These messages were created on a router configured for ip access-list log-update threshold 10 and ipv6 access-list log-update threshold 10 by a 15-packet IPv4 flow and a 15-packet IPv6 flow. The log messages in the following example illustrate the interaction of these functions. This configured threshold is applied per flow and does not disable the initial match log message or the five-minute periodic update. A user configurable, time-based threshold does not presently exist. This is in contrast to the periodic updates, which are sent every five minutes. These commands use a threshold described as a number of packets, not as a time interval. The ip access-list log-update threshold threshold-in-msgs and ipv6 access-list log-update threshold threshold-in-msgs commands can be used to configure how often syslog messages are generated and sent after the initial packet match. The list of IANA Assigned Internet Protocol Numbers is available at. The valid identifiers are shown in the following table. #Cisco mac address list code#For example, TCP and UDP have Layer 4 port information and ICMP has type and code information. This variation occurs because diverse types of network traffic have different characteristics. The message identifiers shown above, %SEC-6-IPACCESSLOGP and %IPV6-6-ACCESSLOGP, may vary as a result of the packets being reported. #Cisco mac address list mac#The following log entries are similar to those shown above however, they were created using the log-input option and contain the ingress interface and source MAC address information. Using the log-input ACE option causes additional information to be logged. In the following samples, the first log messages are representative of those created by an IPv4 ACL the second log messages are representative of those created by an IPv6 ACL. The samples below illustrate the initial message and periodic updates sent by an IOS device with a default configuration using the log ACE option. These periodic updates will contain the number of packets matched since the previous message. Similarly, if any log-enabled ACE in any ACL on any interface matches a packet within one second of the initial log message, the match or matches are counted for five minutes and then reported. If the log-enabled ACE matches another packet with identical characteristics to the packet that generated a log message, the number of packets matched is incremented and then reported at five-minute intervals. There are two scenarios in which subsequent log messages will not be sent immediately. ![]() ![]() The first packet logged via the log or log-input options will generate a syslog message. The log-input option enables logging of the ingress interface and source MAC address in addition to the packet's source and destination IP addresses and ports. The log and log-input options apply to an individual ACE and cause packets that match the ACE to be logged. Using the configuration commands detailed in this document, administrators can strike a balance between traffic visibility and the corresponding impact on device CPU load. There are two primary factors that contribute to the CPU load increase from ACL logging: process switching of packets that match log-enabled access control entries (ACEs) and the generation and transmission of log messages. Unfortunately, ACL logging can be CPU intensive and can negatively affect other functions of the network device. Logging-enabled access control lists (ACLs) provide insight into traffic as it traverses the network or is dropped by network devices. Limiting ACL Logging–Induced Process Switching The log and log-input Access Control Entry Options
0 Comments
Leave a Reply. |
AuthorAlhaji ArchivesCategories |