Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

log traffic from specific vlan

am applying acl to keep viruses / worms at bay on a specific vlan. how do i log the trafic from THAT specific vlan?

thx

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: log traffic from specific vlan

Hi,

Just use the 'log' keyword at the end of these ACL lines. It will log all traffic matching the line. You might want to restrict that keyword to ACL deny lines only so that you are only logging "bad' traffic.

Hope that helps - pls rate the post if it does.

Paresh

3 REPLIES
Purple

Re: log traffic from specific vlan

Hi,

Just use the 'log' keyword at the end of these ACL lines. It will log all traffic matching the line. You might want to restrict that keyword to ACL deny lines only so that you are only logging "bad' traffic.

Hope that helps - pls rate the post if it does.

Paresh

Cisco Employee

Re: log traffic from specific vlan

To add to what Paresh said, keep in mind that any packets matching an ACE with the 'log' keyword will be switched by the CPU, so if you have a large amount of traffic in this vlan, it could potentially raise the CPU utilization of the switch significantly.

-Bobby

New Member

Re: log traffic from specific vlan

thx for the reply. i'm trying to find out ports which are required to open right now after applying the acl to both inbound / outbound on the interface. i have done "access-list 105 permit ip any any log" to see if i can find an issue i'm having w/ a pc which talks to a sql server on our production VLAN. is this correct to do it this way?

sql server: 192.168.4.30

pc (on vlan) 192.168.57.50

pc needs to talk to sql server....

thx

108
Views
0
Helpful
3
Replies
CreatePlease to create content