ACL 中log参数的使用

 

在cisco 中定义ACL中log参数的使用方法很简单,说的就是如果加入了log参数,那么符合规则的条目都会发送一条log信息,如果是相同的数据包,就会按照一定的时间间隔发送log,不可能每条都会发送,log的级别为information,

  但是我用cisco 3750 的user maual 上定义的操作,发送符合规则的数据包,始终不见log信息,不知道为什么,请高人指点:

这是cisco 3750上的说明和案例:

 

ACL Logging
Two variations of logging are supported on router ACLs. The log keyword sends an informational
logging message to the console about the packet that matches the entry; the log-input keyword includes
the input interface in the log entry.
In this example, standard named access list stan1 denies traffic from 10.1.1.0 0.0.0.255, allows traffic
from all other sources, and includes the log keyword.
Switch(config)# ip access-list standard stan1
Switch(config-std-nacl)# deny 10.1.1.0 0.0.0.255 log
Switch(config-std-nacl)# permit any log
Switch(config-std-nacl)# exit
Switch(config)# interface gigabitethernet1/0/1
Switch(config-if)# ip access-group stan1 in
Switch(config-if)# end
Switch# show logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 37 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 37 messages logged
    File logging: disabled
    Trap logging: level debugging, 39 message lines logged
Log Buffer (4096 bytes):
00:00:48: NTP: authentication delay calculation problems
<output truncated>
00:09:34:%SEC-6-IPACCESSLOGS:list stan1 permitted 0.0.0.0 1 packet
00:09:59:%SEC-6-IPACCESSLOGS:list stan1 denied 10.1.1.15 1 packet
00:10:11:%SEC-6-IPACCESSLOGS:list stan1 permitted 0.0.0.0 1 packet

 

在3750 上做的实验配置:

配置了一个ACL 并应用到接口f0/1

Switch#  show ip access-lists
Standard IP access list 1
    10 deny   any log
Standard IP access list stan1
    10 deny   10.1.1.0, wildcard bits 0.0.0.255 log
    20 permit any log

在接口1上发送匹配规则的数据包,并查看log信息:

Switch#show logg
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml enabled, filtering disabled)

No Active Message Discriminator.

 

No Inactive Message Discriminator.


    Console logging: level informational, 39 messages logged, xml enabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level informational, 39 messages logged, xml enabled (0 messages logged),
                     filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled

No active filter modules.

    Trap logging: level informational, 42 message lines logged
         
Log Buffer (4096 bytes):

log里面始终是空的,没有任何信息,ACL 已经真确的应用了,但是就是log信息没发送出来,请大家指点一下,那里配置错了?