RE: ACL matching interface

From: Scott Morris (swm@emanon.com)
Date: Sat Sep 20 2003 - 15:10:25 GMT-3

• Next message: Scott Morris: "RE: Some questions about ISDN"
• Previous message: mikenoc@mindspring.com: "Choosing the right workbook and bootcamp"
• Maybe in reply to: emad: "ACL matching interface"
• Next in thread: Rob Laidlaw: "RE: ACL matching interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Correct, but for looking at the 'show access-list', there still is no
separation of where hits took place in a summary basis.

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jonathan V Hays
Sent: Saturday, September 20, 2003 12:32 PM
To: 'emad'; ccielab@groupstudy.com
Subject: RE: ACL matching interface

Use the "log-input" option. See below for an example.

!
interface Serial1
 ip address 172.16.34.3 255.255.255.0
 ip access-group 130 in
!
interface Serial2
 ip address 172.16.35.3 255.255.255.0
 ip access-group 130 in
 clockrate 72000
!
!
access-list 130 permit ip any any log-input
!

r3#sh logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 44 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 44 messages logged
    Trap logging: level informational, 48 message lines logged
          
Log Buffer (4096 bytes):

00:15:01: %SEC-6-IPACCESSLOGDP: list 130 permitted icmp 172.16.34.4
(Serial1 ) -> 172.16.34.3 (0/0), 1 packet
00:17:58: %SYS-5-CONFIG_I: Configured from console by console
00:18:17: %SEC-6-IPACCESSLOGRP: list 130 permitted eigrp 172.16.35.5
(Serial2 ) -> 224.0.0.10, 1 packet
00:19:12: %SEC-6-IPACCESSLOGDP: list 130 permitted icmp 172.16.35.5
(Serial2 ) -> 172.16.35.3 (0/0), 109 packets
00:19:25: %SEC-6-IPACCESSLOGRP: list 130 permitted eigrp 172.16.34.4
(Serial1 ) -> 224.0.0.10, 1 packet
00:19:27: %SEC-6-IPACCESSLOGRP: list 130 permitted eigrp 172.16.34.4
(Serial1 ) -> 172.16.34.3, 1 packet
00:20:12: %SEC-6-IPACCESSLOGDP: list 130 permitted icmp 172.16.34.4
(Serial1 ) -> 172.16.34.3 (0/0), 104 packets r3#

HTH,

Jonathan

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
emad
Sent: Saturday, September 20, 2003 10:42 AM
To: ccielab@groupstudy.com
Subject: ACL matching interface

Folks,
If I have ACL configured on both interfaces (Ethernet and Serial) how
can I differentiate between the matching times in the access-list itself
(I mean which matching which interface or I need to know the matches for
serial away from matches for Ethernet) since I have only the command :
Sh ip access-list 130

In e0
Ip access-group 130 in

In s0
Ip access-group 130 in

Regards

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

• Next message: Scott Morris: "RE: Some questions about ISDN"
• Previous message: mikenoc@mindspring.com: "Choosing the right workbook and bootcamp"
• Maybe in reply to: emad: "ACL matching interface"
• Next in thread: Rob Laidlaw: "RE: ACL matching interface"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:32 GMT-3