Catalyst 6500 - strange effects when removing/adding ACLs

Unanswered Question
Jun 26th, 2008

Hi all.I'm witnessing a strange effect when removing and then adding an ACL on my Catalyst 6500 vlan interface.Here's the sh run int vlan58 command:

interface Vlan58

ip address x.x.x.x

ip access-group Vlan58_in in

ip access-group Vlan58_out out

ip helper-address x.x.x.x

ip helper-address x.x.x.x

ip helper-address x.x.x.x

ip helper-address x.x.x.x

no ip unreachables

ip directed-broadcast

ip pim dense-mode

ip inspect permit_all in

ip inspect permit_all out

ip route-cache flow

ip igmp access-group 21

The problem appears when I remove both ACL's and I put them back.Everything behaves as normal when I return the Vlan58_out ACL but when I return the Vlan58_in ACL I get cut off from the switches beyond the interface.Funny thing is I can still the ping switches(3 in all) but can't telnet to them.Users on those switches also have problems accessing some resources.Could ip inspect or some other command be causing such a problem?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
IgorHamzic Thu, 06/26/2008 - 08:47

I'm currently not at work and don't have the access to the switch.I will post when I get to work.

The thing is that the access-list wasn't changed when I removed it then put it back, it stayed the same and I didn't observe such problems before.In fact the whole configuration of the VLAN interface hasn't changed in quite some time.


This Discussion