...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jon Lewis
Sent: Friday, May 29, 2009 9:54 AM
To: Seth Mattinen
Cc: cisco-nsp
Subject: Re: [c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)
On Thu, 7 May 2009, Jon Lewis wrote:
I didn't think ACL logging worked in either direction
On Thu, 7 May 2009, Jon Lewis wrote:
I didn't think ACL logging worked in either direction on the 3550. I ran
across something even more disturbing recently. A customer had an apparently
compromised system found SSH scanning remote hosts. I put a simple ACL on
the customer's layer 3 port
Jon Lewis wrote:
I didn't think ACL logging worked in either direction on the 3550. I
ran across something even more disturbing recently. A customer had an
apparently compromised system found SSH scanning remote hosts. I put
a simple ACL on the customer's layer 3 port (i.e. no switchport,
On Fri, May 08, 2009, Jeff Kell wrote:
Don't have this problem with 3560s and up, they behave as expected.
(Just verified on a 3560 w/12.2(35)SE). Appears to be a 3550-thing.
Maybe I just need a stimulus upgrade grant :-)
Have you tried it on a 3550 running 12.2?
Adrian
We have some 3550 EMIs that have some ACLs on their SVIs. I just ran
across (through troubleshooting something else) a case where an access
list with deny ... log is NOT being logged.
I ran some other cases across the access list, with some additional
logging, and I have been unable to get any
On Thu, May 07, 2009, Jeff Kell wrote:
Bug or feature?
From my POV, Feature. I've never had 100% reliable ACL logging on
the Catalyst 3550 and thus don't rely on it. :)
(It forwards packets good though!)
Adrian
___
cisco-nsp mailing list
Jeff Kell wrote:
We have some 3550 EMIs that have some ACLs on their SVIs. I just ran
across (through troubleshooting something else) a case where an access
list with deny ... log is NOT being logged.
I ran some other cases across the access list, with some additional
logging, and I have
On Thu, 7 May 2009, Seth Mattinen wrote:
Ingress logging works fine. Egress logging is nonexistent. Not just
dropping the occasional ones, but entirely nonexistent. The egress
filtering (by the ACL) works, it just doesn't log.
I have known for some time that ACL counters are borked on most