Logging ACLs

When working with any kind of ACL, consider the fact that a router or switch can provide logging messages about packets that are permitted or denied by the ACL. This logging could provide you with invaluable information when you are trying to determine what happened or if you are trying to get real-time alerts about what is currently happening on your network.

When using logging, because routing is done in hardware and logging is done in software, if a large number of packets match a permit or deny ACE that contains a log keyword, the software might not be able to match the hardware processing rate, and not all packets will be logged. The first packet that triggers the ACL causes a message to be logged immediately, while subsequent ...

Get CCIE Practical Studies: Security (CCIE Self-Study) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.