Enabling IPv6 ACL rules for logging

When you create ACL rules for which you want to enable logging, you must include the log parameter.

  1. Enter the configure command to access global configuration mode. 
    device# configure
  2. Enter the ipv6 access-list command to create or modify an access list. 
    device(config)# ipv6 access-list extended ipv6_acl_1
  3. For each ACL rule for which you need logging, include the log keyword. 
    device(conf-ip6acl-ext)# seq 20 deny ipv6 2002:2003:1234:1::/64 2001:3001:1234:1::/64 log
  4. Apply the ACL that you created to the appropriate interface.
  5. (Optional) To display ACL logs, enter the show access-list log buffer command. 
    device# show access-list-log buffer
Frames Logged on interface Eth 2/1 :  
------------------------------------ 
Frame Received Time  : Wed Apr 6 2016 8:15:4 
Ethernet,     SrcMAC : 00:24:38:9b:cf:21, DstMAC: 76:8e:f8:05:70:14
  Ethtype             : 0x86dd 

Protocol Type       : IPV6
SrcIP               : 26::1
DstIP               : 25::1
Interface           : Eth 1/16
Flow-ID             : 63800000
Payload Length      : 1c6
Nxt Header Type     : 6 (TCP)
Hop-Limit           : 63 

packet(s) repeated   : 11565
Ingress Deny Logged
----------------------------------------------------------------------------
Note

Note

If an ACL with rules that contain the log keyword is applied to the management interface, logs are not recorded for that ACL.
9036684-01 Rev AA