Testing and troubleshooting acls, Enable ipv6 acl “deny” logging, Requirements for using ipv6 acl logging – HP 6200YL User Manual
Page 265: Enable ipv6 acl “deny” logging -89, Requirements for using ipv6 acl logging -89
IPv6 Access Control Lists (ACLs)
Testing and Troubleshooting ACLs
Testing and Troubleshooting ACLs
You can monitor ACL performance by using the “Deny” logging option (which
generates log messages when there is a “deny” ACE match) and the ACE
statistics counters (which maintain running totals of the packet matches on
each ACE in an ACL).
Enable IPv6 ACL “Deny” Logging
ACL logging enables the switch to generate a message when IP traffic meets
the criteria for a match with an ACE that results in an explicit “deny” action.
You can use ACL logging to help:
■
Test your network to help ensure that your ACL configuration is
detecting and denying the incoming IPv6 traffic you do not want to
enter the switch.
■
Receive notification when the switch denies inbound IPv6 traffic you
have designed your ACLs to reject (deny).
The switch sends ACL messages to Syslog and optionally to the current
console, Telnet, or SSH session. You can use
logging < > to configure up to six
Syslog server destinations.
Requirements for Using IPv6 ACL Logging
■
The switch configuration must include an ACL (1) assigned to a port,
trunk, or static VLAN interface and (2) containing an ACE configured
with the
deny action and the log option.
■
For IPv6 ACL logging to a Syslog server:
•
The server must be accessible to the switch and identified in the
running configuration.
•
The logging facility must be enabled for Syslog.
•
Debug must be configured to:
–
support ACL messages
–
send debug messages to the desired debug destination
These requirements are described in more detail under “Enabling ACL
Logging on the Switch” on page 8-90.
8-89