https://community.cisco.com/t5/network-security/port-based-acl-logging-3750/m-p/952860#M937687 <HTML><HEAD></HEAD><BODY><P>The TAC confirms that ACL logging is not supported for an IP ACL applied to a layer 2 switchport. Logging only works when applied to a switchport in routed mode or an SVI.</P><P></P><P>Kent.</P></BODY></HTML> Tue, 20 May 2008 16:17:34 GMT kent.plummer 2008-05-20T16:17:34Z https://community.cisco.com/t5/network-security/port-based-acl-logging-3750/m-p/952858#M937685 <P>Hi,</P><P></P><P>With the below test config I can't seem to generate a single log entry from the ACL? Has anyone had experience in logging with port based ACL's? The icmp traffic is being dropped - just not logged.</P><P></P><P>3750 running Adv IP Services</P><P>interface GigabitEthernet1/0/25</P><P> switchport access vlan 701</P><P> switchport mode access</P><P> ip access-group TEST in</P><P></P><P>ip access-list extended TEST</P><P> deny icmp any any log</P><P> permit ip any any log</P><P></P><P>ip access-list log-update threshold 1</P><P></P><P></P><P></P><P>"show access-lists hardware counters" does show drops.</P><P>Cheers</P><P>Kent.</P><P></P><P></P> Mon, 11 Mar 2019 12:45:27 GMT https://community.cisco.com/t5/network-security/port-based-acl-logging-3750/m-p/952858#M937685 kent.plummer 2019-03-11T12:45:27Z https://community.cisco.com/t5/network-security/port-based-acl-logging-3750/m-p/952859#M937686 <HTML><HEAD></HEAD><BODY><P>Go through this document.</P><P>Access Lists</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk648/tk361/tk821/tsd_technology_support_sub-protocol_home.html" target="_blank">http://www.cisco.com/en/US/tech/tk648/tk361/tk821/tsd_technology_support_sub-protocol_home.html</A></P><P></P></BODY></HTML> Tue, 20 May 2008 13:00:51 GMT https://community.cisco.com/t5/network-security/port-based-acl-logging-3750/m-p/952859#M937686 owillins 2008-05-20T13:00:51Z https://community.cisco.com/t5/network-security/port-based-acl-logging-3750/m-p/952860#M937687 <HTML><HEAD></HEAD><BODY><P>The TAC confirms that ACL logging is not supported for an IP ACL applied to a layer 2 switchport. Logging only works when applied to a switchport in routed mode or an SVI.</P><P></P><P>Kent.</P></BODY></HTML> Tue, 20 May 2008 16:17:34 GMT https://community.cisco.com/t5/network-security/port-based-acl-logging-3750/m-p/952860#M937687 kent.plummer 2008-05-20T16:17:34Z