Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
1
Replies

Nered to know where I can view ACL denies regarding "access-list deny any log" ?

Yermander
Level 1
Level 1

‎09-25-2014 02:40 AM - edited ‎02-21-2020 05:17 AM

I ask this question in the context of an SNMP access list. I am guessing that this line of config (access-list deny any log) will allow you to see which addresses were denied SNMP access.

I need to know where I can view the source addresses from where the packets were dropped? Could this be just in sh log? Thanks in advance for any help. Cheers

0 Helpful
1 Reply 1

Pedro Lereno
Level 1
Level 1

‎09-25-2014 06:55 AM

 

Hi,

 

Yes, with an extended access-list with the last line:

deny ip any any log

with "sh log" you can  see the source address of the packets being dropped.

Take note that you must be at least in the logging level 6 (informational), by default console and monitor are in level 7 (debugging):

logging console debugging

logging monitor debugging

With older IOS versions (before at least 12.4) you had to add the following lines at the bottom of the acl:

access-list 101 deny   tcp any range 0 65535 any range 0 65535 log
access-list 101 deny   udp any range 0 65535 any range 0 65535 log
access-list 101 deny   icmp any any log
access-list 101 deny   ip any any log


to log the sources and destinations IPs and port numbers.

 

Best Regards,

 

Pedro Lereno

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card