Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1549
Views
3
Helpful
10
Replies

Cisco 4500x Viewing VLAN Interface ACL Logging

Go to solution
OSUOPT
Level 1
Level 1

‎01-12-2024 08:18 AM

Hello I am attempting to figure out an odd Inbound ACL issue where for some reason none of the traffic that is going to a VLAN is not matching any of the subnets (In the case for the two I am testing they are coming through the edge firewall first that I have permitted in the ACL and will only match to a "permit ip any any".

Here is the ACL that I have temporary applied to log traffic running to it.

Extended IP access list "name"
10 permit ip any any log (14 match)

Is there a way to check and see the source and destination traffic information on the cisco 4500x itself or force it to log and send those type of logs to my syslog?

Here is my current logging setup

logging buffered informational
logging console informational
logging monitor informational

ip access-list log-update threshold 10

logging host x.x.x.x

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to OSUOPT

‎01-12-2024 09:06 AM

Yes and also I hope it appear for each source/destination 
what in my mind 

the log is not generate when each packet hit the ACL but when first packet hit the ACL then if same packet same ACL it generate log in specific rate 
I hope when we use log-input we get log for each destination.
try it and check 
MHM 

View solution in original post

10 Replies 10

Go to solution
MHM Cisco World
VIP
VIP

‎01-12-2024 08:23 AM

Did you add log to end of acl?

Are this acl is port-acl or vlan acl?

MHM

0 Helpful

Go to solution
OSUOPT
Level 1
Level 1
In response to MHM Cisco World

‎01-12-2024 08:27 AM

I have log in the line "10 permit ip any any log". Do I need to add another line to that ACL separately to have it log?

This ACL is applied to a VLAN interface

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to OSUOPT

‎01-12-2024 08:39 AM

are this ACL apply OUT or IN ?
MHM

0 Helpful

Go to solution
OSUOPT
Level 1
Level 1
In response to MHM Cisco World

‎01-12-2024 08:41 AM

The ACL is applied IN

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎01-12-2024 08:46 AM

@OSUOPT use "logging trap <level>" to set syslog logging and obviously the "logging host".

0 Helpful

Go to solution
OSUOPT
Level 1
Level 1
In response to Rob Ingram

‎01-12-2024 08:52 AM

Forgot to include logging trap but I have that set to "logging trap informational" and I do have the logging host set as mentioned in the initial but without the IP set for it

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to OSUOPT

‎01-12-2024 08:54 AM

use log-input instead of log
MHM

Go to solution
OSUOPT
Level 1
Level 1
In response to MHM Cisco World

‎01-12-2024 09:01 AM

Just updated the ACL with to include log-input instead of log and with log-input that should show where the packets come from correct?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to OSUOPT

‎01-12-2024 09:06 AM

Yes and also I hope it appear for each source/destination 
what in my mind 

the log is not generate when each packet hit the ACL but when first packet hit the ACL then if same packet same ACL it generate log in specific rate 
I hope when we use log-input we get log for each destination.
try it and check 
MHM 

Go to solution
Rob Ingram
VIP
VIP
In response to OSUOPT

‎01-12-2024 09:07 AM

@OSUOPT the log-input option will contain the ingress interface and source MAC address information.

The log option would be enough to tell you the source and destination though? example:-

*Jan 12 16:53:56.537: %SEC-6-IPACCESSLOGDP: list ACL permitted icmp 192.168.10.2 -> 192.168.10.1 (0/0), 5

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card