Cisco Nexus 5600 Series Configuration Manual page 131

Configuring System Message Logging
• When a new flow is created (INFO message)
• When the flow's packet threshold is reached (WARNING message)
• At the end of a periodic interval (default five minutes) with the information about how many packets
hit the flow (INFO message - configurable)
Along with the above, when the number of flows exceeds a threshold in a given interval, a warning message
is logged and the flow is not added to the logging cache.
The following table describes the limitation in the Cisco Nexus device.
Table 15: ACL Logging Support Table
Feature
PACL
Ingress RACL
Egress RACL
Ingress VACL
Egress VACL
RBACL
VTY ACL In/Out
Ingress RACL on mgmt0
SNMP ACL
NTP ACL
Except for the VTY ACL, all other ACLs support ACL logging for only the "deny" ACE entries. However,
since the same ACL can be applied for both vty ACL and other features, "permit <> log" CLI cannot be
blocked. However, applying such an ACL to any of the interfaces/vlans can be prevented. Mgmt0 supports
permit logging.
In the Cisco Nexus device, CTS is not supported, therefore RBACL is not supported.
ACL logging is not supported for IPv6 and MAC ACLs. It is supported on all interfaces where PACL, RACL,
VACL and VTY can be applied, including FEX HIF interfaces.
The ACL logging is rate-limited. All the packets that hit the ACL are not sent to the sup. The rate limiter
function is per switch and is applied across all ASIC and TCAM regions. The following CLIs will be provided
to configure the rate.
OL-31641-01
Cisco Nexus Device
Logging support
Yes
Yes
Yes
Yes
Yes
N/A
Yes
Yes
Cisco Nexus 5600 Series NX-OS System Management Configuration Guide, Release 7.x
Information About ACL Logging
Drop only
Drop only
Drop only
Drop only
Drop only
Permit/Drop
Permit/Drop
109