Solved: Re: log traffic from specific vlan

tsrader · ‎02-28-2006

am applying acl to keep viruses / worms at bay on a specific vlan. how do i log the trafic from THAT specific vlan?

thx

pkhatri · ‎02-28-2006

Hi,

Just use the 'log' keyword at the end of these ACL lines. It will log all traffic matching the line. You might want to restrict that keyword to ACL deny lines only so that you are only logging "bad' traffic.

Hope that helps - pls rate the post if it does.

Paresh

View solution in original post

pkhatri · ‎02-28-2006

Hi,

Just use the 'log' keyword at the end of these ACL lines. It will log all traffic matching the line. You might want to restrict that keyword to ACL deny lines only so that you are only logging "bad' traffic.

Hope that helps - pls rate the post if it does.

Paresh

Bobby Thekkekandam · ‎02-28-2006

To add to what Paresh said, keep in mind that any packets matching an ACE with the 'log' keyword will be switched by the CPU, so if you have a large amount of traffic in this vlan, it could potentially raise the CPU utilization of the switch significantly.

-Bobby

tsrader · ‎02-28-2006

thx for the reply. i'm trying to find out ports which are required to open right now after applying the acl to both inbound / outbound on the interface. i have done "access-list 105 permit ip any any log" to see if i can find an issue i'm having w/ a pc which talks to a sql server on our production VLAN. is this correct to do it this way?

sql server: 192.168.4.30

pc (on vlan) 192.168.57.50

pc needs to talk to sql server....

thx