Wednesday, February 27, 2019

Logging Cisco extended acls port information

I have a cisco 3850 with two vlans and I have created two extended access-lists applied to these vlans. Each acl has a

  • 10 permit tcp any any log
  • 20 permit udp any any log
  • 30 permit ip any any log

When I type "show log" I see

VLANXXXX_IN permitted tcp 10.10.10.10(0) -> 11.11.11.11(0) , 1 packet

but I dont see any port info, all the lines of ip to ip communication have no ports, I wanted to turn on this type of acl to see the ports to create more granular access lists. I cant find anything on google/cisco to show me how to do this but im sure Ive done it before.



No comments:

Post a Comment