[c-nsp] nexus logging L3 ACL and mac source ?
Jeffrey G. Fitzwater
jfitz at Princeton.EDU
Mon Jun 24 10:56:14 EDT 2013
Forgot to mention this is on 6500 sup-720-10G running 12.2.33 SXI7
I believe that the "logging" statement in the ACE also forces the packet to be punted.
Jeff
On Jun 24, 2013, at 10:32 AM, Phil Mayers <p.mayers at imperial.ac.uk>
wrote:
> On 24/06/13 15:29, Jeffrey G. Fitzwater wrote:
>> In IOS when we had an L3 ACL with "deny log-input" the log entry would show the VLAN and MAC SRC for ACE hit….
>
> This was always platform- and context-dependent.
>
> e.g. On 6500, only CPU-punted packets would even be ACL-logged, unless you were using OAL.
>
>>
>> %SEC-6-IPACCESSLOGP: list router-in denied udp n.n.n.n(137) (Vlan176 00de.adee.675a) -> n.n.n.n(137), 67 packets
>>
>>
>> But in NX-OS this does not appear possible with 6.1.2.
>
> In what context are you applying the ACL?
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list