Cisco Cisco IOS Software Release 12.4(4)T Données agrégées
Product Bulletin
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 18 of 299
Routers
● Cisco 871, 1800, 2800, 3700, 3800, 7200, and 7301 Series Routers
Product Management Contact:
3.1.2) Access Control List (ACL) Syslog Correlation
Cisco IOS ACL Syslog Correlation feature provides a correlation mechanism for ACLs that can be
used by Network Management System (NMS) tools to correlate the triggered syslog with the
specific Access Control Entry (ACE) within the ACL that triggered the syslog. The ACL Syslog
Correlation feature utilizes a ‘tag’ which is appended to the ACE generated syslog. The ‘tag’ can
either be a user-configured alpha-numeric cookie or an IOS generated 32-bit hash. If the user does
not configure the cookie, IOS will create the hash for ACEs configured with the ‘log’ keyword.
Cisco IOS ACL Syslog Correlation feature provides a correlation mechanism for ACLs that can be
used by Network Management System (NMS) tools to correlate the triggered syslog with the
specific Access Control Entry (ACE) within the ACL that triggered the syslog. The ACL Syslog
Correlation feature utilizes a ‘tag’ which is appended to the ACE generated syslog. The ‘tag’ can
either be a user-configured alpha-numeric cookie or an IOS generated 32-bit hash. If the user does
not configure the cookie, IOS will create the hash for ACEs configured with the ‘log’ keyword.
Figure 10.
Define a tag to be used for ACE generated syslogs
Figure 11.
Configured tags are appended to ACE generated syslogs
Benefits
●
Provides a consistent monitoring solution for IOS ACLs, allowing network management tools
to easily correlate the triggered syslog with the specific Access Control Entry (ACE) within
the ACL that triggered the syslog
to easily correlate the triggered syslog with the specific Access Control Entry (ACE) within
the ACL that triggered the syslog
●
Reduces complexity of managing and monitoring ACL rules for access and control by
simplifying the correlation of ACE rules with their corresponding syslog events
simplifying the correlation of ACE rules with their corresponding syslog events
●
Assists network administrators in troubleshooting issues that occur as a result of ACE rules
and allows them to monitor ACE rules’ effectiveness
and allows them to monitor ACE rules’ effectiveness
Hardware
Routers
● Cisco 800, 1800, 2800, 3700, 3800, and 7200 Series Routers
Additional Information:
Product Management Contact:
3.1.3) Per Dynamic Multipoint VPN (DMVPN) Tunnel Quality of Service (QoS)
This feature enables the DMVPN hub to dynamically allocate a QoS service policy for each spoke.
The DMVPN hub can have multiple QoS policies for all the remote spokes. If QoS is configured,
each spoke requests a QoS policy from the hub during Next Hop Resolution Protocol (NHRP)
registration. This QoS service policy is applied on the hub in the outbound direction. A typical QoS
policy provides multiple classes of service, including a priority queue for voice, and traffic shaping
for the total bandwidth of all classes.
This feature enables the DMVPN hub to dynamically allocate a QoS service policy for each spoke.
The DMVPN hub can have multiple QoS policies for all the remote spokes. If QoS is configured,
each spoke requests a QoS policy from the hub during Next Hop Resolution Protocol (NHRP)
registration. This QoS service policy is applied on the hub in the outbound direction. A typical QoS
policy provides multiple classes of service, including a priority queue for voice, and traffic shaping
for the total bandwidth of all classes.