Robert Juric

Brocade MLX ACL Deny Logging

I just spent 3 hours troubleshooting an ACL, well let me restate… I just spent 3 hours TRYING to troubleshoot an ACL on a Brocade MLX. My ACL had a deny ip any any log at the end. However, the logs were not showing anything, nothing, ‘ACL Applied…ACL Removed…’. Very frustrating.

Anyway, after much Googling, deep in some obscure documentation I found out that there is a separate command which must be applied to the interface to enable the logging (which was already enabled in the ACL).

ip access-group 199 in
ip access-group enable-deny-logging

Some things that ‘just work’ on Cisco really make me scratch my head when working on Brocade equipment. Lesson learned, let’s move on. Maybe this post and the tags will help some future Googler.

2 comments for “Brocade MLX ACL Deny Logging

  1. Martin2341
    April 24, 2014 at 4:25 pm

    Thank you for taking the time to write and post this. I was sorry to read that you had a hard time finding it in the documentation. I was wondering if you wouldn’t mind sharing where you thought it should have been. Maybe I can request a reference be added there.

  2. Robert
    April 25, 2014 at 4:56 am

    I guess it wasn’t that I had a hard time finding it in the documentation, but the fact that I had to look in the documentation for a simple ACL config. When I fed Google the correct search term I finally found it.

    At first I thought the logging level was set incorrectly on the device so I spent some time researching that. I’m sure Brocade has a good reason for doing it like this, just wasn’t something I was used to. I appreciate your response though!

Leave a Reply

Your email address will not be published. Required fields are marked *