06-26-2008 07:20 AM - edited 03-05-2019 11:50 PM
Hi all.I'm witnessing a strange effect when removing and then adding an ACL on my Catalyst 6500 vlan interface.Here's the sh run int vlan58 command:
interface Vlan58
ip address x.x.x.x 255.255.255.252
ip access-group Vlan58_in in
ip access-group Vlan58_out out
ip helper-address x.x.x.x
ip helper-address x.x.x.x
ip helper-address x.x.x.x
ip helper-address x.x.x.x
no ip unreachables
ip directed-broadcast
ip pim dense-mode
ip inspect permit_all in
ip inspect permit_all out
ip route-cache flow
ip igmp access-group 21
The problem appears when I remove both ACL's and I put them back.Everything behaves as normal when I return the Vlan58_out ACL but when I return the Vlan58_in ACL I get cut off from the switches beyond the interface.Funny thing is I can still the ping switches(3 in all) but can't telnet to them.Users on those switches also have problems accessing some resources.Could ip inspect or some other command be causing such a problem?
06-26-2008 08:33 AM
It sounds like its an issue with the Vlan58_in ACL; can you post it?
06-26-2008 08:47 AM
I'm currently not at work and don't have the access to the switch.I will post when I get to work.
The thing is that the access-list wasn't changed when I removed it then put it back, it stayed the same and I didn't observe such problems before.In fact the whole configuration of the VLAN interface hasn't changed in quite some time.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: