CBWFQ and logging

From: Joe Clyde (jclyde@uen.org)
Date: Tue Sep 26 2006 - 18:06:25 ART

• Next message: Brian Dennis: "RE: Security Lab"
• Previous message: Christopher M. Heffner: "RE: Security Lab"
• Next in thread: Victor Cappuccio: "RE: CBWFQ and logging"
• Maybe reply: Victor Cappuccio: "RE: CBWFQ and logging"
• Maybe reply: Schulz, Dave: "RE: CBWFQ and logging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Is there a way to log the traffic that you drop through a service
policy? When I try to match, under the class-map, on an access list with
the "log" statement I get an error...
r2(config)#ip access-list extended 101
r2(config-ext-nacl)#permit tcp any any eq ftp log
r2(config)#class-map foo
r2(config-cmap)#match access-group 101
****access-lists with 'log' keyword are not supported****

Here is an example config (unrelated to the above access list)...can you
log the dropped traffic and if so, how? It seems like you can't use an
access list, so are there options under the class-map, policy-map, or
service-policy?

EG.

class-map match-all p2p
  match protocol kazaa2
  match protocol fasttrack
  match protocol gnutella
  match protocol napster

policy-map p2p
  class p2p
   drop

interface FastEthernet0/0
 description to-->r1
 ip address 150.50.12.2 255.255.255.0
 duplex auto
 speed auto
 service-policy output p2p

• Next message: Brian Dennis: "RE: Security Lab"
• Previous message: Christopher M. Heffner: "RE: Security Lab"
• Next in thread: Victor Cappuccio: "RE: CBWFQ and logging"
• Maybe reply: Victor Cappuccio: "RE: CBWFQ and logging"
• Maybe reply: Schulz, Dave: "RE: CBWFQ and logging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART