Enabling The New Logging Method; Specifying The Wait Time; Modifying Acls - Dell PowerConnect B-RX Configuration Manual

21

Modifying ACLs

NOTE
Logging is not currently supported on management interfaces.

Enabling the new logging method

There are no new CLI commands to enable this new processing method; it takes effect
automatically if the following items have been configured:
•
•
•
Syntax: ip access-group enable-deny-logging

Specifying the wait time

You can specify how long the system waits before it sends a message in the Syslog by entering a
command such as the following.
BigIron RX(config)# ip access-list logging-age 2
Syntax: ip access-list logging-age <minutes>
Enter 1 – 10 minutes. The default is 5 minutes.
Modifying ACLs
When you configure any ACL, the software places the ACL entries in the ACL in the order you enter
them. For example, if you enter the following entries in the order shown below, the software always
applies the entries to traffic in the same order.
BigIron RX(config)#access-list 1 deny 209.157.22.0/24
BigIron RX(config)#access-list 1 permit 209.157.22.26
Thus, if a packet matches the first entry in this ACL and is therefore denied, the software does not
compare the packet to the remaining ACL entries. In this example, packets from host
209.157.22.26 will always be dropped, even though packets from this host match the second
entry.
556
Syslog logging is enabled.
BigIron RX(config)#logging on
Add the log option to an ACL statement as in the following example.
BigIron RX(config)#access-list 400 deny any any log-enabled
or
BigIron RX(config)#ip access-list standard hello
BigIron RX(config-std-nacl)#deny any log
Enable the ip access-group enable-deny-logging command on an interface. If this command is
not enabled, packets denied by ACLs are not logged.
BigIron RX(config)#interface ethernet 5/1
BigIron RX(config-if-e1000-5/1)#ip access-group enable-deny-logging
BigIron RX Series Configuration Guide
53-1002253-01