10-23-2007 02:24 AM - edited 02-20-2020 09:39 PM
Hi, i'm trying to implement lock & key in a Cisco 2611XM router.
This is my config:
ip access-list extended TEST
permit tcp any host 192.168.1.30 eq 3001
dynamic dynTest permit ip 0.0.0.0 255.255.255.0 host 14.14.14.1
line vty 5
rotary 1
autocommand access-enable timeout 5
With IOS 12.3(6c), it works when I open a telnet session to port 3001 from a client (with ip-address x.x.x.13) which is within the vlan where the access-list is defined.
I get the following output from "show ip access-list":
Router#sh ip access-lists
Extended IP access list TEST
10 permit tcp any host 192.168.1.30 eq 3001 (75 matches)
20 Dynamic AccessDC permit ip 0.0.0.0 255.255.255.0 host 14.14.14.1
permit ip 0.0.0.13 255.255.255.0 host 14.14.14.1 (1047 matches) (time lef
t 299)
At this time, i'm able to ping with the client (with ip address x.x.x.13) to host 14.14.14.1 (otherwise, i get the message: destination net unreachable) --> so this works correctly.
However, when using IOS 12.4(17) on the same device, with exactly the same config, it doesn't work anymore. (I always get "destination net unreachable when trying to ping the 14.14.14.1 host).
Although i get the same output from the router, except for one detail: the timer doesn't appear anymore:
Router#sh ip access-lists
Extended IP access list TEST
10 permit tcp any host 192.168.1.30 eq 3001 (75 matches)
20 Dynamic AccessDC permit ip 0.0.0.0 255.255.255.0 host 14.14.14.1
permit ip 0.0.0.13 255.255.255.0 host 14.14.14.1
Anyone who has an idea?
Thank you
10-29-2007 12:49 PM
The output command "permit ip 0.0.0.13 255.255.255.0 host 14.14.14.1" doesn't shows any matches so it is not getting hit and hence you are not able to ping. Have you made any other changes to the config or in the network setup?
10-30-2007 12:10 AM
Hi,
No, I haven't made any changes, I just updated the IOS, nothing more.
After I put back the previous IOS (the original), it worked again. So the problem is clearly the operating system I guess...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: