HPE Aruba Networking & ProVision-based
1832592 Members
2370 Online
110043 Solutions
New Discussion

5400ZL, ACL logging..

 
SOLVED
Go to solution
Rubzter
Occasional Contributor

5400ZL, ACL logging..

Hi...

 

Im trying to figure out how the ACL logging works on a 5400Zl we've got for testing.
It seems that this switch has an old firmware running (K.14.41), which might be the issue but I really don't know.

 

All I want to do is to log the deny statements in a simple ACl Ive created as a test.
In this test I simply want it to log to buffer..


ip access-list extended "KRU"
10 permit ip 172.31.100.0 0.0.0.255 192.168.131.20 0.0.0.0
20 permit udp 172.31.100.0 0.0.0.255 10.60.10.30 0.0.0.0 eq 53
30 permit udp 172.31.100.0 0.0.0.255 10.60.10.40 0.0.0.0 eq 53
40 permit tcp 172.31.100.0 0.0.0.255 10.60.0.0 0.0.255.255 established
50 permit tcp 172.31.100.0 0.0.0.255 192.168.131.0 0.0.0.255 established
60 permit icmp 172.31.100.0 0.0.0.255 10.60.0.0 0.0.255.255 0
70 permit icmp 172.31.100.0 0.0.0.255 192.168.131.0 0.0.0.255 0
80 deny ip 172.31.100.0 0.0.0.255 10.60.0.0 0.0.255.255 log
90 deny ip 172.31.100.0 0.0.0.255 192.168.131.0 0.0.0.255 log

 

vlan 250
name "VLAN250"
untagged B12
ip address 172.31.100.1 255.255.255.0
ip access-group "KRU" in

 

show debug

 

Debug Logging

Source IP Selection: Outgoing Interface
Destination:
Memory buffer

Enabled debug types:
acl log

 

The ACL itself works fine, but nothing is being logged when I hit the deny rules..

 

Am I missing something?


Thanks in advance..

/Kim Rubeck

2 REPLIES 2
MaZ
Advisor
Solution

Re: 5400ZL, ACL logging..

Hi,

 

I thinks that your config is OK.

 

You should upgrade your 5400zl in the latest official public release (K.15.06.0008).

 

This bug seem to be corrected on K.14.63 : CLI (PR_0000050554)— The debug acl command is not available.

 

Kind regards,

Rubzter
Occasional Contributor

Re: 5400ZL, ACL logging..

Thanks alot, MaZ.. :-)

Upgrade it is then.... 

 

/Kim Rubeck