Foundry Networks Switch and Router Installation And Configuration Manual page 413

To display Syslog entries, use one of the following methods.
USING THE CLI
Enter the following command from any CLI prompt:
BigIron(config)# show log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Buffer logging: level ACDMEINW, 38 messages logged
level code: A=alert C=critical D=debugging M=emergency E=error
Log Buffer (50 entries):
21d07h02m40s:warning:list 101 denied tcp 209.157.22.191(0)(Ethernet 4/18
0010.5a1f.77ed) -> 198.99.4.69(http), 2 packets
00d07h03m30s:warning:list 101 denied tcp 209.157.22.26(0)(Ethernet 4/18
0010.5a1f.77ed) -> 198.99.4.69(http), 2 packets
00d06h58m30s:warning:list 101 denied tcp 209.157.22.198(0)(Ethernet 4/18
0010.5a1f.77ed) -> 198.99.4.69(http), 1 packets
In this example, the two-line message at the bottom is the first entry, which the software immediately generates
the first time an ACL entry permits or denies a packet. In this case, an entry in ACL 101 denied a packet. The
packet was a TCP packet from host 209.157.22.198 and was destined for TCP port 80 (HTTP) on host
198.99.4.69.
When the software places the first entry in the log, the software also starts the five-minute timer for subsequent log
entries. Thus, five minutes after the first log entry, the software generates another log entry and SNMP trap for
denied packets.
In this example, the software generates the second log entry five minutes later. The second entry indicates that
the same ACL denied two packets.
The time stamp for the third entry is much later than the time stamps for the first two entries. In this case, no ACLs
denied packets for a very long time. In fact, since no ACLs denied packets during the five-minute interval
following the second entry, the software stopped the ACL log timer. The software generated the third entry as
soon as the ACL denied a packet. The software restarted the five-minute ACL log timer at the same time. As long
as at least one ACL entry permits or denies a packet, the timer continues to generate new log entries and SNMP
traps every five minutes.
USING THE WEB MANAGEMENT INTERFACE
1. Select the Show link to display the Show Statistics panel.
2. Select the System Log link.
Policy-Based Routing (PBR)
Policy-Based Routing (PBR) allows you to use ACLs and route maps to selectively modify and route IP packets
based on their source IP address.
NOTE: PBR is supported only on chassis Layer 3 Switches.
NOTE: Source routing occurs in the CPU, not in the ASICs. This is true for all devices that support PBR,
including devices using a Management I, II, III, or IV module.
You can configure the Layer 3 Switch to perform the following types of PBR based on a packet's Layer 3 and
Layer 4 information:
• Select the next-hop gateway. (See "Configuration Examples" on page 13-28 for a complete configuration
example.)
December 2000
I=informational N=notification W=warning
Using Access Control Lists (ACLs)
13 - 25