Administrator Guide
Usage Information
When the congured maximum threshold is exceeded, generation of logs is stopped. When the interval at which
ACL logs are congured to be recorded expires, the subsequent, fresh interval timer is started and the packet
count for that new interval commences from zero. If ACL logging was stopped previously because the congured
threshold is exceeded, it is re-enabled for this new interval.
If ACL logging is stopped because the congured threshold is exceeded, it is re-enabled after the logging interval
period elapses. ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and MAC ACLs. You
can congure ACL logging only on ACLs that are applied to ingress interfaces; you cannot enable logging for ACLs
that are associated with egress interfaces.
You can activate ow-based monitoring for a monitoring session by entering the ow-based enable command in
the Monitor Session mode. When you enable this capability, trac with particular ows that are traversing through
the ingress and egress interfaces are examined and, appropriate ACLs can be applied in both the ingress and
egress direction. Flow-based monitoring conserves bandwidth by monitoring only specied trac instead all trac
on the interface. This feature is particularly useful when looking for malicious trac. It is available for Layer 2 and
Layer 3 ingress and egress trac. You may specify trac using standard or extended access-lists. This mechanism
copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port
is the monitored port (MD) and the destination port is the monitoring port (MG).
322 Access Control Lists (ACL)