Re: [c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

2009-05-31 Thread Matthew Huff
...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jon Lewis Sent: Friday, May 29, 2009 9:54 AM To: Seth Mattinen Cc: cisco-nsp Subject: Re: [c-nsp] No ACL egress logging on 3550s (12.2(44)SE3) On Thu, 7 May 2009, Jon Lewis wrote: I didn't think ACL logging worked in either direction

Re: [c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

2009-05-29 Thread Jon Lewis
On Thu, 7 May 2009, Jon Lewis wrote: I didn't think ACL logging worked in either direction on the 3550. I ran across something even more disturbing recently. A customer had an apparently compromised system found SSH scanning remote hosts. I put a simple ACL on the customer's layer 3 port

Re: [c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

2009-05-08 Thread Jeff Kell
Jon Lewis wrote: I didn't think ACL logging worked in either direction on the 3550. I ran across something even more disturbing recently. A customer had an apparently compromised system found SSH scanning remote hosts. I put a simple ACL on the customer's layer 3 port (i.e. no switchport,

Re: [c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

2009-05-08 Thread Adrian Chadd
On Fri, May 08, 2009, Jeff Kell wrote: Don't have this problem with 3560s and up, they behave as expected. (Just verified on a 3560 w/12.2(35)SE). Appears to be a 3550-thing. Maybe I just need a stimulus upgrade grant :-) Have you tried it on a 3550 running 12.2? Adrian

[c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

2009-05-07 Thread Jeff Kell
We have some 3550 EMIs that have some ACLs on their SVIs. I just ran across (through troubleshooting something else) a case where an access list with deny ... log is NOT being logged. I ran some other cases across the access list, with some additional logging, and I have been unable to get any

Re: [c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

2009-05-07 Thread Adrian Chadd
On Thu, May 07, 2009, Jeff Kell wrote: Bug or feature? From my POV, Feature. I've never had 100% reliable ACL logging on the Catalyst 3550 and thus don't rely on it. :) (It forwards packets good though!) Adrian ___ cisco-nsp mailing list

Re: [c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

2009-05-07 Thread Seth Mattinen
Jeff Kell wrote: We have some 3550 EMIs that have some ACLs on their SVIs. I just ran across (through troubleshooting something else) a case where an access list with deny ... log is NOT being logged. I ran some other cases across the access list, with some additional logging, and I have

Re: [c-nsp] No ACL egress logging on 3550s (12.2(44)SE3)

2009-05-07 Thread Jon Lewis
On Thu, 7 May 2009, Seth Mattinen wrote: Ingress logging works fine. Egress logging is nonexistent. Not just dropping the occasional ones, but entirely nonexistent. The egress filtering (by the ACL) works, it just doesn't log. I have known for some time that ACL counters are borked on most