Enabling ACL "Deny" logging
ACL logging enables the switch to generate a message when
IP traffic meets the criteria for a match with an ACE that results
in an explicit "deny" action. You can use ACL logging to
help:
Test your network to ensure that your ACL configuration is detecting and denying the IPv4 traffic you do not want forwarded
Receive notification when the switch detects attempts to forward IPv4 traffic you have designed your ACLs to reject (deny)
The switch sends ACL messages to Syslog and optionally
to the current console, Telnet, or SSH session. You can use logging
<> to configure up to six Syslog server destinations.