© Copyright Lenovo 2016 Chapter 7: Access Control Lists 131ACL LoggingACLs are generally used to enhance port security. Traffic that matches thecharacteristics (source addresses, destination addresses, packet type, etc.) specifiedby the ACLs on specific ports is subject to the actions (chiefly permit or deny)defined by those ACLs. Although switch statistics show the number of timesparticular ACLs are matched, the ACL logging feature can provide additionalinsight into actual traffic patterns on the switch, providing packet details in thesystem log for network debugging or security purposes.Enabling ACL LoggingBy default, ACL logging is disabled. Enable or disable ACL logging on a per‐ACLbasis as follows:Logged InformationWhen ACL logging is enabled on any particular ACL, the switch will collectinformation about packets that match the ACL. The information collected dependson the ACL type: For IP‐based ACLs, information is collected regarding Source IP address Destination IP address TCP/UDP port number ACL action Number of packets loggedFor example:Sep 27 4:20:28 DUT3 NOTICE ACL LOG: %IP ACCESS LOG: listACL IP 12 IN denied tcp 1.1.1.1 (0) > 200.0.1.2 (0), 150packets. For MAC‐based ACLs, information is collected regarding Source MAC address Source IP address Destination IP address TCP/UDP port number ACL action Number of packets loggedFor example:Sep 27 4:25:38 DUT3 NOTICE ACL LOG: %MAC ACCESS LOG: listACL MAC 12 IN permitted tcp 1.1.1.2 (0) (12,00:ff:d7:66:74:62) > 200.0.1.2 (0) (00:18:73:ee:a7:c6), 32packets.RS G8264(config)# [no] access control list ACL number> logRS G8264(config)# [no] access control list6 ACL number> log
