Have created an ACL policy and applied to a vlan on Egress. I know you can log to mirror-cpu on ingress but not egress, but I need away to find out what is causing problems.
My ACL is written in the format of permits and an explict deny at the end.
In order to stop my ACL killing service I have changed the explict deny at the end to a explict permit, and configured a count.
I can see the count racking up, which it shouldn't as I am really only denying on a security beach.
Perhaps the only method is to run a packet capture and just workout what traffic I've missed, of course logging the deny's on the rule would be a lot easier by far.
Thanks in advance.