Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Logging ACL on 3560 switch

I am trying to log to a syslog server ACL deny.

Extended IP access list wireless

10 deny tcp any 192.168.10.0 0.0.0.255 eq 3389 log-input

20 deny tcp any host 192.168.10.5 eq www log-input

30 permit ip any any log-input (42 matches)

Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 9 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: disabled

Monitor logging: disabled

Buffer logging: level informational, 26 messages logged, xml disabled,

filtering disabled

Exception Logging: size (4096 bytes)

Count and timestamp logging messages: disabled

File logging: disabled

Trap logging: level informational, 8045 message lines logged

Logging to 192.168.11.26, 126 message lines logged, xml disabled,

filtering disabled

It will log some of the allow acl but now deny. Any ideas what is going on? It logs everything else fine.

3 REPLIES
Blue

Re: Logging ACL on 3560 switch

off the top, i don't see any packet (matches) for the deny statements.

i do see 42 (matches) for the allow statement and you say these are being logged. this is fine.

are the deny statements actually seeing the packets and denying them? if not, they will not be logged.

New Member

Re: Logging ACL on 3560 switch

Well the list work thats all I know. I can remove and apply the list to the interface and it works works how it should.

Hall of Fame Super Silver

Re: Logging ACL on 3560 switch

Shannon

I agree with Greg. What you have posted does not show any hits in the access list on the deny statements. And therefore there will be no syslog messages generated from the deny statements so far.

You state that the access list works and I can not argue with that. But are you sure that there has been traffic that would hit the deny statements?

HTH

Rick

339
Views
0
Helpful
3
Replies