Enabling IPv6 ACL rules for logging

  1. Enter the configure command to access global configuration mode. 
    device# configure
  2. Enter the ipv6 access-list command to create or modify an access list. 
    device(config)# ipv6 access-list extended ipv6_acl_1
  3. For each ACL rule for which you need logging, include the log keyword. 
    device(conf-ip6acl-ext)# seq 20 deny ipv6 2002:2003:1234:1::/64 2001:3001:1234:1::/64 log
  4. Apply the ACL that you created to the appropriate interface.
  5. (Optional) To display ACL logs, enter the show access-list log buffer command. 
    device# show access-list-log buffer
Frames Logged on interface Eth 2/1 :  
------------------------------------ 
Frame Received Time  : Wed Apr 6 2016 8:15:4 
Ethernet,     SrcMAC : 00:24:38:9b:cf:21, DstMAC: 76:8e:f8:05:70:14
  Ethtype             : 0x86dd 

Protocol Type       : IPV6
SrcIP               : 26::1
DstIP               : 25::1
Interface           : Eth 1/16
Flow-ID             : 63800000
Payload Length      : 1c6
Nxt Header Type     : 6 (TCP)
Hop-Limit           : 63 

packet(s) repeated   : 11565
Ingress Deny Logged
----------------------------------------------------------------------------
Note

Note

If an ACL with rules that contain the log keyword is applied to the management interface, logs are not recorded for that ACL.
9037786-00 Rev AA