Cisco access list logging. Why is there a difference between IPv4 and IPv6?

Posted by growse on Server Fault See other posts from Server Fault or by growse
Published on 2012-06-19T19:47:52Z Indexed on 2012/06/19 21:18 UTC
Read the original article Hit count: 241

Filed under:
|
|

I've got a Cisco 877 router. I've got an IPv4 access list and an IPv6 access list set up and configured similar to this:

interface Dialer1
    ...
    ip access-group INTERET-IN
    ipv6 traffic-filter IPV6-IN

Each of these access lists has a final rule of deny ip/ipv6 any any log. However, in my syslog I notice that there's a difference in formatting between the two types of entries. IPv4 will say:

 %SEC-6-IPACCESSLOGP: list INTERNET-IN denied udp 88.89.209.63(137) -> 1.2.3.4(137), 1 packet

Whereas the IPv6 list will say

%IPV6_ACL-6-ACCESSLOGNP: list IPV6-IN/240 denied 59 2001:0:5EF5:79FD:14F9:B773:3EBA:3EE3 (Dialer1) -> 2001:800:1000:0::1, 8 packets

Both have broadly the same information, but the IPv6 log entry is missing the protocol type and port, both of which are very useful if I'm trying to troubleshoot connectivity.

Why is this? How do I get IPv6 deny logs to display the protocol and port used, if any?

© Server Fault or respective owner

Related posts about cisco

Related posts about logging