ACL Logging
Enabling ACL Logging
Logged Information
© Copyright Lenovo 2016
ACLs are generally used to enhance port security. Traffic that matches the
characteristics (source addresses, destination addresses, packet type, etc.) specified
by the ACLs on specific ports is subject to the actions (chiefly permit or deny)
defined by those ACLs. Although switch statistics show the number of times
particular ACLs are matched, the ACL logging feature can provide additional
insight into actual traffic patterns on the switch, providing packet details in the
system log for network debugging or security purposes.
By default, ACL logging is disabled. Enable or disable ACL logging on a per‐ACL
basis as follows:
RS G8264(config)# [no] accesscontrol list <IPv4 ACL number> log
RS G8264(config)# [no] accesscontrol list6 <IPv6 ACL number> log
When ACL logging is enabled on any particular ACL, the switch will collect
information about packets that match the ACL. The information collected depends
on the ACL type:
For IP‐based ACLs, information is collected regarding
Source IP address
Destination IP address
TCP/UDP port number
ACL action
Number of packets logged
For example:
Sep 27 4:20:28 DUT3 NOTICE ACLLOG: %IP ACCESS LOG: list
ACLIP12IN denied tcp 1.1.1.1 (0) > 200.0.1.2 (0), 150
packets.
For MAC‐based ACLs, information is collected regarding
Source MAC address
Source IP address
Destination IP address
TCP/UDP port number
ACL action
Number of packets logged
For example:
Sep 27 4:25:38 DUT3 NOTICE ACLLOG: %MAC ACCESS LOG: list
ACLMAC12IN permitted tcp 1.1.1.2 (0) (12,
00:ff:d7:66:74:62) > 200.0.1.2 (0) (00:18:73:ee:a7:c6), 32
packets.
Chapter 7: Access Control Lists
131