dynamic ACL (lock & key) bug in IOS 12.4(17)?

Unanswered Question
Oct 23rd, 2007
User Badges:

Hi, i'm trying to implement lock & key in a Cisco 2611XM router.


This is my config:


ip access-list extended TEST

permit tcp any host 192.168.1.30 eq 3001

dynamic dynTest permit ip 0.0.0.0 255.255.255.0 host 14.14.14.1


line vty 5

rotary 1

autocommand access-enable timeout 5


With IOS 12.3(6c), it works when I open a telnet session to port 3001 from a client (with ip-address x.x.x.13) which is within the vlan where the access-list is defined.


I get the following output from "show ip access-list":


Router#sh ip access-lists

Extended IP access list TEST

10 permit tcp any host 192.168.1.30 eq 3001 (75 matches)

20 Dynamic AccessDC permit ip 0.0.0.0 255.255.255.0 host 14.14.14.1

permit ip 0.0.0.13 255.255.255.0 host 14.14.14.1 (1047 matches) (time lef

t 299)


At this time, i'm able to ping with the client (with ip address x.x.x.13) to host 14.14.14.1 (otherwise, i get the message: destination net unreachable) --> so this works correctly.


However, when using IOS 12.4(17) on the same device, with exactly the same config, it doesn't work anymore. (I always get "destination net unreachable when trying to ping the 14.14.14.1 host).


Although i get the same output from the router, except for one detail: the timer doesn't appear anymore:


Router#sh ip access-lists

Extended IP access list TEST

10 permit tcp any host 192.168.1.30 eq 3001 (75 matches)

20 Dynamic AccessDC permit ip 0.0.0.0 255.255.255.0 host 14.14.14.1

permit ip 0.0.0.13 255.255.255.0 host 14.14.14.1


Anyone who has an idea?


Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Mon, 10/29/2007 - 12:49
User Badges:
  • Bronze, 100 points or more

The output command "permit ip 0.0.0.13 255.255.255.0 host 14.14.14.1" doesn't shows any matches so it is not getting hit and hence you are not able to ping. Have you made any other changes to the config or in the network setup?

bert.lefevre Tue, 10/30/2007 - 00:10
User Badges:

Hi,


No, I haven't made any changes, I just updated the IOS, nothing more.

After I put back the previous IOS (the original), it worked again. So the problem is clearly the operating system I guess...

Actions

This Discussion