Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
976
Views
0
Helpful
2
Replies

Problem logging ACL deny's to buffer and syslog

loobitize
Level 1
Level 1

‎05-03-2006 07:12 PM - edited ‎03-03-2019 03:03 AM

I am trying to log messages that match the deny ip any any statement at the end of my access list to buffer and syslog. Neither is working on this switch, though I have gotten it to work on another switch. Am I doing something wrong or is this a bug? The relevant information:

4507, Sup V

Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I5K91S-M), Version 12.2(25)EWA5, RELEASE SOFTWARE (fc1)

interface Vlan209

description IPT NETWORK

ip address 12.5.209.1 255.255.255.0

ip access-group PhonesIn in

ip access-group PhonesOut out

ip helper-address xxx.xxx.xxx.xxx

end

Extended IP access list PhonesIn

<shortened>

350 permit ip host 12.5.209.8 any (74 matches)

360 deny ip any any log (123 matches)

Extended IP access list PhonesOut

<shortened>

340 permit ip any host 12.5.208.8

350 deny ip any any log (177 matches)

Switch# show logging

Syslog logging: enabled (0 messages dropped, 129 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 45020 messages logged, xml disabled,

filtering disabled

Exception Logging: size (8192 bytes)

Count and timestamp logging messages: disabled

Trap logging: level informational, 44129 message lines logged

Logging to xxx.xxx.xxx.xxx, 44129 message lines logged, xml disabled,

filtering disabled

Labels:
0 Helpful
2 Replies 2

a-vazquez
Level 6
Level 6

‎05-10-2006 09:06 AM

The following example gives you an idea

access-list vlan30 extended permit

access-list vlan30 extended deny ip any any

deny ip any any as the implicit deny should take care of this.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to a-vazquez

‎05-10-2006 09:52 AM

I am puzzled about this answer since the original post was about not getting the output to logging to syslog or logging to buffered.

The output of show log looks like things should work. It does show that logging is configured to a syslog server and it does show that logging to the buffer is enabled and that the logging level of the buffer should include the ACL deny messages.

Can the original poster clarify whether other things are logging correctly to syslog and buffer and it is only the ACL deny that is not showing up or are there issues with logging other things as well?

It might be helpful in understanding what is going on if the original poster would post the output of this command:

show run | include log

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents