HPE Community
HPE Aruba Networking & ProVision-based
1832592 Members
2370 Online
110043 Solutions
New Discussion

5400ZL, ACL logging..

 
SOLVED
Go to solution
Rubzter
Occasional Contributor

‎01-02-2012 04:03 AM

‎01-02-2012 04:03 AM

5400ZL, ACL logging..

Hi...

 

Im trying to figure out how the ACL logging works on a 5400Zl we've got for testing.
It seems that this switch has an old firmware running (K.14.41), which might be the issue but I really don't know.

 

All I want to do is to log the deny statements in a simple ACl Ive created as a test.
In this test I simply want it to log to buffer..


ip access-list extended "KRU"
10 permit ip 172.31.100.0 0.0.0.255 192.168.131.20 0.0.0.0
20 permit udp 172.31.100.0 0.0.0.255 10.60.10.30 0.0.0.0 eq 53
30 permit udp 172.31.100.0 0.0.0.255 10.60.10.40 0.0.0.0 eq 53
40 permit tcp 172.31.100.0 0.0.0.255 10.60.0.0 0.0.255.255 established
50 permit tcp 172.31.100.0 0.0.0.255 192.168.131.0 0.0.0.255 established
60 permit icmp 172.31.100.0 0.0.0.255 10.60.0.0 0.0.255.255 0
70 permit icmp 172.31.100.0 0.0.0.255 192.168.131.0 0.0.0.255 0
80 deny ip 172.31.100.0 0.0.0.255 10.60.0.0 0.0.255.255 log
90 deny ip 172.31.100.0 0.0.0.255 192.168.131.0 0.0.0.255 log

 

vlan 250
name "VLAN250"
untagged B12
ip address 172.31.100.1 255.255.255.0
ip access-group "KRU" in

 

show debug

 

Debug Logging

Source IP Selection: Outgoing Interface
Destination:
Memory buffer

Enabled debug types:
acl log

 

The ACL itself works fine, but nothing is being logged when I hit the deny rules..

 

Am I missing something?


Thanks in advance..

/Kim Rubeck

0 Kudos
2 REPLIES 2
MaZ
Advisor

‎01-03-2012 09:04 AM

‎01-03-2012 09:04 AM

Solution

Re: 5400ZL, ACL logging..

Hi,

 

I thinks that your config is OK.

 

You should upgrade your 5400zl in the latest official public release (K.15.06.0008).

 

This bug seem to be corrected on K.14.63 : CLI (PR_0000050554)— The debug acl command is not available.

 

Kind regards,

0 Kudos
Rubzter
Occasional Contributor

‎01-03-2012 11:45 PM

‎01-03-2012 11:45 PM

Re: 5400ZL, ACL logging..

Thanks alot, MaZ.. :-)

Upgrade it is then.... 

 

/Kim Rubeck

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.