- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Tracking packets denied by a ACL posted 12/08/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Ok one difference

ip accounting access-violations
will log all violations on the complete access-list 
this can be viewed using 
sho ip accounting access-violations

whereas you could have an access-list 100 lines long but only want to log
violations for one line 
this is where you put log at the end of that line
access-list 123 deny icmp any any log


PS- thought of another one - first cant be timestamped second one can !

-----Original Message-----
From: ccie2be [mailto:ccie2be@xxxxxxxxxx]
Sent: 08 December 2004 13:02
To: Group Study
Subject: Tracking packets denied by a ACL

Hi guys,

I'm trying to figure out the difference between using the log keyword at the
end of an acl entry versus

using the interface command, ip accounting access-violations.

They both seem like they do pretty much the same thing, so I'm not that clear
on when I should use one versus the other.

If any of you have some ideas about this, I'd like to hear from you because
I'd hate to lose points on something like this in the lab.

Also, which method do people think is better for a production network?

TIA, Tim

Subscription information may be found at:

***********  Department of Agriculture and Food ***************

The information contained in this email and in any
attachments is confidential and is designated solely
for the attention and use of the intended recipient(s).
This information may be subject to legal and professional
privilege.  If you are not an intended recipient of
this email, you must not use, disclose, copy,
distribute or retain this message or any part of it.
If you have received this email in error, please
notify the sender immediately and delete all copies of
this email from your computer system(s).