Acl Logging; Enabling Acl Logging; Logged Information - Lenovo RackSwitch G8264 Application Manual

ACL Logging

Enabling ACL Logging

Logged Information

© Copyright Lenovo 2016
ACLs are generally used to enhance port security. Traffic that matches the
characteristics (source addresses, destination addresses, packet type, etc.) specified
by the ACLs on specific ports is subject to the actions (chiefly permit or deny)
defined by those ACLs. Although switch statistics show the number of times
particular ACLs are matched, the ACL logging feature can provide additional
insight into actual traffic patterns on the switch, providing packet details in the
system log for network debugging or security purposes.
By default, ACL logging is disabled. Enable or disable ACL logging on a per‐ACL
basis as follows:
RS G8264(config)# [no] access­control list <IPv4 ACL number> log
RS G8264(config)# [no] access­control list6 <IPv6 ACL number> log
When ACL logging is enabled on any particular ACL, the switch will collect
information about packets that match the ACL. The information collected depends
on the ACL type:
 For IP‐based ACLs, information is collected regarding
Source IP address

Destination IP address

TCP/UDP port number

ACL action

Number of packets logged

For example:
Sep 27 4:20:28 DUT3 NOTICE ACL­LOG: %IP ACCESS LOG: list
ACL­IP­12­IN denied tcp 1.1.1.1 (0) ­> 200.0.1.2 (0), 150
packets.
 For MAC‐based ACLs, information is collected regarding
Source MAC address

Source IP address

Destination IP address

TCP/UDP port number

ACL action

Number of packets logged

For example:
Sep 27 4:25:38 DUT3 NOTICE ACL­LOG: %MAC ACCESS LOG: list
ACL­MAC­12­IN permitted tcp 1.1.1.2 (0) (12,
00:ff:d7:66:74:62) ­> 200.0.1.2 (0) (00:18:73:ee:a7:c6), 32
packets.
Chapter 7: Access Control Lists
131