10-13-2020 05:01 AM - edited 10-13-2020 05:08 AM
Hello,
I recently created a PACL and applied it on the egress of a 4500 L3 switch. This application included the "deny any any log". According to the document listed below, which is applicable to my current platform, egress PACLs are supported as long as the hardware can support it. It also states that ACL logging on egress is not permitted. However, my PACL is working properly and logging is working as it should. The PACL is staying active, counters are incrementing and the logging is doing its job.
I cannot figure out why logging is working based on documentation. Can anyone point me to a document that shows that an ACE log parameter is supported on PACLs applied in the outbound direction or explain why it would be working when it shouldn't be according to Cisco?
When configuring PACLs, consider these guidelines:
10-13-2020 07:41 AM
Hi,
The input ACL logging option is supported, although logging is not supported for output ACLs.
If it is all working for you, then this is probably a documentation issue.
HTH
10-13-2020 07:44 AM
Right. That was my reason for the question. The documentation states it's only supported inbound so I guess you're right, it's a documentation error. It's working for me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide