Wired Intelligent Edge

 View Only

Port-access Role - Log Dropped/denied packets

This thread has been viewed 13 times
  • 1.  Port-access Role - Log Dropped/denied packets

    Posted Aug 22, 2023 08:44 AM

    Hi,

    is it possible on some way to log or debug packets in CX Switches that are dropped by the port-access policy?

    example config:


    port-access policy Internet-Only-DENY-RFC1918
        1 class ip RFC1918 action drop
        2 class ip Allow_All

    class ip Allow_All
        1 match any any any

    class ip RFC1918
        1 match any any 172.16.0.0/255.240.0.0
        2 match any any 10.0.0.0/255.0.0.0
        3 match any any 192.168.0.0/255.255.0.0

    port-access role test
        associate policy Internet-Only-DENY-RFC1918