Access-list bug in cisco 3650

Unanswered Question
May 7th, 2010
User Badges:

I  ran into a strange issue while attempting to apply policy routing to a Cisco3560 router. I configured 'sdm perfer routing' to enable the resources for policy routing, and entered my access-list and policy map:

access-list 101 deny   ip

access-list 101 permit ip any

route-map RPPolicy1 permit 10
match ip address 101
set ip next-hop

interface Vlan71
description <redacted>
ip address
ip policy route-map RPPolicy1
After I was done with my configuration, I tried to validate my policy-routing was working, and it had failed. I checked my configurations and found that the values in the ACL had been altered:
access-list 101 deny   ip
access-list 101 permit ip any
I tried to re-enter the ACL, but the access-list keeps having my networks get altered. My software version is:
Version 12.2(25)SEB2
Any ideas?
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Mark Yeates Fri, 05/07/2010 - 22:33
User Badges:
  • Gold, 750 points or more


The reason your ACL's are doing that is because you are not using wildcard masks. You must use inverted masks instead of a regular subnet mask. Here are your ACL's with the wildcard masks:

access-list 101  deny   ip

access-list 101 permit ip any

Here's a guide to show you how to do this.




This Discussion