Access Control Lists (ACLs) for the Series 3400cl and Series 6400cl Switches
Enable ACL “Deny” Logging
Figure 10-34. Commands for Applying an ACL with Logging to Figure 10-33
Operating Notes for ACL Logging
■ The ACL logging feature generates a message only when packets are
explicitly denied as the result of a match, and not when explicitly
permitted or implicitly denied. To help test ACL logging, configure an
ACL with an explicit deny any and log statements at the end of the list,
and apply the ACL to an appropriate interface.
■ Logging enables you to selectively test specific devices or groups.
However, excessive logging can affect switch performance. For this
reason, HP recommends that you remove the logging option from
ACEs for which you do not have a present need. Also, avoid config-
uring logging where it does not serve an immediate purpose. (Note
that ACL logging is not designed to function as an accounting
method.) See also "Apparent Failure To Log All "Deny" Matches" in
the section titled “ACL Problems”, found in appendix C, “Trouble-
shooting” of the Management and Configuration Guide for your
switch.
■ When configuring logging, you can reduce excessive use by config-
uring the appropriate ACEs to match with specific hosts instead of
entire subnets.
10-74
To Next Page
Loading...
Need help?
General