This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ACL not logging?

ACL not logging?

Anonymous
Not applicable

‎08-24-2015 05:58 AM

Have created a Policy file that has a explicit deny at the end. When I apply it traffic is being blocked that I don't wont.

In order to workout whats wrong I have changed the deny to permit, and added a log, mirror-cpu and count.

The count is increasing at a good rate but nothing is logging, but I can't see anything wrong with my configuration - The Vlan 'Accounts' uses subnet 10.10.10.0/24. I believe I could write the deny differently but omitting the source-address field or changing it to 0.0.0.0/0, but it makes no odds as the count is going up so something should be logging?

entry deny {
if {
source-address 10.10.10.0/24;
} then {
permit;
mirror-cpu;
log;
count dey;
}
}

configure log filter DefaultFilter add event kern.infoconfigure access-list Policy_Filename port 1:8 ingress

or

configure access-list Policy_Filename vlan Accounts ingressI have checked logging is on and working and set from the lowest level of 'warning'.

EXOS version 15.3.1.4 patch 1-3.

Switch: X460-48t

Any idea's what I might be doing wrong?

Thanks in advance

0 Kudos
6 REPLIES 6

StephenW
Extreme Employee

‎08-24-2015 04:54 PM

Martin,

We had a KCS article, but it wasn't external facing yet so you would have never found it. I pushed it out the the public to help others in the future. Sorry for your troubles.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Capture-received-packets-using-an-A...

Thanks,

Stephen
0 Kudos

Prashanth_KG
Extreme Employee

‎08-24-2015 08:16 AM

Great! Suspected the same. Thanks for verifying and letting us know!!
0 Kudos

Anonymous
Not applicable

‎08-24-2015 08:02 AM

Ok, worked out the problem after you gave those commands. I noticed the entry for Kern was showing 'N' even though I had added it to the DefaultFilter.

The answer was that it should be kern.card.info, so the inclusion should be

configure log filter DefaultFilter add event kern.card.infoSo problem solved. Thanks very much for you help!

0 Kudos

Prashanth_KG
Extreme Employee

‎08-24-2015 07:51 AM

Hi Martin,

Thank you for the quick response. I overlooked the mirror-cpu action in your acl. Sorry about that.

Can you collect the following outputs:

show log counters kern occurred.
show configuration ems.

Thanks
0 Kudos
GTM-P2G8KFN