Guidelines For Configuring Acl Logging - Dell Z9000 Configuration Manual

database. When the configured maximum threshold has exceeded, log generation stops. When the
interval at which ACL logs are configured to be recorded expires, a fresh interval timer starts and the
packet count for that new interval commences from zero. If ACL logging was stopped previously because
the configured threshold has exceeded, it is reenabled for this new interval.
The ACL application sends the ACL logging configuration information and other details, such as the
action, sequence number, and the ACL parameters that pertain to that ACL entry. The ACL service
collects the ACL log and records the following attributes per log message.
• For non-IP packets, the ACL name, sequence number, ACL action (permit or deny), source and
destination MAC addresses, EtherType, and ingress interface are the logged attributes.
• For IP Packets, the ACL name, sequence number, ACL action (permit or deny), source and destination
MAC addresses, source and destination IP addresses, and the transport layer protocol used are the
logged attributes.
• For IP packets that contain the transport layer protocol as Transmission Control Protocol (TCP) or
User Datagram Protocol (UDP), the ACL name, sequence number, ACL action (permit or deny), source
and destination MAC addresses, source and destination IP addresses, and the source and destination
ports (Layer 4 parameters) are also recorded.
If the packet contains an unidentified EtherType or transport layer protocol, the values for these
parameters are saved as Unknown in the log message. If you also enable the logging of the count of
packets in the ACL entry, and if the logging is deactivated in a specific interval because the threshold has
exceeded, the count of packets that exceeded the logging threshold value during that interval is recorded
when the subsequent log record (in the next interval) is generated for that ACL entry.

Guidelines for Configuring ACL Logging

This functionality is supported on the Z9000 platform.
Keep the following points in mind when you configure logging of ACL activities:
• During initialization, the ACL logging application tags the ACL rule indices for which a match
condition exists as being in-use, which ensures that the same rule indices are not reused by ACL
logging again.
• The ACL configuration information that the ACL logging application receives from the ACL manager
causes the allocation and clearance of the match rule number. A unique match rule number is
created for the combination of each ACL entry, sequence number, and interface parameters.
• A separate set of match indices is preserved by the ACL logging application for the permit and deny
actions. Depending on the action of an ACL entry, the corresponding match index is allocated from
the particular set that is maintained for permit and deny actions.
• A maximum of 125 ACL entries with permit action can be logged. A maximum of 126 ACL entries with
deny action can be logged.
• For virtual ACL entries, the same match rule number is reused. Similarly, when an ACL entry is deleted
that was previously enabled for ACL logging, the match rule number used by it is released back to the
pool or available set of match indices so that it can be reused for subsequent allocations.
• If you enabled the count of packets for the ACL entry for which you configured logging, and if the
logging is deactivated in a specific interval owing to the threshold having exceeded, the count of
packets that exceeded the logging threshold value during that interval is logged when the subsequent
log record (in the next interval) is generated for that ACL entry.
Access Control Lists (ACLs)
121