Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
297
Views
5
Helpful
2
Replies
Highlighted
nat8506
Beginner
Beginner
‎10-13-2020 05:01 AM
‎10-13-2020 05:01 AM

PACL on egress

Hello, 

 

I recently created a PACL and applied it on the egress of a 4500 L3 switch. This application included the "deny any any log". According to the document listed below, which is applicable to my current platform, egress PACLs are supported as long as the hardware can support it. It also states that ACL logging on egress is not permitted. However, my PACL is working properly and logging is working as it should. The PACL is staying active, counters are incrementing and the logging is doing its job.  

 

I cannot figure out why logging is working based on documentation. Can anyone point me to a document that shows that an ACE log parameter is supported on PACLs applied in the outbound direction or explain why it would be working when it shouldn't be according to Cisco?

 

 
See the section below:
 
"

When configuring PACLs, consider these guidelines:

  • There can be at most one IPv4, one IPv6, and one MAC access list applied to the same Layer 2 interface per direction.
....
  • If insufficient hardware resources exist to program the PACL, the output PACL is not applied to the port, and you receive a warning message.
"
 
 
Labels:
Reply
2 REPLIES 2
Highlighted
Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert
‎10-13-2020 07:41 AM
‎10-13-2020 07:41 AM

Hi,

The input ACL logging option is supported, although logging is not supported for output ACLs.

If it is all working for you, then this is probably a documentation issue.

HTH

0 Helpful
Reply
Highlighted
nat8506
Beginner
Beginner
In response to Reza Sharifi
‎10-13-2020 07:44 AM
‎10-13-2020 07:44 AM

Right. That was my reason for the question. The documentation states it's only supported inbound so I guess you're right, it's a documentation error. It's working for me. 

0 Helpful
Reply
Latest Contents
Cisco SD-WAN Global Forum : Quick Guide to Design, Deploy, O...
Created by ciscomoderator on 03-05-2021 12:50 PM
0
0
0
0
To participate in this event, please use the  button to ask your questions * Note: The link to join the discussion will be activated on March 8 All the knowledge of these four experts at your disposal! Cisco Software-Defined Wide Area Network (SD-WAN... view more
Community Live Event- ISR1100X-4G and ISR1100X-6G Platform O...
Created by Cisco Moderador on 03-02-2021 05:23 AM
1
0
1
0
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture (Live event -  Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&... view more
Cisco Secure Network Access Bridges the Gap
Created by Kelli Glass on 02-26-2021 04:19 PM
0
0
0
0
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience. Learn more about how these w... view more
Community Live Video - New Additions to the Catalyst 8000 Fa...
Created by Cisco Moderador on 02-24-2021 08:49 AM
0
0
0
0
(view in My Videos) Community Live- New Additions to the Catalyst 8000 Family (Live event -  Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT... view more
New Additions to the Catalyst 8000 Family- FAQ
Created by Cisco Moderador on 02-24-2021 07:23 AM
0
0
0
0
This event had place on Tuesday 23rd, February 2021 at 10hrs PDT  Introduction Designed for an intent-based network, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security combined. The platforms, available in b... view more
Content for Community-Ad