×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

log traffic from specific vlan

Answered Question
Feb 28th, 2006
User Badges:

am applying acl to keep viruses / worms at bay on a specific vlan. how do i log the trafic from THAT specific vlan?


thx

Correct Answer by pkhatri about 11 years 5 months ago

Hi,


Just use the 'log' keyword at the end of these ACL lines. It will log all traffic matching the line. You might want to restrict that keyword to ACL deny lines only so that you are only logging "bad' traffic.


Hope that helps - pls rate the post if it does.

Paresh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Correct Answer
pkhatri Tue, 02/28/2006 - 04:57
User Badges:
  • Purple, 4500 points or more

Hi,


Just use the 'log' keyword at the end of these ACL lines. It will log all traffic matching the line. You might want to restrict that keyword to ACL deny lines only so that you are only logging "bad' traffic.


Hope that helps - pls rate the post if it does.

Paresh

Bobby Thekkekandam Tue, 02/28/2006 - 05:18
User Badges:
  • Cisco Employee,

To add to what Paresh said, keep in mind that any packets matching an ACE with the 'log' keyword will be switched by the CPU, so if you have a large amount of traffic in this vlan, it could potentially raise the CPU utilization of the switch significantly.


-Bobby

tsrader Tue, 02/28/2006 - 06:30
User Badges:

thx for the reply. i'm trying to find out ports which are required to open right now after applying the acl to both inbound / outbound on the interface. i have done "access-list 105 permit ip any any log" to see if i can find an issue i'm having w/ a pc which talks to a sql server on our production VLAN. is this correct to do it this way?


sql server: 192.168.4.30

pc (on vlan) 192.168.57.50


pc needs to talk to sql server....


thx

Actions

This Discussion