1. Home
  2. Cisco Systems
  3. Cisco 827 - logging on, but nothing being logged

Cisco 827 - logging on, but nothing being logged

I have an 827 installed at another location with the below partial config. When I send UDP & TCP Packets using a (FREE) tool to send UDP & TCP packets to a target (SimpleComTools.com), nothing registers in the log, I can see ICMP pings in the log, but nothing else in my inbound access list # 111 other than expected traffic which is being explicitly blocked & permitted. I'm sending traffic to the ports & protocols not explicitly listed in the access list, so I would expect it to fall to the bottom of the access list and be logged by the last

2 TCP & UDP permit lists. Even if I move the last permits to the top of the access list, I still don't see anything. The problem is that I have logging turned on, and nothing is being logged on the log.... see below... Access List111 is the Inbound Access List....

hostname 827 ! boot-start-marker boot-end-marker ! logging exception 16384 logging count logging buffered 65536 informational no logging rate-limit

access-list 111 deny udp any any range 1000 1050 access-list 111 deny udp any any range 135 netbios-ss access-list 111 deny tcp any any range 135 139 access-list 111 deny tcp any any range 1433 1434 access-list 111 deny udp any any eq 2 access-list 111 deny udp any 192.168.0.0 0.0.255.255 access-list 111 permit tcp any any gt 1 established access-list 111 permit tcp any any eq telnet log access-list 111 deny tcp any any eq www access-list 111 permit tcp any any eq 40019 access-list 111 deny tcp any 198.168.0.0 0.0.255.255 log-input access-list 111 deny udp any 198.168.0.0 0.0.255.255 log-input access-list 111 deny tcp any any eq 8080 access-list 111 permit tcp host 192.224.32.111 any access-list 111 permit udp host 192.224.32.111 any access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp 68.94.0.0 0.0.255.255 any access-list 111 permit icmp any any access-list 111 permit udp host 68.94.157.2 any access-list 111 permit udp host 68.94.156.1 any access-list 111 permit udp host 68.94.157.1 any access-list 111 permit udp host 68.94.156.2 any access-list 111 deny ip any any access-list 111 permit tcp any any log access-list 111 permit udp any any log

Anyone have any ideas ?

Reply to
aaa
Loading thread data ...

Did you notice the location of the 'deny ip any any' ACL Statement ?

Reply to
Martin Bilgrav

Yes... but I'm using the free tools (listed in the original post) to send udp & tcp traffic to this router, but absolutely nothing shows as being logged as a result of the traffic that I send. I put the access-list 111 deny ip any any at the end of the access-list so I would expect to see the permit traffic being logged, but I don't see anything. If I login at the console of the 827 and send traffic to another router (Cisco 1720) which is using the exact same access list, I can then see the udp & tcp traffic being logged on the 1720. Im using the same logging command commands & access lists on both routers. I can see the traffic being logged in the 1721, but not in the 827. Maybe I'll try to add the access lists one at a time and see where the traffic stops being logged in the 827.

Thanks for the reply. If any>Did you notice the location of the 'deny ip any any' ACL Statement ? >

Reply to
aaa

i must be missing your point ...

Your deny ip any is NOT at the end og the ACL ... right after the deny IP any , your "log" statements ACL line comes ... Remember its a top-down execution of the ACL statements, so when you hit deny, it exits the ACL, hence you NEVER reach to the permit .... log lines

Also : Where do you expect to se these logs ? I can not find and logging hosts statement in your cfg.

What statement do you expect to hit, and hence get a log ?

HTH Martin Bilgrav

Reply to
Martin Bilgrav

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.