I found the answer to question 2: "It's not usually a good idea to configure logging for access list entries that will match very large numbers of packets. Doing so will cause log files to grow excessively large, and may cut into system performance. However, access list log messages are rate-limited, so the impact is not catastrophic.
Access list logging can also be used to characterize traffic associated with network attacks, by logging the suspect traffic." http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080120f48.shtml#rec_acc Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66529&t=66520 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]