4 enabling acl logging, Enabling acl logging -14, Section 24.4, "enabling acl logging – Riverstone Networks WICT1-12 User Manual

Page 544

Advertising
background image

24-14 Riverstone Networks RS Switch Router User Guide Release 8.0

Enabling ACL Logging

Access Control List Configuration

The following command creates a Web caching policy that prevents packets matching Profile ACL prof4’s selection
criteria (that is, packets with a source address of 10.10.10.10 and a destination address of 1.2.3.4) from being redirected
to a cache server. Packets that match the profile’s selection criteria are sent to the Internet instead.

When the Web caching policy is applied to an interface (with the

web-cache apply interface

command), HTTP

traffic with a source address of 10.10.10.10 and a destination address of 1.2.3.4 goes to the Internet instead of to the
cache servers.

You can also use a Profile ACL to prevent certain Web objects from being cached. For example, you can specify that
information in packets originating from Internet site 1.2.3.4 and destined for local host 10.10.10.10 not be sent to the
cache servers. The following commands illustrate this example.

This command creates a Profile ACL called prof5 that uses as its selection criteria all packets with a source address of
1.2.3.4 and a destination address of 10.10.10.10:

To have packets matching Profile ACL prof5’s selection criteria bypass the cache servers, use the following command:

When the Web caching policy is applied to an interface, information in packets originating from source address 1.2.3.4
and destined for address 10.10.10.10 is not sent to the cache servers.

See

Section 22.2, "Web Caching,"

for more information on using the

web-cache

command.

24.4 ENABLING ACL LOGGING

To see whether incoming packets are permitted or denied because of an ACL, you can enable ACL logging. You can
enable logging when applying the ACL or you can enable logging for a specific ACL rule.

The following commands define an ACL and apply the ACL to an interface, with logging enabled for the ACL:

rs(config)#

web-cache policy1 deny hosts profile prof4

rs(config)#

acl prof5 permit ip 1.2.3.4 10.10.10.10

rs(config)#

web-cache policy1 create bypass-list profile prof5

acl 101 deny ip 10.2.0.0/16 any any any

acl 101 permit ip any any any any

acl 101 apply interface int1 input logging on

Advertising
Popular Brands
Popular manuals