Problem with ACL in CSS-to-CSS redundancy configuration

tkukol · ‎07-18-2002

I have two CSSes - first is master, second is backup. When I enable ACL on master CSS, it can't see more the backup CSS. My first rule is to allow all traffic between both CSSes. I have CSS 11050 with 4.10 Build 10.

Here is a part of my config:

--- begin ---------------------------------------------------

!************************* INTERFACE *************************

interface e8

bridge vlan 254

description "css1 <-> css2 (net 192.168.254.0/30)"

!************************** CIRCUIT **************************

circuit VLAN254

ip address 192.168.254.1 255.255.255.252

redundancy-protocol

!**************************** NQL ****************************

nql n_csw_to_csw

ip address 192.168.254.1 255.255.255.255

ip address 192.168.254.2 255.255.255.255

!**************************** ACL ****************************

acl 1

clause 1 bypass any nql n_csw_to_csw destination nql n_csw_to_csw

apply circuit-(VLAN254)

--- end ---------------------------------------------------

Where is the problem? Is it a bug in my current version or an error in my configuration?

Thanks

Thomas Kukol

awo · ‎07-18-2002

at first step read http://www.cisco.com/warp/customer/117/css_packet_trace.html

and trace your unworking configuration

if you give flow option 0xffffff you should see why ACL didn't pass app traffic..

second idea is to use normaln acls w/o nql....

with permit keyword...

share expirience here again 8-)