Enabling the new logging method, Specifying the wait time, Modifying acls – Brocade BigIron RX Series Configuration Guide User Manual

Page 705: Enabling the, New logging method

Advertising
background image

BigIron RX Series Configuration Guide

627

53-1002484-04

Modifying ACLs

22

sent to the CPU for logging. Then for a certain period of time, the next packets that match the deny
condition are dropped in hardware; no other Syslog message is written for any denied packet
during this time. Once this wait time expires, a Syslog message is written if the device receives
another packet that matches the deny condition and the whole cycle is repeated.

NOTE

BigIron RX does not support permit logging.

NOTE

Logging is not currently supported on management interfaces.

Enabling the new logging method

There are no new CLI commands to enable this new processing method; it takes effect
automatically if the following items have been configured:

Syslog logging is enabled.

BigIron RX(config)#logging on

Add the log option to an ACL statement as in the following example.

BigIron RX(config)#access-list 400 deny any any log-enabled

or

BigIron RX(config)#ip access-list standard hello

BigIron RX(config-std-nacl)#deny any log

Enable the ip access-group enable-deny-logging command on an interface. If this command is
not enabled, packets denied by ACLs are not logged.

BigIron RX(config)#interface ethernet 5/1

BigIron RX(config-if-e1000-5/1)#ip access-group enable-deny-logging

Syntax: ip access-group enable-deny-logging

Specifying the wait time

You can specify how long the system waits before it sends a message in the Syslog by entering a
command such as the following.

BigIron RX(config)# ip access-list logging-age 2

Syntax: ip access-list logging-age <minutes>

Enter 1 – 10 minutes. The default is 5 minutes.

Modifying ACLs

When you configure any ACL, the software places the ACL entries in the ACL in the order you enter
them. For example, if you enter the following entries in the order shown below, the software always
applies the entries to traffic in the same order.

BigIron RX(config)#access-list 1 deny 209.157.22.0/24

BigIron RX(config)#access-list 1 permit 209.157.22.26

Advertising
Popular Brands
Popular manuals