Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10920
Views
5
Helpful
6
Replies

Nexus 5000 ACL logging

Go to solution
kohsei.kadohno
Level 1
Level 1

‎04-12-2011 09:46 PM

Hi,

I want to know how to logging the ACL hit information on Nexus 5000.

The optional "log" syntax was refused though I tried to configure as follows.

----

N5K-01(config)# ip access-list test-acl
N5K-01(config-acl)# permit ip host 10.1.1.1 any log
                                                               ^
% Invalid ip address at '^' marker.
N5K-01(config-acl)# permit ip host 10.1.1.1 any ?
  <CR>
  dscp        Match packets with given dscp value
  fragments   Check non-initial fragments
  precedence  Match packets with given precedence value

N5K-01(config-acl)#

----

But the "log" is included in the Syntax Description of below reference.

http://www.cisco.com/en/US/partner/docs/switches/datacenter/nexus5000/sw/command/reference/rel_5_0/security_cmd_ref.html#wp1481494

The plattform is N5K-C5548P, and NS-OS is version 5.0(3)N1(1b).

Please advise.

Thanks.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lucien Avramov
Level 10
Level 10

‎04-13-2011 11:51 AM

Thanks for pointing this out, we are tracking this fix with : CSCti31305

We will address this documentation omission.

View solution in original post

6 Replies 6

Go to solution
George Karavitis
Level 1
Level 1

‎04-13-2011 04:32 AM

Hello Kohsei,

I am only replying because I am facing exactly the same problem on 2 different environments, on the same 5k systems as yours.

I really hope we get an answer, but if in the meanwhile you figure it out please post the answer here for the rest of us.

rGrds

George Karavitis

0 Helpful

Go to solution
Lucien Avramov
Level 10
Level 10

‎04-13-2011 11:51 AM

Thanks for pointing this out, we are tracking this fix with : CSCti31305

We will address this documentation omission.

Go to solution
kohsei.kadohno
Level 1
Level 1
In response to Lucien Avramov

‎04-13-2011 07:47 PM

Thank you.

0 Helpful

Go to solution
v-crsimp
Level 1
Level 1

‎10-22-2012 02:51 PM

Did you figure this one out?

Craig

0 Helpful

Go to solution
Michael Greene
Level 1
Level 1

‎10-28-2013 02:41 PM

I am experiencing the same issue. I am trying to log on a deny statement "deny ip any any log". The result is "ERROR: policy rule not supported". I am running release version 5.2(1)N1(1) on a Nexus 5548UP. If I create a simple one line ACL with log at the end, it seems to work, I don't get the error anyway. However, when I include the log statement in my larger ACL, I get the error. Even when I try to edit the ACL, removing the deny ip any any and add the deny ip any any log statement to the existing ACL I get the error.

Thanks,

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents