From: Keane, James (James.Keane@agriculture.gov.ie)
Date: Wed Dec 08 2004 - 10:18:08 GMT-3
Ok one difference
ip accounting access-violations
will log all violations on the complete access-list
this can be viewed using
sho ip accounting access-violations
whereas you could have an access-list 100 lines long but only want to log
violations for one line
this is where you put log at the end of that line
access-list 123 deny icmp any any log
james
PS- thought of another one - first cant be timestamped second one can !
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: 08 December 2004 13:02
To: Group Study
Subject: Tracking packets denied by a ACL
Hi guys,
I'm trying to figure out the difference between using the log keyword at the
end of an acl entry versus
using the interface command, ip accounting access-violations.
They both seem like they do pretty much the same thing, so I'm not that clear
on when I should use one versus the other.
If any of you have some ideas about this, I'd like to hear from you because
I'd hate to lose points on something like this in the lab.
Also, which method do people think is better for a production network?
TIA, Tim
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:25 GMT-3