Cisco 350 Series Administration Manual page 618

22
398
• For Layer 4 packets the SYSLOG includes the information (if applicable): source port,
destination port, and TCP flag.
The following are examples of possible SYSLOGs:
• For a non-IP packet:
- 06-Jun-2013 09:49:56 %3SWCOS-I-LOGDENYMAC: gi0/1: deny ACE
00:00:00:00:00:01 -> ff:ff:ff:ff:ff:ff, Ethertype-2054, VLAN-20, CoS-4, trapped
• For an IP packet (v4 and v6):
- 06-Jun-2013 12:38:53 %3SWCOS-I-LOGDENYINET: gi0/1: deny ACE
IPv4(255) 1.1.1.1 -> 1.1.1.10, protocol-1, DSCP-54, ICMP Type-Echo Reply,
ICMP code-5 , trapped
• For an L4 packet:
- 06-Jun-2013 09:53:46 %3SWCOS-I-LOGDENYINETPORTS: gi0/1: deny ACE
IPv4(TCP) 1.1.1.1(55) -> 1.1.1.10(66), trapped
Configuring ACLs
This section describes how to create ACLs and add rules (ACEs) to them.
Creating ACLs Workflow
To create ACLs and associate them with an interface, perform the following:
1. Create one or more of the following types of ACLs:
a. MAC-based ACL by using the
b. IP-based ACL by using the
c. IPv6-based ACL by using the
2. Associate the ACL with interfaces by using the
(Port) page.
MAC-Based ACL
IPv4-based ACL
IPv6-Based ACL
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
page and the MAC-based ACE
page and the IPv4-Based ACE
page and the IPv6-Based ACE
ACL Binding (VLAN) or
Access Control
Overview
page
page
page
ACL Binding