beautypg.com

Enabling the log option on a filter, Enabling acl deny logging on an interface – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 108

background image

90

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Displaying Layer-2 ACLs

2

permit vlan 3000 ip any any

Syntax: [no] display-config-format

The [no] version of the display-config-format command will be present the show access-list
command in standard form.

There is an SNMP table that supports this command. Refer to the Unified IP MIB Reference for
more information.

Configuring ACL Deny Logging for Layer-2
inbound ACLs

Configuring ACL Deny Logging for Layer-2 ACLs requires the following:

Enabling the Log Option on a filter.

Enabling ACL Deny Logging on an Interface

Enabling the log option on a filter

ACL Logging of Layer-2 ACLs requires that you add the log option to an ACL statement as shown.

Brocade(config)#access-list 401 deny any any any log

The log option enables logging for the Layer-2 ACL being defined.

Enabling ACL Deny Logging on an interface

The mac access-group enable-deny-logging command must be configured as shown on each
interface that you want ACL Deny Logging for Layer-2 ACLs to function.

Brocade(config)# interface ethernet 5/1

Brocade(config-if-e1000-5/1)# mac access-group enable-deny-logging

Syntax: [no] mac access-group enable-deny-logging [hw-drop]

The hw-drop option specifies that Layer-2 ACL Log packets be dropped in hardware. This is
implemented to reduce the CPU load. In practice this means that the packet counts for denied
traffic will only account for the first packet in each time cycle. The no mac access-group
enable-deny-logging hw-drop command only removes the hw-drop keyword.

NOTE

Using this command, ACL logging can be enabled and disabled dynamically and does not require
you to rebind the ACLs using the ip rebind-acl command

NOTE

When configuring the mac access-group enable-deny-logging command on VPLS, VLL, and VLL-Local
endpoints, please refer to

“Configuration considerations for VPLS, VLL, and VLL-Local endpoints”

for

configuration guidelines.

See also other documents in the category Brocade Computer Accessories: