On Sat, 25 Jan 2003, Rob Thomas wrote:
] access-list 150 deny udp any any eq 1434 log-input
Be _very_ careful about enabling such logging. Some of the worm flows have filled GigE pipes. I doubt you really want to log that; Netflow is a better option in this case. Too much logging will raise the CPU utilization to the point of creating a DoS on the router.
As a general rule, yes. But: " Access list logging does not show every packet that matches an entry. Logging is rate-limited to avoid CPU overload. What logging shows you is a reasonably representative sample, but not a complete packet trace. Remember that there are packets you're not seeing. Access lists and logging have a performance impact, but not a large one. Be careful on routers running at more than about 80 percent CPU load, or when applying access lists to very high-speed interfaces. " ( http://www.cisco.com/warp/public/707/22.html ) There doesn't seem to be a noticable impact on CPU usage for a C12000 GigE linecard. Can you do Netflow rather than CEF on such a beast without a performance penalty?