ACL 中的 log參數的使用

                  ACL 中log參數的使用

在cisco 中定義ACL中log參數的使用方法很簡單，說的就是如果加入了log參數，那麼符合規則的條目都會發送一條log資訊，如果是相同的資料包，就會按照一定的時間間隔發送log，不可能每條都會發送，log的級别為information，

  但是我用cisco 3750 的user maual 上定義的操作，發送符合規則的資料包，始終不見log資訊，不知道為什麼，請高人指點：

這是cisco 3750上的說明和案例：

ACL Logging

Two variations of logging are supported on router ACLs. The log keyword sends an informational 

logging message to the console about the packet that matches the entry; the log-input keyword includes 

the input interface in the log entry.

In this example, standard named access list stan1 denies traffic from 10.1.1.0 0.0.0.255, allows traffic 

from all other sources, and includes the log keyword.

Switch(config)# ip access-list standard stan1

Switch(config-std-nacl)# deny 10.1.1.0 0.0.0.255 log

Switch(config-std-nacl)# permit any log

Switch(config-std-nacl)# exit

Switch(config)# interface gigabitethernet1/0/1

Switch(config-if)# ip access-group stan1 in

Switch(config-if)# end

Switch# show logging

Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)

    Console logging: level debugging, 37 messages logged

    Monitor logging: level debugging, 0 messages logged

    Buffer logging: level debugging, 37 messages logged

    File logging: disabled

    Trap logging: level debugging, 39 message lines logged

Log Buffer (4096 bytes):

00:00:48: NTP: authentication delay calculation problems

<output truncated>

00:09:34:%SEC-6-IPACCESSLOGS:list stan1 permitted 0.0.0.0 1 packet

00:09:59:%SEC-6-IPACCESSLOGS:list stan1 denied 10.1.1.15 1 packet

00:10:11:%SEC-6-IPACCESSLOGS:list stan1 permitted 0.0.0.0 1 packet

在3750 上做的實驗配置：

配置了一個ACL 并應用到接口f0/1

Switch#  show ip access-lists 

Standard IP access list 1

    10 deny   any log

Standard IP access list stan1

    10 deny   10.1.1.0, wildcard bits 0.0.0.255 log

    20 permit any log

在接口1上發送比對規則的資料包，并檢視log資訊：

Switch#show logg 

Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml enabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

    Console logging: level informational, 39 messages logged, xml enabled,

                     filtering disabled

    Monitor logging: level debugging, 0 messages logged, xml disabled,

    Buffer logging:  level informational, 39 messages logged, xml enabled (0 messages logged),

    Exception Logging: size (4096 bytes)

    Count and timestamp logging messages: disabled

    Persistent logging: disabled

No active filter modules.

    Trap logging: level informational, 42 message lines logged

log裡面始終是空的，沒有任何資訊,ACL 已經真确的應用了，但是就是log資訊沒發送出來，請大家指點一下，那裡配置錯了？

本文轉自 帥楓小明 51CTO部落格，原文連結：http://blog.51cto.com/576642026/810082，如需轉載請自行聯系原作者