enable logging ::: ip access-list any any log

Discussion in 'Cisco' started by Vasu, Mar 1, 2007.

  1. Vasu

    Vasu Guest


    on a catalyst 4507 switch, i am trying to configure an acl to stop
    unwanted traffic on one of the vlan interface

    before denying traffic, we wanted to see what is flowing into the
    network, so we decided to add an ip any any log command. surprisingly,
    lot of packets match the acl but nothing is displayed in the log

    is there something i am missing

    thanks, vasu


    ip access-list extended to_vlan42
    permit ip any
    permit ip any any log-input

    show access-list output

    Catalyst4507#sh access-lists
    Extended IP access list to_vlan42
    10 permit ip any (7 matches)
    20 permit ip any any log (852 matches)

    show log out

    Catalyst4507#sh log
    Syslog logging: enabled (0 messages dropped, 151 messages rate-
    limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level notifications, 2058 messages logged, xml
    filtering disabled
    Monitor logging: level debugging, 10 messages logged, xml
    filtering disabled
    Buffer logging: level debugging, 2208 messages logged, xml
    filtering disabled
    Exception Logging: size (8192 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level debugging, 2212 message lines logged
    Logging to, 2212 message lines logged, xml
    filtering disabled

    Log Buffer (4096 bytes):
    Vasu, Mar 1, 2007
    1. Advertisements

  2. Vasu

    Trendkill Guest

    logging on or logging synchronous

    You have one of those set?
    Trendkill, Mar 1, 2007
    1. Advertisements

  3. Vasu

    Vasu Guest

    Yes. I have logging on

    Vasu, Mar 3, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.