Two quick questions: I've configured an access-list to only permit certain tcp and udp ports above 1024. At the end of the access-list I have the following commands:
access-list 101 deny tcp any any log access-list 101 deny udp any any log access-list 101 deny ip any any log Question 1: Do I even need the "deny tcp" and "deny udp" statements since I also have a deny ip statement? Question 2: When I perform a port scan through the router it logs some of the events but it seems to miss the majority of them giving me the following error message: "%SEC-6-IPACCESSLOGRL. access-list logging rate-limited or missed 142 packets" Is access-list logging rate-limited by default? Is there anyway for me to ensure everything gets logged? I'm not sure if I understand? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66520&t=66520 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
