I've set up an ACL for one of my VLAN's and want to see log event for denied traffic. I've run the following to see realtime debugging in my sessIon:
debug destination session
debug acl
Problem is I am only getting debug info for permitted packets. I want to see for denied. Here is my ACL:
ip access-list extended "VOICE-ACL"
10 permit udp any 192.168.130.4 255.255.255.0 eq dns log
20 permit udp any 192.168.130.25 255.255.255.0 eq dns log
30 deny ip any 192.168.130.0/24 log
100 permit ip any any log
exit
vlan 90
ip access-group "VOICE-ACL" in
exit
How can I set up a proper logging trail for the denied traffic? I dio not have an external syslog server. Can I enable logging locally on the switch for the denied traffic? Any thoughts will be most appreciated. Thanks.
------------------------------
Romual Piecyk
------------------------------