34-9
Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide
OL-13270-01
Chapter34 Configuring Network Securi ty with ACLs Configuring IPv4 ACLs
Note In addition to numbered standard and extended ACL s, yo u can also cr eat e stand ard a nd e xt ende d nam ed
IP ACLs by using the supported numbers. That is, the name of a standard I P ACL can be 1 t o 99; the
name of an extended IP ACL can be 100 to 199. The advantage of using na med ACLs instea d of
numbered lists is that you can delete individual entries from a namedlist.
ACL Logging
The switch software can provide logging messages about packets permitted or denied by a standard IP
access list. That is, any packet that matches the ACL causes an inform ational l ogging messa ge abo ut the
packet to be sent to the console. The level of messages logged to the console is controlled by the logging
console commands controlling the syslog messages.
Note Because routing is done in hardware and logging is done in software, if a large number of packet s match
a permit or deny ACE containing a log keyword, the software might not be able to match the hardware
processing rate, and not all packets will be logged.
The first packet that triggers the ACL causes a logging message right away, and subsequent packets are
collected over 5-minute intervals before they appear or logged. The logging message includes the a ccess
list number, whether the packet was permitted or denied, the source IP address of the packet, and the
number of packets from that source permitted or denied in the pri or 5- mi nut e i nter val.
1200–1299 IPX summary address access list No
1300–1999 IP standard access list (expanded range) Yes
2000–2699 IP extended access list (expanded range) Yes
Table34-1 Access List Numbers (continued)
Access List Number Type Supported