Guest

Preview Tool

Cisco Bug: CSCvj03121 - ACL logging does not work for permit RACL

Last Modified

Apr 22, 2018

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases

7.0(3)I4(7)

Description (partial)

Symptom:
Do not see the ACL permit statements destined the box being logged in the syslogs.

Conditions:
configure ACL permit statement destined the the box either ICMP or something.

Basic config
----------------

-------

logging level acllog 5
logging ip access-list detailed
logging logfile testlog 5
acllog match-log-level 5


interface Vlan10
  description testing
  no shutdown
  ip access-group TEST in
  ip address 1.1.1.1/24

interface Ethernet1/1
  switchport
  switchport mode trunk
  no shutdown

513E.C.11-C92160YC-X-1# sh ip access-lists TEST

IP access list TEST
        statistics per-entry
        10 deny icmp any any log [match=10]
        20 permit ip any any [match=0]

Although we see the match for the icmp traffic and we have the "log" keyword, we dont see the ACL being logged in the syslogs.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.