This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ACL not logging?

ACL not logging?

Anonymous
Not applicable

‎08-24-2015 05:58 AM

Have created a Policy file that has a explicit deny at the end. When I apply it traffic is being blocked that I don't wont.

In order to workout whats wrong I have changed the deny to permit, and added a log, mirror-cpu and count.

The count is increasing at a good rate but nothing is logging, but I can't see anything wrong with my configuration - The Vlan 'Accounts' uses subnet 10.10.10.0/24. I believe I could write the deny differently but omitting the source-address field or changing it to 0.0.0.0/0, but it makes no odds as the count is going up so something should be logging?

entry deny {
if {
source-address 10.10.10.0/24;
} then {
permit;
mirror-cpu;
log;
count dey;
}
}

configure log filter DefaultFilter add event kern.infoconfigure access-list Policy_Filename port 1:8 ingress

or

configure access-list Policy_Filename vlan Accounts ingressI have checked logging is on and working and set from the lowest level of 'warning'.

EXOS version 15.3.1.4 patch 1-3.

Switch: X460-48t

Any idea's what I might be doing wrong?

Thanks in advance

0 Kudos
6 REPLIES 6

Anonymous
Not applicable

‎08-24-2015 07:43 AM

Thanks for replying and excuse me if I have mis-understood, but I'm still not clear what I have done wrong? From what I can tell I am already doing all you have mentioned in the configuration supplied?

Are you able to give an example or detail exactly what I am missing?

Many thanks.

0 Kudos

Prashanth_KG
Extreme Employee

‎08-24-2015 07:18 AM

Hi Martin,

Only the packets that are hitting the CPU can be logged with the ACL modifier.

Snippet from the concepts guide under the ACL section.

Packets are logged only when they go to the CPU, so packets in the fastpath are not automaticallylogged. You must use both the mirror-cpu action modifier and the log or log-raw action modifier if you
want to log both slowpath and fastpath packets that match the ACL rule entry. Additionally, Kern.Info
messages (or Kern.Card.Info on SummitStack) are not logged by default. You must configure an EMS
filter to log these messages, for example, configure log filter DefaultFilter add
event kern.info. See the Status Monitoring and Statistics chapter for information about
configuring EMS.

So, if you want to see the packet which is getting denied, please try adding the mirror-cpu action modifier and then check! Hope this helps!
0 Kudos
GTM-P2G8KFN