enable logging ::: ip access-list any any log

Discussion in 'Cisco' started by Vasu, Mar 1, 2007.

  1. Vasu

    Vasu Guest

    hi,

    on a catalyst 4507 switch, i am trying to configure an acl to stop
    unwanted traffic on one of the vlan interface

    before denying traffic, we wanted to see what is flowing into the
    network, so we decided to add an ip any any log command. surprisingly,
    lot of packets match the acl but nothing is displayed in the log

    is there something i am missing

    thanks, vasu

    configuration
    =========

    ip access-list extended to_vlan42
    permit ip any 10.40.1.128 0.0.0.15
    permit ip any any log-input

    show access-list output
    =================

    Catalyst4507#sh access-lists
    Extended IP access list to_vlan42
    10 permit ip any 10.40.1.128 0.0.0.15 (7 matches)
    20 permit ip any any log (852 matches)

    show log out
    =========

    Catalyst4507#
    Catalyst4507#sh log
    Syslog logging: enabled (0 messages dropped, 151 messages rate-
    limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level notifications, 2058 messages logged, xml
    disabled,
    filtering disabled
    Monitor logging: level debugging, 10 messages logged, xml
    disabled,
    filtering disabled
    Buffer logging: level debugging, 2208 messages logged, xml
    disabled,
    filtering disabled
    Exception Logging: size (8192 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level debugging, 2212 message lines logged
    Logging to 192.168.16.6, 2212 message lines logged, xml
    disabled,
    filtering disabled

    Log Buffer (4096 bytes):
     
    Vasu, Mar 1, 2007
    #1
    1. Advertising

  2. Vasu

    Trendkill Guest

    Re: enable logging ::: ip access-list any any log

    On Mar 1, 4:14 am, "Vasu" <> wrote:
    > hi,
    >
    > on a catalyst 4507 switch, i am trying to configure an acl to stop
    > unwanted traffic on one of the vlan interface
    >
    > before denying traffic, we wanted to see what is flowing into the
    > network, so we decided to add an ip any any log command. surprisingly,
    > lot of packets match the acl but nothing is displayed in the log
    >
    > is there something i am missing
    >
    > thanks, vasu
    >
    > configuration
    > =========
    >
    > ip access-list extended to_vlan42
    > permit ip any 10.40.1.128 0.0.0.15
    > permit ip any any log-input
    >
    > show access-list output
    > =================
    >
    > Catalyst4507#sh access-lists
    > Extended IP access list to_vlan42
    > 10 permit ip any 10.40.1.128 0.0.0.15 (7 matches)
    > 20 permit ip any any log (852 matches)
    >
    > show log out
    > =========
    >
    > Catalyst4507#
    > Catalyst4507#sh log
    > Syslog logging: enabled (0 messages dropped, 151 messages rate-
    > limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
    > Console logging: level notifications, 2058 messages logged, xml
    > disabled,
    > filtering disabled
    > Monitor logging: level debugging, 10 messages logged, xml
    > disabled,
    > filtering disabled
    > Buffer logging: level debugging, 2208 messages logged, xml
    > disabled,
    > filtering disabled
    > Exception Logging: size (8192 bytes)
    > Count and timestamp logging messages: disabled
    > Trap logging: level debugging, 2212 message lines logged
    > Logging to 192.168.16.6, 2212 message lines logged, xml
    > disabled,
    > filtering disabled
    >
    > Log Buffer (4096 bytes):


    logging on or logging synchronous

    You have one of those set?
     
    Trendkill, Mar 1, 2007
    #2
    1. Advertising

  3. Vasu

    Vasu Guest

    Re: enable logging ::: ip access-list any any log

    Yes. I have logging on

    Thanks
     
    Vasu, Mar 3, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Caruso
    Replies:
    5
    Views:
    23,085
    Juraj Ljubesic
    Oct 29, 2003
  2. Joe Filla
    Replies:
    0
    Views:
    2,797
    Joe Filla
    Dec 4, 2003
  3. PS2 gamer
    Replies:
    6
    Views:
    7,262
    Hansang Bae
    Jun 9, 2004
  4. =?Utf-8?B?SW1yYW4gU2hhaWto?=

    How to enable wireless at startup before logging on

    =?Utf-8?B?SW1yYW4gU2hhaWto?=, Dec 21, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    3,458
    Doug Sherman [MVP]
    Dec 21, 2006
  5. turnip
    Replies:
    4
    Views:
    2,315
    turnip
    Aug 25, 2007
Loading...

Share This Page