Re: access-list logging rate-limited [7:66520]
Can't think of a reason why you would use the three lines. As far as I know (unless there are any little tricks or gotchas) this does make the first two redundant. Gareth Charlie Wehner wrote in message news:[EMAIL PROTECTED] Two quick questions: I've configured an access-list to only permit certain tcp and udp ports above 1024. At the end of the access-list I have the following commands: access-list 101 deny tcp any any log access-list 101 deny udp any any log access-list 101 deny ip any any log Question 1: Do I even need the deny tcp and deny udp statements since I also have a deny ip statement? Question 2: When I perform a port scan through the router it logs some of the events but it seems to miss the majority of them giving me the following error message: %SEC-6-IPACCESSLOGRL. access-list logging rate-limited or missed 142 packets Is access-list logging rate-limited by default? Is there anyway for me to ensure everything gets logged? I'm not sure if I understand? Thanks, Charlie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66675t=66520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access-list logging rate-limited [7:66520]
I found the answer to question 2: It's not usually a good idea to configure logging for access list entries that will match very large numbers of packets. Doing so will cause log files to grow excessively large, and may cut into system performance. However, access list log messages are rate-limited, so the impact is not catastrophic. Access list logging can also be used to characterize traffic associated with network attacks, by logging the suspect traffic. http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080120f48.shtml#rec_acc Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66529t=66520 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]