From: Church, Chuck (cchurch@netcogov.com)
Date: Sun Oct 24 2004 - 18:19:30 GMT-3
Log or log-input shouldn't have any affect on how an access list affects
traffic on an interface. Here's the definition of the features from the
12.2 docs:
------------------------------------------------------------------------
------------------------
log
(Optional) Causes an informational logging message about the packet that
matches the entry to be sent to the console. (The level of messages
logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was
permitted or denied; the protocol, whether it was TCP, UDP, ICMP, or a
number; and, if appropriate, the source and destination addresses and
source and destination port numbers. By default, the message is
generated for the first packet that matches, and then at 5-minute
intervals, including the number of packets permitted or denied in the
prior 5-minute interval.
Use the ip access-list log-update command to generate logging messages
when the number of matches reaches a configurable threshold (rather than
waiting for a 5-minute interval). See the ip access-list log-update
command for more information.
The logging facility might drop some logging message packets if there
are too many to be handled or if there is more than one logging message
to be handled in 1 second. This behavior prevents the router from
crashing due to too many logging packets. Therefore, the logging
facility should not be used as a billing tool or an accurate source of
the number of matches to an access list.
If you enable CEF and then create an access list that uses the log
keyword, the packets that match the access list are not CEF switched.
They are fast switched. Logging disables CEF.
log-input
(Optional) Includes the input interface and source MAC address or VC in
the logging output.
------------------------------------------------------------------------
-------------------
Neither command should have any affect on matching certain packet types.
Where did you hear this about Smurf attacks?
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
cchurch@netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Zack Damen
Sent: Sunday, October 24, 2004 2:47 PM
To: ccie2be
Cc: samccie2004@yahoo.co.uk; studygroup
Subject: Re: Log Vs log-input
Very quick,
Log-input is used along with Smurf, if you get a question ask to protect
against a smurf attack, then there is a good chance you need to use
log-input, just doing a log will not stop or help stop the attack.
Regards
Zack
> Sam,
>
> I don't think that's an answerable question. It depends on the
wording of
> the question. What is the task trying to accomplish?
>
> If you know the difference between those 2 options and you still can
> figure
> out which is needed, maybe you should ask the proctor for
clarification.
>
> HTH, Tim
>
> ----- Original Message -----
> From: <samccie2004@yahoo.co.uk>
> To: "studygroup" <ccielab@groupstudy.com>
> Sent: Sunday, October 24, 2004 9:07 AM
> Subject: Log Vs log-input
>
>
>> Hi Group
>>
>> Back to basics again. When Cisco ask to log ACL entries do they
expect
>> standard ACL with log or extended with log-input ?
>>
>> Thanks
>>
>> Sam
>>
>>
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:52 GMT-3