Enable Acl "Deny" Logging; Requirements For Using Acl Logging - HP 3500yl Series Access Security Manual
Switch software
Hide thumbs
Also See for 3500yl Series:
- Release notes (219 pages) ,
- Specifications (16 pages) ,
- Features (6 pages)
Table of Contents
Advertisement
IPv4 Access Control Lists (ACLs)
Enable ACL "Deny" Logging
10-112
Enable ACL "Deny" Logging
ACL logging enables the switch to generate a message when IP traffic meets
the criteria for a match with an ACE that results in an explicit "deny" action.
You can use ACL logging to help:
Test your network to ensure that your ACL configuration is detecting
■
and denying the IPv4 traffic you do not want forwarded
Receive notification when the switch detects attempts to forward
■
IPv4 traffic you have designed your ACLs to reject (deny)
The switch sends ACL messages to Syslog and optionally to the current
console, Telnet, or SSH session. You can use logging < > to configure up to six
Syslog server destinations.
Requirements for Using ACL Logging
■
The switch configuration must include an ACL (1) assigned to a port,
trunk, or static VLAN interface and (2) containing an ACE configured
with the deny action and the log option.
■
If the RACL application is used, then IPv4 routing must be enabled on
the switch.
■
For ACL logging to a Syslog server:
•
The server must be accessible to the switch and identified in the
running configuration.
•
The logging facility must be enabled for Syslog.
•
Debug must be configured to:
–
support ACL messages
–
send debug messages to the desired debug destination
These requirements are described in more detail under "Enabling ACL
Logging on the Switch" on page 10-114.
Hide quick links:
Advertisement
Chapters
Table of Contents
