Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Logging a specific port on a switch


I have a server which is serving secure web pages. However from time to time the websites stop responding, but the server is still working fine. This server only serves webpages for office members. (ie it's intranet, so no outside access allowed.)

I need to monitor the port of the server via my switch in order to see how many people access the site.

Am I correct by saying that I can set up and ACL to log access for port 443 and then apply it to the port the server connects to?



Hall of Fame Super Blue

Re: Logging a specific port on a switch


Is it a layer or 3 port ?

If layer 3 yes apply in the outbound direction.

If layer 2 you need to apply it to the L3 interface for that subnet


access-list 101 permit tcp any host "server ip" eq 443 log

access-list 101 permit ip any any

under the L3 interface

ip access-group 101 out



Community Member

Re: Logging a specific port on a switch

Hi Jon

Thank you for the response :)

The problem is that the traffic don't traverse a layer 3 device (in this case a router). So it means the server is connected straight to the switch (port G1/0/2) and this specific port is what I am trying to monitor for traffic on port 443.



Re: Logging a specific port on a switch


It depends on the platform - each one has different limitations. For example, I have mainly 4500, and on this you can apply a layer-3/4 access list on a layer-2 switchport, with certain complicated restrictions, which I shall try and outline for you. In this context, they are known as "Port ACLs" or PACL. You can find the full text in

The rules for a 4500 are, briefly:

1. You can only have one layer-3 ACL in each direction on any particular port.

2. There is generally no restriction on output PACLs

3. You cannot have an input PACL and a VLAN map on its VLAN at the same time. (If you try and put both, there are commands to determine which takes precedence.)

4. You cannot have an input ACL on a switchport, and an input ACL on the SVI of its VLAN.

See also

I have used layer-3/4 IP input PACLs quite succesfully, even on a trunk switchport interface.

Kevin Dorrell


Community Member

Re: Logging a specific port on a switch

Hi Kevin

Thank you for your help :) The device I am using is a 3750 although I am reading through the URL's as they contain interesting points.

Do you think using a mac acl in my case will be useful?

As I mentioned to Jon, the web server is directly connected to the switch port. On this switch port I need to check for traffic on port 443.

Thank you


Re: Logging a specific port on a switch


I don't think a MAC ACL will help in this case because, AFAIK, MAC ACLs apply only to non-IP traffic. (I do know, however, that there are people on this board who disagree with me on that interpretation of the docs. So you could try it if you want to experiment.)

"After you create a MAC ACL, you can apply it to a Layer 2 interface to filter non-IP traffic coming in that interface."

Sadly, it seems that the 3750 does not support those PACLs I was telling you about. The best it can offer for your purposes, I think, is a VLAN access-map, or VACL. This will filter at layer-3 on the layer-2 bridge, but over the entire VLAN rather than on a single port. But I guess you could get what you want by carefully designing the ACL. Here is the reference:

Kevin Dorrell


Community Member

Re: Logging a specific port on a switch

Hi Kevin,

Thank you for your assistance :) I had a look at the MAC ACL's on the 3750 yesterday. They do not filter by port traffic (ie all traffic on port 443). So that has limited my options even more.

I am reading through your URL's and will see if I can create anything from them.

Thank you for all your help :)



Re: Logging a specific port on a switch


What web server/service are you running (IIS, Apache, iPlanet) and in what platform (Windows, UNIX, LINUX, AIX)?

There are utilities in the internet to convert the logs to sort the source ip address and the port (i.e. 443) they are trying to access.

Check also the configured maximum number of concurrent connections of your web server/service. Anything else, it sound like a DDOS which bring down the web server/service but not the server.



CreatePlease to create content