Requirements for using ACL logging

• The switch configuration must include an ACL assigned to a port, trunk, or static VLAN interface. This ACL must contain an ACE configured with the deny action and the log option.

• If the RACL application is used, then IPv4 routing must be enabled on the switch.

• For ACL logging to a Syslog server:

  • The server must be accessible to the switch and identified in the running configuration.

  • The logging facility must be enabled for Syslog.

  • Debug must be configured to:

    • support ACL messages

    • send debug messages to the desired debug destination

These requirements are described in more detail under Enabling ACL logging on the switch.