[c-nsp] nexus logging L3 ACL and mac source ?

Jeffrey G. Fitzwater jfitz at Princeton.EDU
Mon Jun 24 10:56:14 EDT 2013


Forgot to mention this is on 6500 sup-720-10G running 12.2.33 SXI7

I believe that  the "logging" statement in the ACE also forces the packet to be punted.  

Jeff

On Jun 24, 2013, at 10:32 AM, Phil Mayers <p.mayers at imperial.ac.uk>
 wrote:

> On 24/06/13 15:29, Jeffrey G. Fitzwater wrote:
>> In IOS when we had an L3 ACL with "deny log-input"   the log entry would show the VLAN  and MAC SRC for ACE hit….
> 
> This was always platform- and context-dependent.
> 
> e.g. On 6500, only CPU-punted packets would even be ACL-logged, unless you were using OAL.
> 
>> 
>> %SEC-6-IPACCESSLOGP: list router-in denied udp n.n.n.n(137) (Vlan176 00de.adee.675a) -> n.n.n.n(137), 67 packets
>> 
>> 
>> But in NX-OS this does not appear possible with 6.1.2.
> 
> In what context are you applying the ACL?
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list