(Optional) Specifies that packets matching this
configuration be logged.
log
Command Default
None
Command Modes
role-based access control list
Command History
ModificationRelease
The log keyword was added to support the enabling of role-based access
control list (RBACL) logging.
5.0(2)
This command was introduced.4.0(1)
Usage Guidelines
To use this command, you must enable the Cisco TrustSec feature using the feature cts command.
To enable RBACL logging, you must enable RBACL policy enforcement on the VLAN and VRF.
To enable RBACL logging, you must set the logging level of ACLLOG syslogs to 6 and the logging level of
CTS manager syslogs to 5.
This command requires the Advanced Services license.
Examples
This example shows how to add a deny action to an SGACL and enable RBACL logging:
switch# configure terminal
switch(config)# cts role-based access-list MySGACL
switch(config-rbacl)# deny icmp log
This example shows how to remove a deny action from an SGACL:
switch# configure terminal
switch(config)# cts role-based access-list MySGACL
switch(config-rbacl)# no deny icmp log
Related Commands
DescriptionCommand
Configures Cisco TrustSec SGACLs.cts role-based access-list
Enables the Cisco TrustSec feature.feature cts
Displays the Cisco TrustSec SGACL configuration.show cts role-based access-list
Cisco Nexus 7000 Series Security Command Reference
263
D Commands
deny (role-based access control list)
To Next Page
Loading...
