From: Kal Han (calikali2006@gmail.com)
Date: Mon Jan 29 2007 - 17:19:32 ART
Hi
On a catalyst switch configured with layer 3 acl on vlan interface,
how can I see "all" the acl deny log messages ?
MY ACL:
access-list 101 deny icmp any any unreachable log-input
access-list 101 permit ip any any
ratelimiting: ip icmp rate-limit unreachable 1
(im taking that the above command will make the swith generate
one icmp unreachable syslog message/ *milli* sec )
My unreachables are comming at the rate of about 2 - 3 /*second*
Its not high...
ACL Counters and console output
-------------------------------------------------
Here is some output. Notice that the line 1 of acl 101
to deny icmp unreachables is initially at 813 in the first output
and it went to 995 in the second output, but I saw *only one*
*syslog message(between the acl output).*
How can I see all the log messages ?
3550-Switch#sh access-lists 101
Extended IP access list 101
* 1 deny icmp any any unreachable log-input (813 matches)
* 20 permit ip any any (55961 matches)
3550-Switch#
*4w4d: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 195.1.123.3 (Vlan123
0002.1666.2340) -> 96.0.1.1 (3/1), 41 packets
*3550-Switch#
3550-Switch#
3550-Switch#sh access-lists 101
Extended IP access list 101
*1 deny icmp any any unreachable log-input (995 matches)
* 20 permit ip any any (56020 matches)
3550-Switch#
Here is my logging setup
3550-Switch#sh logg
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 1958 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 3513 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Trap logging: level debugging, 2355 message lines logged
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:57 ART