Creating a MAC ACL rule enabled for logging

When you create ACL rules for which you want to enable logging, you must include the log keyword.

  1. Enter the configure terminal command to access global configuration mode. 
    device# configure terminal
  2. Enter the mac access-list command to create or modify an access list. 
    device(config)# mac access-list standard mac_1
  3. In each rule for which you need logging, include the log keyword. 
    device(conf-mac1-std)# seq 100 deny 0022.3333.4444 log
  4. If you have not yet applied the ACL to the appropriate interface, do so now.
    To enable logging for Layer 2 implicit deny rules, use the command implicit-deny-log l2acl.
    Note

    Note

    The implicit-deny-log l2acl is under acl-policy. After using implicit-deny-log l2acl, the user must rebind the L2 ACL to ensure the change takes effect.
  5. (Optional) To display ACL logs, enter the show access-list log buffer command.
9036684-01 Rev AA