Hi...
Im trying to figure out how the ACL logging works on a 5400Zl we've got for testing.
It seems that this switch has an old firmware running (K.14.41), which might be the issue but I really don't know.
All I want to do is to log the deny statements in a simple ACl Ive created as a test.
In this test I simply want it to log to buffer..
ip access-list extended "KRU"
10 permit ip 172.31.100.0 0.0.0.255 192.168.131.20 0.0.0.0
20 permit udp 172.31.100.0 0.0.0.255 10.60.10.30 0.0.0.0 eq 53
30 permit udp 172.31.100.0 0.0.0.255 10.60.10.40 0.0.0.0 eq 53
40 permit tcp 172.31.100.0 0.0.0.255 10.60.0.0 0.0.255.255 established
50 permit tcp 172.31.100.0 0.0.0.255 192.168.131.0 0.0.0.255 established
60 permit icmp 172.31.100.0 0.0.0.255 10.60.0.0 0.0.255.255 0
70 permit icmp 172.31.100.0 0.0.0.255 192.168.131.0 0.0.0.255 0
80 deny ip 172.31.100.0 0.0.0.255 10.60.0.0 0.0.255.255 log
90 deny ip 172.31.100.0 0.0.0.255 192.168.131.0 0.0.0.255 log
vlan 250
name "VLAN250"
untagged B12
ip address 172.31.100.1 255.255.255.0
ip access-group "KRU" in
show debug
Debug Logging
Source IP Selection: Outgoing Interface
Destination:
Memory buffer
Enabled debug types:
acl log
The ACL itself works fine, but nothing is being logged when I hit the deny rules..
Am I missing something?
Thanks in advance..
/Kim Rubeck
#ACLs