HP 6308M-SX, 9304M, 9308M 79

Installation and Getting Started Guide

To display Syslog entries, use one of the following methods.

USING THE CLI

Enter the following command from any CLI prompt:

HP9300(config)# show log


Syslog logging: enabled			(0 messages	dropped, 0	flushes, 0 overruns)
B	uffer logging: level ACDMEINW,			38 messages logged
l	evel code: A=alert		C=critical D=debugging		M=emergency E=error
	I=inf	ormational N=notification			W=warning

Log Buffer (50 entries):

21d07h02m40s:warning:list 101 denied tcp 209.157.22.191(0)(Ethernet 4/18 0010.5a1f.77ed) -> 198.99.4.69(http), 2 packets

00d07h03m30s:warning:list 101 denied tcp 209.157.22.26(0)(Ethernet 4/18 0010.5a1f.77ed) -> 198.99.4.69(http), 2 packets

00d06h58m30s:warning:list 101 denied tcp 209.157.22.198(0)(Ethernet 4/18 0010.5a1f.77ed) -> 198.99.4.69(http), 1 packets

In this example, the two-line message at the bottom is the first entry, which the software immediately generates the first time an ACL entry permits or denies a packet. In this case, an entry in ACL 101 denied a packet. The packet was a TCP packet from host 209.157.22.198 and was destined for TCP port 80 (HTTP) on host 198.99.4.69.

When the software places the first entry in the log, the software also starts the five-minute timer for subsequent log entries. Thus, five minutes after the first log entry, the software generates another log entry and SNMP trap for denied packets.

In this example, the software generates the second log entry five minutes later. The second entry indicates that the same ACL denied two packets.

The time stamp for the third entry is much later than the time stamps for the first two entries. In this case, no ACLs denied packets for a very long time. In fact, since no ACLs denied packets during the five-minute interval following the second entry, the software stopped the ACL log timer. The software generated the third entry as soon as the ACL denied a packet. The software restarted the five-minute ACL log timer at the same time. As long as at least one ACL entry permits or denies a packet, the timer continues to generate new log entries and SNMP traps every five minutes.

USING THE WEB MANAGEMENT INTERFACE

1.Select the Show link to display the Show Statistics panel.

2.Select the System Log link.

Policy-Based Routing (PBR)

Policy-Based Routing (PBR) allows you to use ACLs and route maps to selectively modify and route IP packets based on their source IP address.

NOTE: PBR is supported only on chassis routing switches.

NOTE: Source routing occurs in the CPU, not in the ASICs.

You can configure the routing switch to perform the following types of PBR based on a packet’s Layer 3 and Layer

4information:

•Select the next-hop gateway. (See “Configuration Examples” on page 3-27for a complete configuration example.)

3 - 24