14 – Standard Access List 9,136 views

Posted by Mo7sin in Access List, CCNAX (200 - 120) On 26/01/2012 at 1:00 AM


Standard IP Access List Logging


Feature Summary

The Cisco IOS software can now provide logging messages about packets permitted or denied by a standard IP access list. That is, any packet that matches the access list will cause an informational logging message about the packet to be sent to the console. The level of messages logged to the console is controlled by the logging console command. This capability was previously only available in extended IP access lists.

The first packet that triggers the access list causes a logging message right away, and subsequent packets are collected over 5-minute intervals before they are displayed or logged. The logging message includes the access list number, whether the packet was permitted or denied, the source IP address of the packet, and the number of packets from that source permitted or denied in the prior 5-minute interval.

Benefits

You can monitor how many packets are being permitted or denied by a particular access list, including the source address of each packet.

Platforms

This feature is supported on all platforms.

Configuration Tasks

Perform one of the following tasks to receive logging messages about standard IP access lists. Choose the task you need, depending on whether you are using numbered or named access lists.

Create a Standard Access List Using Numbers

Create a Standard Access List Using Names

Regardless of whether you create a numbered or named access list, after you create an access list, you must apply it to either an interface or terminal line for it to be used. That task is described in the section “Apply the Access List to an Interface or Terminal Line” in the chapter “Configuring IP Services” in the Network Protocols Configuration Guide, Part 1.

Read more…


%d bloggers like this: