Catalyst 6500 - strange effects when removing/adding ACLs

IgorHamzic · ‎06-26-2008

Hi all.I'm witnessing a strange effect when removing and then adding an ACL on my Catalyst 6500 vlan interface.Here's the sh run int vlan58 command:

interface Vlan58

ip address x.x.x.x 255.255.255.252

ip access-group Vlan58_in in

ip access-group Vlan58_out out

ip helper-address x.x.x.x

no ip unreachables

ip directed-broadcast

ip pim dense-mode

ip inspect permit_all in

ip inspect permit_all out

ip route-cache flow

ip igmp access-group 21

The problem appears when I remove both ACL's and I put them back.Everything behaves as normal when I return the Vlan58_out ACL but when I return the Vlan58_in ACL I get cut off from the switches beyond the interface.Funny thing is I can still the ping switches(3 in all) but can't telnet to them.Users on those switches also have problems accessing some resources.Could ip inspect or some other command be causing such a problem?

noran01 · ‎06-26-2008

It sounds like its an issue with the Vlan58_in ACL; can you post it?

IgorHamzic · ‎06-26-2008

I'm currently not at work and don't have the access to the switch.I will post when I get to work.

The thing is that the access-list wasn't changed when I removed it then put it back, it stayed the same and I didn't observe such problems before.In fact the whole configuration of the VLAN interface hasn't changed in quite some time.