun 24 10:32:46 EDT 2013


On 24/06/13 15:29, Jeffrey G. Fitzwater wrote:
> In IOS when we had an L3 ACL with "deny log-input"   the log entry would show the VLAN  and MAC SRC for ACE hit….

This was always platform- and context-dependent.

e.g. On 6500, only CPU-punted packets would even be ACL-logged, unless 
you were using OAL.

>
> %SEC-6-IPACCESSLOGP: list router-in denied udp n.n.n.n(137) (Vlan176 00de.adee.675a) -> n.n.n.n(137), 67 packets
>
>
> But in NX-OS this does not appear possible with 6.1.2.

In what context are you applying the ACL?


More information about the cisco-nsp mailing list