Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

implicit-acl-logging

policy implicit-acl-logging—Log the headers of all packets that are dropped because they do not match a service configured with an allow-service command (on vEdge routers only). You can use these logs for security purposes, for example, to monitor the flows that are being directed to a WAN interface and to determine, in the case of a DDoS attack, which IP addresses to block.

When you enable implict ACL logging, by default, all dropped packets are logged. It is recommended that you limit the number of packets logged, by including the log-frequency command in the configuration. The default is to log every 512th packet.

vManage Feature Template 

For vEdge routers:

Configuration ► Policies ► Localized Policy

Command Hierarchy

policy
  implicit-acl-logging

Options

None

Example

Log implicitly configured packets, logging every 512th packet:

vEdge# show running-config policy 
policy
 log-frequency 1000
 implicit-acl-logging
 ...
!

Release Information

Command introduced in Viptela Software Release 16.3.​

Additional Information

See the Application-Aware Routing and Configuring Localized Data Policy articles for your software release.
allow-service
log-frequency

  • Was this article helpful?