Re: Access-list for Logging !!! - Cisco Community

363

Views

0

Helpful

1

Replies

hi all ,

I am trying to log login access for Telnet to the netwrok devices ,

below is the access-list that i used ,

access-list 155 permit tcp 140.80.0.0 0.0.255.255 any log

access-list 155 deny tcp any any range 0 65535 log

access-list 155 deny udp any any range 0 65535 log

access-list 155 deny ip any any log

ther is this one machine that we have whats up gold on 140.80.1.1, fills up my log on the ciscoworks,

RME-Syslog is there any way that i can stop logging of this one system.

thanks in advance

1 Reply 1

Hi,

If you add another entry at the top of your ACL allowing TCP access to your specific host without logging then this will stop your logs being filled as the ACL is processed in order.

access-list 155 permit tcp host 140.80.1.1 any

access-list 155 permit tcp 140.80.0.0 0.0.255.255 any log

access-list 155 deny tcp any any range 0 65535 log

access-list 155 deny udp any any range 0 65535 log

access-list 155 deny ip any any log

Rgds

Paddy

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community