06-26-2008 07:20 AM - edited 03-05-2019 11:50 PM
Hi all.I'm witnessing a strange effect when removing and then adding an ACL on my Catalyst 6500 vlan interface.Here's the sh run int vlan58 command:
interface Vlan58
ip address x.x.x.x 255.255.255.252
ip access-group Vlan58_in in
ip access-group Vlan58_out out
ip helper-address x.x.x.x
ip helper-address x.x.x.x
ip helper-address x.x.x.x
ip helper-address x.x.x.x
no ip unreachables
ip directed-broadcast
ip pim dense-mode
ip inspect permit_all in
ip inspect permit_all out
ip route-cache flow
ip igmp access-group 21
The problem appears when I remove both ACL's and I put them back.Everything behaves as normal when I return the Vlan58_out ACL but when I return the Vlan58_in ACL I get cut off from the switches beyond the interface.Funny thing is I can still the ping switches(3 in all) but can't telnet to them.Users on those switches also have problems accessing some resources.Could ip inspect or some other command be causing such a problem?
06-26-2008 08:33 AM
It sounds like its an issue with the Vlan58_in ACL; can you post it?
06-26-2008 08:47 AM
I'm currently not at work and don't have the access to the switch.I will post when I get to work.
The thing is that the access-list wasn't changed when I removed it then put it back, it stayed the same and I didn't observe such problems before.In fact the whole configuration of the VLAN interface hasn't changed in quite some time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide