The packet filtering statistics are managed and output as device log information by the information
The packet filtering statistics are of the severity level of 6, that is, informational. Informational
messages are not output to the console by default; therefore, you need to modify the log
information output rule for the informational message output to be sent to the console or other
For introduction and configuration of the information center, refer to Information Center
Configuration in the System Volume.
ACL Application Example
Applying an ACL to an Ethernet Interface
As shown in
that everyday from 8:00 to 18:00, the interface allows only packets sourced from Host A to pass through.
Configure Device A to output IPv4 packet filtering logs to the console at an interval of 10 minutes.
Figure 4-1 Network diagram for applying an ACL to an Ethernet interface for filtering
# Create a time range named study, setting it to become active from 08:00 to 18:00 everyday.
[DeviceA] time-range study 8:00 to 18:00 daily
# Create IPv4 ACL 2009, and configure two rules for the ACL. One permits packets sourced from
192.168.1.2/32 and the other denies packets sourced from any other host during the time range study.
Enable logging for both rules.
[DeviceA] acl number 2009
[DeviceA-acl-basic-2009] rule permit source 192.168.1.2 0 time-range study logging
[DeviceA-acl-basic-2009] rule deny source any time-range study logging
apply an ACL to the inbound direction of GigabitEthernet 1/0/1 on Device A so