[c-nsp] nexus logging L3 ACL and mac source ?

Jeffrey G. Fitzwater jfitz at Princeton.EDU
Mon Jun 24 10:41:21 EDT 2013


The logging is applied to an extended named ACL attached to  a VLAN ACL via  "access-group" in.


On Jun 24, 2013, at 10:32 AM, Phil Mayers <p.mayers at imperial.ac.uk>
 wrote:

> On 24/06/13 15:29, Jeffrey G. Fitzwater wrote:
>> In IOS when we had an L3 ACL with "deny log-input"   the log entry would show the VLAN  and MAC SRC for ACE hit….
> 
> This was always platform- and context-dependent.
> 
> e.g. On 6500, only CPU-punted packets would even be ACL-logged, unless you were using OAL.
> 
>> 
>> %SEC-6-IPACCESSLOGP: list router-in denied udp n.n.n.n(137) (Vlan176 00de.adee.675a) -> n.n.n.n(137), 67 packets
>> 
>> 
>> But in NX-OS this does not appear possible with 6.1.2.
> 
> In what context are you applying the ACL?
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list