cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
216
Views
5
Helpful
0
Replies
Jim Kerr
Beginner

Nexus ACL Logging

Hi, I have a Nexus c7010 switch using version 7.2 and would like some information on how ACL logging works using OAL (Optimized Access Logging).

In addition to the main ACL where I have also added the log command - eg:

 

#ip access-list test

10 permit tcp any any eq 443 log

20 deny any any log

#

I've also added the following commands in line with this link https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/118907-configure-nx7k-00.html

 

#logging ip access-list cache entries 8000 
#logging ip access-list cache interval 300 
#logging ip access-list cache threshold 0 

#logging level acllog 5 
#acllog match-log-level 5 
#logging logfile acllog 5

#logging ip access-list detailed

 

The ACL works fine and it's logging.

 

However after testing the acl logging I have a couple of questions:

1. The ACL output in the logs does not actually say whether it's permitted or denied (I know it should do but it doesn't). To view the logs I'm using #show logging ip access-list cache. Any idea if I've missed anything?

2. The ACL logs are shown in the main switch log page. Rather than it filling up the main switch logging page is there anyway I can separate the ACL logging to be shown elsewhere?

 

thanks

0 REPLIES 0
Content for Community-Ad
This widget could not be displayed.