PurposeCommand or Action
(Optional) Saves the change persistently through reboots
and restarts by copying the running configuration to the
startup configuration.
switch(config)# copy
running-config startup-config
Step 5
The following example show how to set the maximum number of log entries to 5000, the interval to 120
seconds, and the threshold to 500000:
switch# configure terminal
switch(config)# logging ip access-list cache entries 5000
switch(config)# logging ip access-list cache interval 120
switch(config)# logging ip access-list cache threshold 500000
switch(config)# copy running-config startup-config
Applying ACL Logging to an Interface
You can apply ACL logging to Ethernet interfaces and port channels.
Before You Begin
•
Create an ACL.
•
Create an IP access list with at least one access control entry (ACE) configured for logging.
•
Configure the ACL logging cache.
•
Configure the ACL log match level.
Procedure
PurposeCommand or Action
Enters global configuration mode.switch# configure terminal
Step 1
Specifies the Ethernet interface.switch(config)# interface ethernet
slot/port
Step 2
Attaches an ACL with a log to the specified interface.
ACL logging is enabled when the ACL is applied to
the interface on the hardware.
switch(config-if)# ip access-group
name in
Step 3
(Optional) Saves the change persistently through
reboots and restarts by copying the running
configuration to the startup configuration.
switch(config-if)# copy running-config
startup-config
Step 4
The following example shows how to apply the Ethernet interface with the logging specified in acl1 for all
ingress traffic:
switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# ip access-group acl1 in
switch(config-if)# copy running-config startup-config
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
93
Configuring IP ACLs
Applying ACL Logging to an Interface
To Next Page
Loading...
