Access-list bug in cisco 3650

Unanswered Question
May 7th, 2010
User Badges:

I  ran into a strange issue while attempting to apply policy routing to a Cisco3560 router. I configured 'sdm perfer routing' to enable the resources for policy routing, and entered my access-list and policy map:



access-list 101 deny   ip 10.30.1.0 255.255.255.0 10.30.0.0 255.255.255.0

access-list 101 permit ip 10.30.1.0 255.255.255.0 any


route-map RPPolicy1 permit 10
match ip address 101
set ip next-hop 10.8.2.9

interface Vlan71
description <redacted>
ip address 10.30.1.1 255.255.255.0
ip policy route-map RPPolicy1
After I was done with my configuration, I tried to validate my policy-routing was working, and it had failed. I checked my configurations and found that the values in the ACL had been altered:
access-list 101 deny   ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 101 permit ip 0.0.0.0 255.255.255.0 any
I tried to re-enter the ACL, but the access-list keeps having my networks get altered. My software version is:
Version 12.2(25)SEB2
Any ideas?
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Mark Yeates Fri, 05/07/2010 - 22:33
User Badges:
  • Gold, 750 points or more

Aaron,


The reason your ACL's are doing that is because you are not using wildcard masks. You must use inverted masks instead of a regular subnet mask. Here are your ACL's with the wildcard masks:



access-list 101  deny   ip 10.30.1.0 0.0.0.255 10.30.0.0 0.0.0.255

access-list 101 permit ip  10.30.1.0 0.0.0.255 any


Here's a guide to show you how to do this.


http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#topic2


HTH,

Mark

Actions

This Discussion