Creating a MAC ACL rule enabled for logging

  1. Enter the configure terminal command to access global configuration mode. 
    device# configure terminal
  2. Enter the mac access-list command to create or modify an access list. 
    device(config)# mac access-list standard mac_1
  3. In each rule for which you need logging, include the log keyword. 
    device(conf-mac1-std)# seq 100 deny 0022.3333.4444 log
  4. If you have not yet applied the ACL to the appropriate interface, do so now.
    To enable logging for Layer 2 implicit deny rules, use the command implicit-deny-log l2acl.
    Note

    Note

    The implicit-deny-log l2acl is under acl-policy. After using implicit-deny-log l2acl, the user must rebind the L2 ACL to ensure the change takes effect.
  5. (Optional) To display ACL logs, enter the show access-list log buffer command.
9037786-00 Rev AA