Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
2
Replies

telnet is not working in both core switches when ACL applied

Puneet Gupta
Level 1
Level 1

‎06-09-2012 09:28 AM - edited ‎03-07-2019 07:09 AM

Hi

I have seen some strange issue if anyone can have that answer ..

Problem Description:

We have two core switches in our network and number of vlan are created.TIll now no ACL has been applied on the interface vlan and i am doing the telnet ,one of the server at some other remote location like...

telnet 172.43.16.2 3389 source-interface vlan 10

i am able to do the telnet from both core switches when ACL is not applied on vlan 10 or some other vlan  however the same is not working as soon as i apply the ACL on vlan 10 .I am able to the telnet only from one of  core switch irrespective of HSRP state and STP priority.

However telnet is working from other switch when i shut the interface vlan from the switch where telnet was working.Operationlly there is no issue with the network.

I have tried with number of core switches at other locations including nexus and with number of servers/ports/vlans i am experiencing the same result.is this the expected beheiour ?

Labels:
0 Helpful
2 Replies 2

nkarthikeyan
Level 7
Level 7

‎06-09-2012 10:48 AM

can u paste the configs of the switches????

0 Helpful

Puneet Gupta
Level 1
Level 1
In response to nkarthikeyan

‎06-09-2012 11:35 AM

Hi Natrajan

I can share the configuration but that configuration file is very large. just to correct myself everything is working fine at end user but seeing strange issue at core switches console.When i apply the ACL on any inteface vlan and try to telnet any server with any specfic port ,able to do that with one core switch only and by other it is not happening.

We have many sites and tested with 6509 and nexus core switches  and finding the result.So don't think so related to hardware or configuration issue.For examle we are using in this fashion and applying the acl on vlans.

ip access-list extended WiFi

deny   tcp 172.19.116.0 0.0.0.255 172.19.109.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.16.2.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.18.2.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.24.2.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.19.2.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.17.2.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.27.2.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.28.2.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.22.2.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.16.65.0 0.0.0.255 eq 3389

deny   tcp 172.19.116.0 0.0.0.255 172.16.70.0 0.0.0.255 eq 3389

permit ip 172.19.116.0 0.0.0.255 172.19.116.0 0.0.0.255

permit ip 172.19.116.0 0.0.0.255 172.18.2.0 0.0.0.255

permit ip 172.19.116.0 0.0.0.255 host 172.26.1.29

permit ip 172.19.116.0 0.0.0.255 172.16.2.0 0.0.0.255

and if try to telnet any server like from core switches console

telnet 172.18.2.131 3389 source-interfcae vlan 10

telnet is happenig only for one core switch not for other irrespective of HSRP state and STP.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card