hit counter script

Configuring Vacl Logging - Cisco 7604 Configuration Manual

Ios software configuration guide
Hide thumbs Also See for 7604:
Table of Contents

Advertisement

Chapter 35
Configuring VLAN ACLs

Configuring VACL Logging

When you configure VACL logging, IP packets that are denied generate log messages in these situations:
Log messages are generated on a per-flow basis. A flow is defined as packets with the same IP addresses and
Layer 4 (UDP or TCP) port numbers. When a log message is generated, the timer and packet count is reset.
These restrictions apply to VACL logging:
To configure VACL logging, use the action drop log command action in VLAN access map submode
(see the
in global configuration mode to specify the global VACL logging parameters:
Command
Step 1
Router(config)# vlan access-log maxflow
max_number
Step 2
Router(config)# vlan access-log ratelimit pps
Step 3
Router(config)# vlan access-log threshold
pkt_count
Step 4
Router(config)# exit
Step 5
Router# show vlan access-log config
Step 6
Router# show vlan access-log flow protocol
{{ src_addr src_mask } | any | {host { hostname |
host_ip }}} {{ dst_addr dst_mask } | any | {host
{ hostname | host_ip }}}
[vlan vlan_id ]
Step 7
Router# show vlan access-log statistics
This example shows how to configure global VACL logging in hardware:
Router(config)# vlan access-log maxflow 800
Router(config)# vlan access-log ratelimit 2200
Router(config)# vlan access-log threshold 4000
OL-4266-08
When the first matching packet is received
For any matching packets received during the last 5-minute interval
If the threshold is reached before the 5-minute interval
Because of the rate-limiting function for redirected packets, VACL logging counters may not be
accurate.
Only denied IP packets are logged.
"Configuring VACLs" section on page 35-4
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
for configuration information) and perform this task
Purpose
Sets the log table size. The content of the log table can be
deleted by setting the maxflow number to 0. The default
is 500 with a valid range of 0 to 2048. When the log table
is full, logged packets from new flows are dropped by the
software.
Sets the maximum redirect VACL logging packet rate.
The default packet rate is 2000 packets per second with a
valid range of 0 to 5000. Packets exceeding the limit are
dropped by the hardware.
Sets the logging threshold. A logging message is generated
if the threshold for a flow is reached before the 5-minute
interval. By default, no threshold is set.
Exits VLAN access map configuration mode.
(Optional) Displays the configured VACL logging
properties.
(Optional) Displays the content of the VACL log table.
(Optional) Displays packet and message counts and other
statistics.
Configuring VACL Logging
35-11

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

761376067609-s7600 series

Table of Contents