Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-List logging on ME-3750

Hi,

I cannot see any logging messages indicating that some packets meeets the Access-list condition. Here is a portion of the configuration:

logging console informational

interface GigabitEthernet1/0/3

ip access-group 101 in

access-list 101 deny icmp any any log

Note: I know that this ACL is working since I cannot ping the VLAN from my PC.

Is there anything missing in order to see some messages indicating that some packet meets the ACL condition. Also would like to know  where the messages displays by the Console and buffer logging are logged.

Thanks for your help

Stephane

R1#show logging

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes,

0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level informational, 231 messages logged, xml disabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

                     filtering disabled

    Buffer logging:  level debugging, 231 messages logged, xml disabled,

                     filtering disabled

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    File logging: disabled

    Persistent logging: disabled

No active filter modules.

    Trap logging: level informational, 230 message lines logged

Log Buffer (4096 bytes):

8w6d: %SYS-5-CONFIG_I: Configured from console by console

8w6d: %SYS-5-CONFIG_I: Configured from console by console

1 REPLY

Re: Access-List logging on ME-3750

Hi Stephane,

logging is on and should be updated in a 5 minute intervall after the first packet matched.

detail here:

http://www.cisco.com/web/about/security/intelligence/acl-logging.html

plese post a show access-list 101, there you see really if there are matches.

Oh, wait I see you log to the console imformation, maybe that is the key.I think that should work, but you can try. Or post the hole config if possible...

The logging console command limits the logging messages displayed on the console. maybe should should change that or check the console ...

- Sebastian

429
Views
0
Helpful
1
Replies