Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CSS ACL won't allow nql spec

CSS11150, 5.00 Build 610s

Standard Feature Set

I have an nql called deny_nql with ip addresses/ranges that we want to block all traffic from.

I'm trying to create an clause in acl 1 that will block all traffic from those addresses. This acl is to be applied to vlan1.

clause 1 deny any nql deny_nql destination any

the CSS won't take this line.

It insists on specifiying only "any":

CSS11150(config-acl[1])# clause 1 deny any ?

any Any combination

CSS11150(config-acl[1])# clause 1 deny any

see, it won't allow an nql spec.

This exact line works just fine in another CSS we have with the same build installed (with the enhanced feature set)

CSS11150(config-acl[5])# clause 1 deny any ?

any Any combination

nql ACL source address Network Qualifier List

<Host or IP> ACL Source IP Address of the form a.b.c.d or Hostname

CSS11150(config-acl[5])#

I've looked at the web docs describing differences between the Std and Enh feature sets and allowing one to specify nqls on an acl doesn't seem to be there.

Anyone have any idea on this?

TIA

Brian

4 REPLIES
Cisco Employee

Re: CSS ACL won't allow nql spec

it should be there.

What is more troublesom is that it does not show "".

Could you try configure the nql or an ip address and see if it takes the command .

gduf-css11000-1(config-acl[1])# clause 10 deny any ?

any Any combination

nql ACL source address Network Qualifier List

ACL Source IP Address of the form a.b.c.d or Hostname

gduf-css11000-1(config-acl[1])# sho ver

Version: ap0610410s (6.10 Build 410)

Flash (Locked): 3.02 Build 2

Flash (Operational): 6.10 Build 410

Type: PRIMARY

Licensed Cmd Set(s): Standard Feature Set

Gilles.

New Member

Re: CSS ACL won't allow nql spec

I have pasted a full normal line in and hit return only to get an error pointing to that spot in the config line.

It is one of those "stranger things"

Brian

Cisco Employee

Re: CSS ACL won't allow nql spec

Brian,

can we have your complete config ?

I'd like to load it on one of my box and see if there is anything that would cause this problem.

Let me know which version you are running as well.

Thanks,

Gilles.

New Member

Re: CSS ACL won't allow nql spec

attached.

CSS11150# show version

Version: ap0500610s (5.00 Build 610)

Flash (Locked): 5.00 Build 2

Flash (Operational): 5.00 Build 610

Type: SECONDARY

Licensed Cmd Set(s): Standard Feature Set

SSH Server

CSS11150# show chassis

Configuration for CSS 11150:

Name: CSS 11150 SW Version: 5.00 Build 610

HW Major Version: 03 HW Minor Version: 0

Base Mac Address: 00-10-58-03-23-1d

Module Number Module Name Status

1 FEM primary

2 FEM primary

5 SCFM-PLUS primary

Port Number Port Name Status

1 e1 online

2 e2 online

3 e3 online

4 e4 online

5 e5 online

6 e6 online

7 e7 online

8 e8 online

9 e9 online

10 e10 online

11 e11 online

12 e12 online

13 e13 online

14 e14 online

15 e15 online

16 e16 online

131
Views
0
Helpful
4
Replies
CreatePlease to create content