Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

log-input not available on ACL's SG300-10

hello running L3 version on SG300-10, but the ACL does not allow 'log-input' to be attached to a deny;

core-switch(config-if)#ip access-list extended test
core-switch(config-ip-al)#$17.35.181 0.0.0.0 any 172.16.32.4 0.0.0.0 1723
  dscp                 Configure DSCP filtering.
  precedence           Configure IP-PRECEDENCE filtering.
  match-all            List of TCP flags that should occur. If a flag should
                       be set it is prefixed by "+".If a flag should be unset
                       it is prefixed by "-". Available options are +urg,
                       +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst,
                       -syn and -fin.To define more than 1 flag - enter
                       additional flags one after another without a space
                       (example +syn-ack).
  time-range           Specify the time-range that applies to this permit
                       statement.
  disable-port         The Ethernet interface would be disabled if the
                       condition is matched
   <CR>
core-switch(config-ip-al)#$.17.35.181 0.0.0.0 any 172.16.32.4 0.0.0.0 1723

The CLI guide mentions it is available, but is not configurable;

+++++

log-input—Specifies sending an informational syslog message about the

packet that matches the entry. Because forwarding is done in hardware and

logging is done in software, if a large number of packets match a deny ACE

containing a log-input keyword, the software might not be able to match the

hardware processing rate, and not all packets will be logged

+++++++++++++

core-switch#sh ver
SW version    1.3.7.18 ( date  12-Jan-2014 time  18:02:59 )
Boot version    1.3.5.06 ( date  21-Jul-2013 time  15:12:10 )
HW version    V02
core-switch#

core-switch#sh system mode

Feature                 State
-------------------     ---------
Mode:                   Router

core-switch#

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

many thanks cisco, now

many thanks cisco, now resolved in new version of code

 

core-switch(config)#do sh access-lists
Extended IP access list PPTP
    permit  tcp any 1723 host 172.16.32.4 any ace-priority 20 log-input
    permit  tcp any any host 172.16.32.4 1723 ace-priority 40 log-input
    permit  ip any any ace-priority 60
core-switch(config)#int gi5
core-switch(config-if)#service-acl input PPTP
core-switch(config-if)#end
core-switch#12-Sep-2014 12:02:54 %3SWCOS-I-LOGACLINETPORTS: gi5: permit ACE IPv4(TCP) 212.183.140.25(31203) -> 172.16.32.4(1723),trapped
12-Sep-2014 12:03:22 %3SWCOS-I-LOGACLINETPORTS: gi5: permit ACE IPv4(TCP) 212.183.128.21(44090) -> 172.16.32.4(1723),trapped

core-switch#
core-switch#sh ver
SW version    1.4.0.88 ( date  06-Aug-2014 time  16:55:55 )
Boot version    1.3.5.06 ( date  21-Jul-2013 time  15:12:10 )
HW version    V02
core-switch#

1 REPLY
New Member

many thanks cisco, now

many thanks cisco, now resolved in new version of code

 

core-switch(config)#do sh access-lists
Extended IP access list PPTP
    permit  tcp any 1723 host 172.16.32.4 any ace-priority 20 log-input
    permit  tcp any any host 172.16.32.4 1723 ace-priority 40 log-input
    permit  ip any any ace-priority 60
core-switch(config)#int gi5
core-switch(config-if)#service-acl input PPTP
core-switch(config-if)#end
core-switch#12-Sep-2014 12:02:54 %3SWCOS-I-LOGACLINETPORTS: gi5: permit ACE IPv4(TCP) 212.183.140.25(31203) -> 172.16.32.4(1723),trapped
12-Sep-2014 12:03:22 %3SWCOS-I-LOGACLINETPORTS: gi5: permit ACE IPv4(TCP) 212.183.128.21(44090) -> 172.16.32.4(1723),trapped

core-switch#
core-switch#sh ver
SW version    1.4.0.88 ( date  06-Aug-2014 time  16:55:55 )
Boot version    1.3.5.06 ( date  21-Jul-2013 time  15:12:10 )
HW version    V02
core-switch#

132
Views
0
Helpful
1
Replies