Enable Acl "Deny" Logging; Requirements For Using Acl Logging - HP ProCurve 6120G/XG Manual
Hp procurve series 6120 blade switches access security guide
Hide thumbs
Also See for ProCurve 6120G/XG:
- Configuration manual (662 pages) ,
- Manual (469 pages) ,
- Management manual (222 pages)
Table of Contents
Advertisement
IPv4 Access Control Lists (ACLs)
Enable ACL "Deny" Logging
6. If the configuration appears satisfactory, save it to the startup-config file:
Enable ACL "Deny" Logging
ACL logging enables the switch to generate a message when IP traffic meets
the criteria for a match with an ACE that results in an explicit "deny" action.
You can use ACL logging to help:
■
■
The switch sends ACL messages to Syslog and optionally to the current
console, Telnet, or SSH session. You can configure up to six Syslog server
destinations.
Requirements for Using ACL Logging
■
■
■
■
9-68
ProCurve(config)# write memory
Test your network to ensure that your ACL configuration is detecting
and denying the traffic you do not want forwarded
Receive notification when the switch detects attempts to transmit
traffic you have designed your ACLs to reject
The switch configuration must include an ACL (1) assigned to an
interface and (2) containing an ACE configured with the deny action
and the log option.
To screen routed packets with destination IP addresses outside of the
switch, IP routing must be enabled.
For ACL logging to a Syslog server, the server must be accessible to
the switch and identified (with the logging < ip-addr > command) in
the switch configuration.
Debug must be enabled for ACLs and one or both of the following:
•
logging (for sending messages to Syslog)
•
Session (for sending messages to the current console interface)
Hide quick links:
Advertisement
Table of Contents
