Overview

The debug acl command enables logging packets that match Access Control Entries (ACEs). The log configuration is persistent across system reboot. The logging-related commands in this section can be used to log things such as the IP addresses of ACL matches.

The minimum time between ACL match logs is 5 seconds per ACE (with a recommended interval of greater than 30 seconds). Once a packet matching a specific ACE is logged, subsequent packets matching the same ACE are not logged until the logging interval elapses.

Several commands are used to implement and work with this logging.