Bug in 12.4(11)XJ4 IPv6 ACL

Unanswered Question
Jan 1st, 2009
User Badges:

Hello all,

Since I do not have access to the TAC, I figured the best place to tell Cisco about this problem is on here, please let me know if there is a better way to report bugs if you do not have TAC access.

I searched the bug db but couldn't find any bug that looked like this one.

I have a Cisco 877W with Advanced IP services/K9 IOS 12.4(11)XJ4, as far as I know the latest available software for this box.

The bug is in the syntax of IPv6 access-lists, when you enter an IPv6 access-list you have the following possible keywords:

Cisco877W(config)#ipv6 access-list IP6-OUTSIDE-IN


IPv6 Access List configuration commands:

default Set a command to its defaults

deny Specify packets to reject

evaluate Evaluate an access list

exit Exit from access-list configuration mode

no Negate a command or set its defaults

permit Specify packets to forward

remark Access list entry comment

sequence Sequence number for this entry


However, after entering a sequence number, the number of keywords is much more limited:

Cisco877W(config-ipv6-acl)#sequence 10 ?

deny Specify packets to reject

permit Specify packets to forward

remark Access list entry comment

Especially 'evaluate' is missing.

Not really a problem as you can also enter the sequence number at the end of the line, or even just enter the lines in the right sequence without a sequence number.


After entering the commands in one of the ways above, they end up in the running config like this:

ipv6 access-list IP6-OUTSIDE-IN

sequence 5 permit icmp any any

sequence 10 evaluate IP6-OUTSIDE-OUT-REFLECT

sequence 15 deny ipv6 any any log

thus, after a write, this will also be in startup-config... and after a reload, the following is displayed:

sequence 10 evaluate IP6-OUTSIDE-OUT-REFLECT


% Invalid input detected at '^' marker.

and the line is no longer in my running, effectively disabling my IPv6 access...

I would appreciate it if one of the Cisco-employees here could report this as a bug (or tell me in what way I am horribly wrong ;-) )



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sureshkumarit Thu, 01/01/2009 - 19:11
User Badges:

Hi Jeron,

This Error "% Invalid input detected at "^" marker." state you entered the command incorrectly. The caret (^) marks the point of the error.

Enter a question mark (?) to display all the commands that are available in this command mode. The keywords that you are allowed to enter for the command appear.

jproos Sat, 01/03/2009 - 04:02
User Badges:


Please read my message again, it is not me who enters the command wrong, it's the router itself that enters a command into startup config that it after a subsequent reload does not understand.



This Discussion