Support User Manuals

Dell FCX624-E Laptop User Manual

Open as PDF

of 1494

PowerConnect B-Series FCX Configuration Guide 571

53-1002266-01

Enabling ACL logging

16

• ACL logging is intended for debugging purposes. Dell recommends that you disable ACL logging

after the debug session is over.

Configuration Tasks

To enable ACL logging, complete the following steps:

1. Create ACL entries with the log option

2. Enable ACL logging on individual ports

NOTE

The command syntax for enabling ACL logging is different on IPv4 devices than on IPv6

devices. See the configuration examples in the next section.

3. Bind the ACLs to the ports on which ACL logging is enabled

Example Configuration

The following shows an example configuration on an IPv4 device.

PowerConnect(config)#access-list 1 deny host 209.157.22.26 log

PowerConnect(config)#access-list 1 deny 209.157.29.12 log

PowerConnect(config)#access-list 1 deny host IPHost1 log

PowerConnect(config)#access-list 1 permit any

PowerConnect(config)#interface e 1/4

PowerConnect(config-if-e1000-1/4)#ACL-logging

PowerConnect(config-if-e1000-1/4)#ip access-group 1 in

The above commands create ACL entries that include the log option, enable ACL logging on

interface e 1/4, then bind the ACL to interface e 1/4. Statistics for packets that match the deny

statements will be logged.

Syntax: ACL-logging

The ACL-logging command applies to IPv4 devices only. For IPv6 devices, use the logging-enable

command as shown in the following example.

The following shows an example configuration on an IPv6 device.

PowerConnect(config)#ipv6 acc ACL_log_v6

PowerConnect(config-ipv6-access-list ACL_log_v6)#logging-enable

PowerConnect(config-ipv6-access-list ACL_log_v6)# deny ipv6 host 2001::1 any log

PowerConnect(config-ipv6-access-list ACL_log_v6)#inter e 9/12

PowerConnect(config-if-e1000-9/12)#ipv6 traffic-filter ACL_log_v6 in

The above commands create ACL entries that include the log option, then bind the ACL to interface

e 9/12. Statistics for packets that match the deny statement will be logged.

Syntax: logging-enable

NOTE

The logging-enabled command applies to IPv6 devices only. For IPv4 devices, use the ACL-logging

command as shown in the previous example.

previous next