cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1307
Views
0
Helpful
4
Replies

A question about the syntax of ACLs

shaijosef
Level 1
Level 1

Hello All,

I hope I'm openning this in the right place.

I have a question about the syntax of Cisco ACLs.

I have configured an ACL on my router using service-objects and network-objects in the service, sourceIP, and destinationIP fields of my ACL and it seems that the router changed the syntax of the ACL, the below line is taken fron the show running-config command:

access-list 123 permit not nbject-group evg_ser not1object-group evgeny dfobject-group shay log

and this line is taken from the show access-list command:

10 permit object-group evg_ser object-group evgeny object-group shay log

My question is, what is the 'not' and the 'not1' strings in the config line above (I didn't write down this two strings - the router added them by itself)

Maybe a bug?

Thank you

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

Your output from the show running-config with the "not" and "not1" strings seems bizarre. I would not expect these strings to even be accepted by the router's command parser.

I suspect they may be an artifact of your terminal emulation tool. What are you using to log in (e.g., Putty, XShell, SecureCRT, Hyperterm, etc.)? Are you going in via vty or console? I'd try a different tool and/or method and see if you get the same output.

Thanks for you answer.

I'm using Putty or Telnet through a regular VTY line.

What platform is this and what version of code. Posting the output of show version might be helpful.

HTH

Rick

HTH

Rick

Hi, the complete output of show version is displayed below:

Router2801#sh ver
Cisco IOS Software, 2801 Software (C2801-ADVSECURITYK9-M), Version 12.4(20)YA3,
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 03-Apr-09 20:19 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)

Router2801 uptime is 3 days, 19 hours, 14 minutes
System returned to ROM by reload at 13:15:56 UTC Thu Feb 2 2012
System image file is "flash:c2801-advsecurityk9-mz.124-20.YA3.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 2801 (revision 5.0) with 118784K/12288K bytes of memory.
Processor board ID FTX0942W0U7
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco