cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
458
Views
0
Helpful
2
Replies

dynamic ACL (lock & key) bug in IOS 12.4(17)?

bert.lefevre
Level 1
Level 1

Hi, i'm trying to implement lock & key in a Cisco 2611XM router.

This is my config:

ip access-list extended TEST

permit tcp any host 192.168.1.30 eq 3001

dynamic dynTest permit ip 0.0.0.0 255.255.255.0 host 14.14.14.1

line vty 5

rotary 1

autocommand access-enable timeout 5

With IOS 12.3(6c), it works when I open a telnet session to port 3001 from a client (with ip-address x.x.x.13) which is within the vlan where the access-list is defined.

I get the following output from "show ip access-list":

Router#sh ip access-lists

Extended IP access list TEST

10 permit tcp any host 192.168.1.30 eq 3001 (75 matches)

20 Dynamic AccessDC permit ip 0.0.0.0 255.255.255.0 host 14.14.14.1

permit ip 0.0.0.13 255.255.255.0 host 14.14.14.1 (1047 matches) (time lef

t 299)

At this time, i'm able to ping with the client (with ip address x.x.x.13) to host 14.14.14.1 (otherwise, i get the message: destination net unreachable) --> so this works correctly.

However, when using IOS 12.4(17) on the same device, with exactly the same config, it doesn't work anymore. (I always get "destination net unreachable when trying to ping the 14.14.14.1 host).

Although i get the same output from the router, except for one detail: the timer doesn't appear anymore:

Router#sh ip access-lists

Extended IP access list TEST

10 permit tcp any host 192.168.1.30 eq 3001 (75 matches)

20 Dynamic AccessDC permit ip 0.0.0.0 255.255.255.0 host 14.14.14.1

permit ip 0.0.0.13 255.255.255.0 host 14.14.14.1

Anyone who has an idea?

Thank you

2 Replies 2

tstanik
Level 5
Level 5

The output command "permit ip 0.0.0.13 255.255.255.0 host 14.14.14.1" doesn't shows any matches so it is not getting hit and hence you are not able to ping. Have you made any other changes to the config or in the network setup?

Hi,

No, I haven't made any changes, I just updated the IOS, nothing more.

After I put back the previous IOS (the original), it worked again. So the problem is clearly the operating system I guess...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: