Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
2
Replies

6500/6800 Source Guard logging

andrewswanson
Level 7
Level 7

‎11-30-2015 05:58 AM - edited ‎03-08-2019 02:53 AM

Hello
I'm trying to get logging of ip source guard drops working on a Cisco 6807 ios s2t54-ipservicesk9-mz.SPA.152-1.SY1a.bin.

Source guard is working perfectly but I can't get any traps/logs when there is a source guard drop (all snmp traps are enabled).

The output of "debug ip verify source packet" only shows the following:

Client has IP hardwired (Source Guard drops all traffic)
Nov 30 11:42:39.080: SW1: IP_SOURCE_GUARD: dhcp snooping vp state change, vlan: 79, port: GigabitEthernet104/1/0/1, add flag: 1.

Client uses DHCP (Source Guard permits all traffic)
Nov 30 11:43:35.276: SW1: IP_SOURCE_GUARD: dhcp snooping binding update, ip: 10.10.79.10, vlan: 79, port: GigabitEthernet104/1/0/1, mac: E8E0.B75A.775C, add flag: 1.

Some catalysts support smart logging with netflow for logging Source Guard and DHCP Snooping but the 6500/6800 doesn't seem to..

Is there a way to log source guard on 6500/6800?

Thanks
Andy

Labels:
0 Helpful
2 Replies 2

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎11-30-2015 06:41 AM

Hello Andy,

You are right that some switches uses smart logging with netflow for source gaurd but have tried enabling the logging command.

switch-A(config)# logging level dhcp 6
switch-A(config)# logging logfile messages 6
switch-A(config)# logging event link-status default

Hope it Helps..

-GI

0 Helpful

andrewswanson
Level 7
Level 7
In response to Ganesh Hariharan

‎11-30-2015 08:19 AM

Thanks for the reply Ganesh.

I don't have these exact commands but current logging on the 6807 is :

    Console logging: level informational, 7092 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 10907 messages logged, xml disabled,
                     filtering disabled
        Logging to: tty1(6797)
    Buffer logging:  level informational, 6518 messages logged, xml disabled,
                    filtering disabled
    Trap logging: level informational, 2142 message lines logged

I get dhcp snooping binding logs but no source guard. If i change logging to level 7 debug I see the basic source guard dhcp snooping updates shown in my original post but nothing regarding Source guard when it is actively filtering traffic.

The only logging options I have on the 6807 for "ip verify source" are for urpf and not source guard.

Thanks

Andy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card