Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Log output from an ACL

When you implement an ACL (standard/extended etc), you can choose the option of "log-input" to output any packets that are allowed/disallowed as per your ACL. Is there a document that help you interpret this log output? For a specific example,:

Apr 16 08:59:55.620 PDT: 133 permitted icmp 216.79.10.135 -> 65.165.174.18 (8/0), 1 packet

Now I figured the router allowed an ICMP packet pass from host 216.79.10.135 to host 65.165.174.18. However, I am unsure what "(8/0)" means. What would be really good is a reasonably comprehensive document that explains how to intepret the log output in general . I've searched the Cisco website, but am struggling to find the relevant document.

Any help appreciated.

regards,

Matthew.

1 REPLY
Cisco Employee

Re: Log output from an ACL

Not sure if there's any documentation on this specifically.

For an ICMP ACL, the 8/0 refers to the ICMP type and code (type/code). These can be found in a multitude of places on the Internet, here's one (http://www.iana.org/assignments/icmp-parameters). For 8/0, this is an ICMP Echo packet (a ping).

For TCP/UDP ACL's, this value will just be one value (no / in there), and this will indicate the TCP/UDP port number. If I remember correctly, this number will show up on both the source and the destination IP addresses, indicating the source and destination port number in the packet.

94
Views
0
Helpful
1
Replies