[c-nsp] ACL sometimes logging dest_IP sometimes nexthop - why?
Hank Nussbacher
hank at interall.co.il
Wed Jun 19 01:44:20 EDT 2024
I have a config like this:
interface GigabitEthernet0/0/0/43.1
ipv4 address 192.0.2.20 255.255.255.0
encapsulation dot1q 1
ipv4 access-group log-traffic ingress
ipv4 access-group log-traffic egress
!
ipv4 access-list log-traffic
10 permit ipv4 any any log
In the log I see:
RP/0/RSP0/CPU0:2024 Jun 19 05:12:47 : ipv4_acl_mgr[343]:
%ACL-IPV4_ACL-6-IPACCESSLOGP : access-list log-traffic (10) permit udp
192.114.102.104(55638) -> 192.0.2.2(53), 1 packet
RP/0/RSP0/CPU0:2024 Jun 19 07:59:19 : ipv4_acl_mgr[343]:
%ACL-IPV4_ACL-6-IPACCESSLOGP : access-list log-traffic (10) permit udp
128.139.197.54(16738) -> 2.15.248.225(33443), 1 packet
Sometimes, the dest_IP recorded is nexthop (1st line - 192.0.2.2) and
sometimes dest_IP is recorded with the true dest_IP (2nd line -
2.15.248.225). How can I force the ACL to only record the true dest_IP
and not nexthop?
The routing entry for all show like this:
RP/0/RSP0/CPU0:GP1#sho route 2.15.248.225
Wed Jun 19 08:41:06.107 IDT
Routing entry for 2.15.248.225/32
Known via "bgp 378", distance 20, metric 0
Tag 65111, type external
Installed Jun 18 16:30:10.065 for 16:10:56
Routing Descriptor Blocks
192.0.2.2, from 128.139.217.9, BGP external
Route metric is 0
No advertising protos.
Thanks,
Hank
More information about the cisco-nsp
mailing list