enable logging ::: ip access-list any any log

Discussion in 'Cisco' started by Vasu, Mar 1, 2007.

  1. Vasu

    Vasu Guest

    hi,

    on a catalyst 4507 switch, i am trying to configure an acl to stop
    unwanted traffic on one of the vlan interface

    before denying traffic, we wanted to see what is flowing into the
    network, so we decided to add an ip any any log command. surprisingly,
    lot of packets match the acl but nothing is displayed in the log

    is there something i am missing

    thanks, vasu

    configuration
    =========

    ip access-list extended to_vlan42
    permit ip any 10.40.1.128 0.0.0.15
    permit ip any any log-input

    show access-list output
    =================

    Catalyst4507#sh access-lists
    Extended IP access list to_vlan42
    10 permit ip any 10.40.1.128 0.0.0.15 (7 matches)
    20 permit ip any any log (852 matches)

    show log out
    =========

    Catalyst4507#
    Catalyst4507#sh log
    Syslog logging: enabled (0 messages dropped, 151 messages rate-
    limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level notifications, 2058 messages logged, xml
    disabled,
    filtering disabled
    Monitor logging: level debugging, 10 messages logged, xml
    disabled,
    filtering disabled
    Buffer logging: level debugging, 2208 messages logged, xml
    disabled,
    filtering disabled
    Exception Logging: size (8192 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level debugging, 2212 message lines logged
    Logging to 192.168.16.6, 2212 message lines logged, xml
    disabled,
    filtering disabled

    Log Buffer (4096 bytes):
     
    Vasu, Mar 1, 2007
    #1

    1. Advertisements

  2. Vasu

    Trendkill Guest

    logging on or logging synchronous

    You have one of those set?
     
    Trendkill, Mar 1, 2007
    #2

    1. Advertisements

  3. Vasu

    Vasu Guest

    Yes. I have logging on

    Thanks
     
    Vasu, Mar 3, 2007
    #3

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. "access-list logging rate-limited or missed <X> packets"

  2. Drowning in 'access-list logging rate-limited or missed 1 packet' entries

  3. PIX NIX : A simple static and access-list (below) seems to have prevented ANY access through the PIX

  4. I'd like to know about the difference of between access-list and ip access -list.

  5. How to enable wireless at startup before logging on

  6. How to enable wireless adapter automatically after logging on

  7. 2600 and bridging to enable access-list 700 groups (sorry for double post)

  8. 403 Forbidden: You were denied access because: Access denied by access control list

Loading...