Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
945
Views
5
Helpful
2
Replies

PACL on egress

nat8506
Level 1
Level 1

‎10-13-2020 05:01 AM - edited ‎10-13-2020 05:08 AM

Hello, 

 

I recently created a PACL and applied it on the egress of a 4500 L3 switch. This application included the "deny any any log". According to the document listed below, which is applicable to my current platform, egress PACLs are supported as long as the hardware can support it. It also states that ACL logging on egress is not permitted. However, my PACL is working properly and logging is working as it should. The PACL is staying active, counters are incrementing and the logging is doing its job.  

 

I cannot figure out why logging is working based on documentation. Can anyone point me to a document that shows that an ACE log parameter is supported on PACLs applied in the outbound direction or explain why it would be working when it shouldn't be according to Cisco?

 

 
See the section below:
 
"

When configuring PACLs, consider these guidelines:

  • There can be at most one IPv4, one IPv6, and one MAC access list applied to the same Layer 2 interface per direction.
....
  • If insufficient hardware resources exist to program the PACL, the output PACL is not applied to the port, and you receive a warning message.
"
 
 
Labels:
2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

‎10-13-2020 07:41 AM

Hi,

The input ACL logging option is supported, although logging is not supported for output ACLs.

If it is all working for you, then this is probably a documentation issue.

HTH

0 Helpful

nat8506
Level 1
Level 1
In response to Reza Sharifi

‎10-13-2020 07:44 AM

Right. That was my reason for the question. The documentation states it's only supported inbound so I guess you're right, it's a documentation error. It's working for me. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card