• Author : Sriharsha J

 
 

Egress ACL deny logging

Egress ACL deny logging on Arista DCS-7280E, DCS-7500 and DCS-7500E series switches allows the logging of the frames matching deny rules in egress ACLs. This behavior can be enabled by using the log keyword when configuring an ACL deny rule. Frames matching those ACL rules are sent to the control plane, where a syslog entry of the frame header is being generated. This feature can be used to troubleshoot egress ACL related issues. Configuration When configuring an ip access-list, a log keyword can be associated with a deny rule: lf123(config)##ip access-list test1 lf123(config-acl-test1)#permit ip 10.30.10.0/24 host 10.20.10.1 lf123(config-acl-test1)#deny ip host 10.10.10.1 host 10.20.10.1 log lf123(config-acl-test1)#permit ip...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: