取消
显示结果 
搜索替代 
您的意思是: 
cancel
7844
查看次数
22
有帮助
4
回复

cisco Nexus 5596 是否支持ACL 命令后添加log 功能?

Kevingu1
Level 1
Level 1
求确认cisco Nexus 5596 版本version7.1 是否支持ACL 命令后添加log或log-input 功能?
1 个已接受解答

已接受的解答

Luke Huang
Cisco Employee
Cisco Employee
Kevingu 发表于 2018-10-10 14:14
我有应用有报错哦
N5K_A(config-acl)# 81 permit tcp any 172.16.1.3/32 eq 445 log
ERROR: ACL logging ...

ACL log 不支持任何的 permit ACE;只适用于 deny。
对于 RACL, 只能应用在 out 方向。
release note 有一个表格:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/notes/6_02/Nexus5500_Release_Notes_6_02.html
Table 5 ACL Logging Support Table
Nexus 5500
Nexus 5600/6000

Logging Support

Logging Support

PACL
Yes
Drop only
Yes
Drop only
Ingress RACL


Yes
Drop only
Egress RACL
Yes
Drop only
Yes
Drop only
VACL
Yes
(action Drop log also
supported)
Drop only
Yes
Drop only
RBACL
Yes (SW logging)
Permit/Drop
N/A

vty ACL
Yes
Permit/Drop
Yes
Permit/Drop
Ingress RACL on
mgmt 0
Yes
Permit/Drop
Yes
Permit/Drop

在原帖中查看解决方案

4 条回复4

Luke Huang
Cisco Employee
Cisco Employee
Kevingu 发表于 2018-10-10 14:14
我有应用有报错哦
N5K_A(config-acl)# 81 permit tcp any 172.16.1.3/32 eq 445 log
ERROR: ACL logging ...

ACL log 不支持任何的 permit ACE;只适用于 deny。
对于 RACL, 只能应用在 out 方向。
release note 有一个表格:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/release/notes/6_02/Nexus5500_Release_Notes_6_02.html
Table 5 ACL Logging Support Table
Nexus 5500
Nexus 5600/6000

Logging Support

Logging Support

PACL
Yes
Drop only
Yes
Drop only
Ingress RACL


Yes
Drop only
Egress RACL
Yes
Drop only
Yes
Drop only
VACL
Yes
(action Drop log also
supported)
Drop only
Yes
Drop only
RBACL
Yes (SW logging)
Permit/Drop
N/A

vty ACL
Yes
Permit/Drop
Yes
Permit/Drop
Ingress RACL on
mgmt 0
Yes
Permit/Drop
Yes
Permit/Drop

Luke Huang
Cisco Employee
Cisco Employee
支持
N5548-1(config)# ip access-list test
N5548-1(config-acl)# permit ip any any log ?

dscp Match packets with given dscp value
fragments Check non-initial fragments
precedence Match packets with given precedence value
N5548-1(config-acl)# permit ip any any log
N5548-1(config-acl)# show ver | in 7.1
kickstart: version 7.1(4)N1(1)
system: version 7.1(4)N1(1)

Kevingu1
Level 1
Level 1
本帖最后由 Kevingu 于 2018-10-10 14:16 编辑
fushuang 发表于 2018-10-10 12:11
支持
N5548-1(config)# ip access-list test
我有应用有报错哦
N5K_A(config-acl)# 81 permit tcp any 172.16.1.3/32 eq 445 log
ERROR: ACL logging is not supported on Ingress RACL
N5K_A(config-acl)# show ver | include 7.1
kickstart: version 7.1(4)N1(1)
system: version 7.1(4)N1(1)

Kevingu1
Level 1
Level 1
fushuang 发表于 2018-10-10 20:18
ACL log 不支持任何的 permit ACE;只适用于 deny。
对于 RACL, 只能应用在 out 方向。

:handshake感谢大神解惑
快捷链接