Enabling strict, Control of acl filtering of fragmented packets, Displaying acl log entries – Brocade TurboIron 24X Series Configuration Guide User Manual

Brocade TurboIron 24X Series Configuration Guide

919

53-1003053-01

Enabling strict control of ACL filtering of fragmented packets

Displaying ACL Log Entries

The first time an entry in an ACL permits or denies a packet and logging is enabled for that entry,
the software generates a Syslog message and an SNMP trap. Messages for packets permitted or
denied by ACLs are at the warning level of the Syslog.

When the first Syslog entry for a packet permitted or denied by an ACL is generated, the software
starts an ACL timer. After this, the software sends Syslog messages every five minutes. If an ACL
entry does not permit or deny any packets during the timer interval, the software does not generate
a Syslog entry for that ACL entry.

NOTE

For an ACL entry to be eligible to generate a Syslog entry for denied packets, logging must be
enabled for the entry. The Syslog contains entries only for the ACL entries that deny packets and
have logging enabled.

To display Syslog entries, enter the following command from any CLI prompt:

Syntax: show log

Enabling strict control of ACL filtering of fragmented packets

The default processing of fragments by hardware-based ACLs is as follows:

•

The first fragment of a packet is permitted or denied using the ACLs. The first fragment is
handled the same way as non-fragmented packets, since the first fragment contains the Layer
4 source and destination application port numbers. The device uses the Layer 4 CAM entry if
one is programmed, or applies the interface's ACL entries to the packet and permits or denies
the packet according to the first matching ACL.

•

For other fragments of the same packet, they are subject to a rule only if there is no Layer 4
information in the rule or in any preceding rules.

TurboIron#show log

Syslog logging: enabled (0 messages dropped, 2 flushes, 0 overruns)

Buffer logging: level ACDMEINW, 9 messages logged

level code: A=alert C=critical D=debugging M=emergency E=error

I=informational N=notification W=warning

Dynamic Log Buffer (50 lines):

0d00h12m18s:W:ACL: ACL: List 122 denied tcp 10.20.15.6(0)(Ethernet 4

0000.0004.0101) -> 10.20.18.6(0), 1 event(s)

0d00h12m18s:W:ACL: ACL: List 122 denied tcp 10.20.15.2(0)(Ethernet 4

0000.0004.0101) -> 10.20.18.2(0), 1 event(s)

0d00h12m18s:W:ACL: ACL: List 122 denied tcp 10.20.15.4(0)(Ethernet 4

0000.0004.0101) -> 10.20.18.4(0), 1 event(s)

0d00h12m18s:W:ACL: ACL: List 122 denied tcp 10.20.15.3(0)(Ethernet 4

0000.0004.0101) -> 10.20.18.3(0), 1 event(s)

0d00h12m18s:W:ACL: ACL: List 122 denied tcp 10.20.15.5(0)(Ethernet 4

0000.0004.0101) -> 10.20.18.5(0), 1 event(s)

0d00h12m18s:I:ACL: 122 applied to port 4 by from console session

0d00h10m12s:I:ACL: 122 removed from port 4 by from console session

0d00h09m56s:I:ACL: 122 removed from port 4 by from console session

0d00h09m38s:I:ACL: 122 removed from port 4 by from console session