[c-nsp] ACL sometimes logging dest_IP sometimes nexthop - why?

Wed Jun 19 02:02:13 EDT 2024

I find this highly unlikely.

I think you have a burden of proof that what you claim is actually
what is happening.

Do you have packet capture to show absence of stated traffic? And
existence of the expected packet in its stead?

On Wed, 19 Jun 2024 at 08:45, Hank Nussbacher via cisco-nsp
<cisco-nsp at puck.nether.net> wrote:
>
> I have a config like this:
>
>
> interface GigabitEthernet0/0/0/43.1
>   ipv4 address 192.0.2.20 255.255.255.0
>   encapsulation dot1q 1
>   ipv4 access-group log-traffic ingress
>   ipv4 access-group log-traffic egress
> !
> ipv4 access-list log-traffic
>   10 permit ipv4 any any log
>
>
> In the log I see:
>
> RP/0/RSP0/CPU0:2024 Jun 19 05:12:47 : ipv4_acl_mgr[343]:
> %ACL-IPV4_ACL-6-IPACCESSLOGP : access-list log-traffic (10) permit udp
> 192.114.102.104(55638) -> 192.0.2.2(53), 1 packet
> RP/0/RSP0/CPU0:2024 Jun 19 07:59:19 : ipv4_acl_mgr[343]:
> %ACL-IPV4_ACL-6-IPACCESSLOGP : access-list log-traffic (10) permit udp
> 128.139.197.54(16738) -> 2.15.248.225(33443), 1 packet
>
>
> Sometimes, the dest_IP recorded is nexthop (1st line - 192.0.2.2) and
> sometimes dest_IP is recorded with the true dest_IP (2nd line -
> 2.15.248.225).  How can I force the ACL to only record the true dest_IP
> and not nexthop?
>
>
> The routing entry for all show like this:
>
>
> RP/0/RSP0/CPU0:GP1#sho route 2.15.248.225
> Wed Jun 19 08:41:06.107 IDT
>
> Routing entry for 2.15.248.225/32
>    Known via "bgp 378", distance 20, metric 0
>    Tag 65111, type external
>    Installed Jun 18 16:30:10.065 for 16:10:56
>    Routing Descriptor Blocks
>      192.0.2.2, from 128.139.217.9, BGP external
>        Route metric is 0
>    No advertising protos.
>
>
> Thanks,
>
> Hank
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
  ++ytti