04-05-2009 11:14 PM - edited 03-04-2019 04:15 AM
Hello everyone,
I tested the following compositions.
Client ---------- Cisco 1812
ããã10.0.0.0/24
-----
ã»Cisco 1812 config(Excerpt)
!
!
interface FastEthernet0
ip address 10.0.0.1 255.255.255.0
ip access-group 100 in
duplex auto
speed auto
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
access-list 100 permit ip any any log
!
------
When I access "http://10.0.0.1/",
Cisco 1812 outputs this log.
*Apr 6 14:23:01.455 JST: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 10.0.0.10(0) -> 10.0.0.1(0), 5 packets
I don't know why Cisco 1812 outputs this log "(0)". And I tested two IOS version but both output this log.
ã»12.4(24)T
ã»12.3(8)YI2
Is it bug, restriction or other ??
Thanks
Reiji
04-06-2009 06:31 AM
Hi Reiji,
It's because of the log option you added in your ACL:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a2.html#wp1058483
HTH
Laurent.
04-07-2009 01:14 PM
Reiji
The link provided by Laurent gives a reasonable explanation of the log function used in an access list. But I am not sure that it really addresses the central point of your question. If I am understanding correctly what you really want to know is why the port numbers in the log report are (0) rather than the (80) that you would normally expect for HTTP traffic. This is one of the subtle behaviors of the log function. If the access list were examining TCP ports then it could report the TCP port numbers. But since the access list is not examining any TCP port numbers then it can not report any specific TCP port numbers.
HTH
Rick
04-07-2009 10:56 PM
Hello Rick,
very good note if the ACL line were changed to
permit tcp any any log
the ports fields could be populated with real values
Best Regards
Giuseppe
04-08-2009 12:10 AM
konnitiwa
if you want to the port numbers in the log report, I think you can do as follows.
access-list 100 permit tcp any any eq xxx log
access-list 100 permit ip any any log
[xxx is anything you like. telnet, ftp and of course www]
HTH
04-08-2009 04:10 PM
Giuseppe
Actually permit tcp any any log is not good enough. As Tomoyuki illustrates it needs to check for some value in TCP such as permit tcp any any eq xxx log.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: