3750 Port based ACL logging

Discussion in 'Cisco' started by Kent, May 15, 2008.

  1. Kent

    Kent Guest

    Hi all,
    With the below test config I can't seem to generate a single log entry
    from the ACL. Has anyone had experience in logging with port based
    ACL's on the 3750? With the below config the icmp traffic is being
    dropped - just not logged.

    3750 running Adv IP Services...
    interface GigabitEthernet1/0/25
    switchport access vlan 701
    switchport mode access
    ip access-group TEST in

    ip access-list extended TEST
    deny icmp any any log
    permit ip any any log

    ip access-list log-update threshold 1

    "show access-lists hardware counters" does show drops and I cant ping
    through this interface with the ACL applied. It just wont log any ACE
    entry matches.

    Cheers
    Kent.
     
    Kent, May 15, 2008
    #1
    1. Advertising

  2. Kent

    Guest

    On 15 May, 08:00, Kent <> wrote:
    > Hi all,
    > With the below test config I can't seem to generate a single log entry
    > from the ACL. Has anyone had experience in logging with port based
    > ACL's on the 3750? With the below config the icmp traffic is being
    > dropped - just not logged.
    >
    > 3750 running Adv IP Services...
    > interface GigabitEthernet1/0/25
    >  switchport access vlan 701
    >  switchport mode access
    >  ip access-group TEST in
    >
    > ip access-list extended TEST
    >  deny icmp any any log
    >  permit ip any any log
    >
    > ip access-list log-update threshold 1
    >
    > "show access-lists hardware counters" does show drops and I cant ping
    > through this interface with the ACL applied.  It just wont log any ACE
    > entry matches.
    >
    > Cheers
    > Kent.


    Have you configured logging?

    logg buffered <level> ! <-- debugging enables all
    no logg console ! <-- I suggest

    Post output of sh logg if unsure.
     
    , May 15, 2008
    #2
    1. Advertising

  3. Kent

    Kent Guest

    On May 15, 5:49 pm, wrote:
    > On 15 May, 08:00, Kent <> wrote:
    >
    >
    >
    > > Hi all,
    > > With the below test config I can't seem to generate a single log entry
    > > from the ACL. Has anyone had experience in logging with port based
    > > ACL's on the 3750? With the below config the icmp traffic is being
    > > dropped - just not logged.

    >
    > > 3750 running Adv IP Services...
    > > interface GigabitEthernet1/0/25
    > > switchport access vlan 701
    > > switchport mode access
    > > ip access-group TEST in

    >
    > > ip access-list extended TEST
    > > deny icmp any any log
    > > permit ip any any log

    >
    > > ip access-list log-update threshold 1

    >
    > > "show access-lists hardware counters" does show drops and I cant ping
    > > through this interface with the ACL applied. It just wont log any ACE
    > > entry matches.

    >
    > > Cheers
    > > Kent.

    >
    > Have you configured logging?
    >
    > logg buffered <level> ! <-- debugging enables all
    > no logg console ! <-- I suggest
    >
    > Post output of sh logg if unsure.


    Yes.
     
    Kent, May 16, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alireza Dabagh [MS]

    3750 G 24TS vs. 3750 G 12S

    Alireza Dabagh [MS], Sep 28, 2004, in forum: Cisco
    Replies:
    4
    Views:
    2,524
    Alireza Dabagh [MS]
    Sep 29, 2004
  2. christian gattermair
    Replies:
    0
    Views:
    581
    christian gattermair
    Mar 2, 2006
  3. DM

    Reflexive ACL on 3750

    DM, May 23, 2006, in forum: Cisco
    Replies:
    3
    Views:
    4,293
  4. Vimokh
    Replies:
    3
    Views:
    5,743
    Vimokh
    Sep 6, 2006
  5. jayesh
    Replies:
    0
    Views:
    758
    jayesh
    Mar 14, 2007
Loading...

Share This Page