Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
336
Views
0
Helpful
5
Replies

ACL weird Behaviour!

darkdesire.cisco
Level 1
Level 1

‎08-25-2014 09:47 PM - edited ‎03-07-2019 08:31 PM

Hello Guys,

below is my topology 

 

user1----Router---user2

 

Router has got inbound ACL applied to the user1 facing interface. This acl has got entries to permit user1 traffic. Everything was working untill this morning and all sudden user1 start syaing that he is not able to access anything.

i did check and confirm acl is same and have all required permit statements. I removed the acl(no ip access-list ABC in ) and put it back and all start working again.

 

I am wondering if router acl got hanged or what issue was? anyone experienced this issue before?

 

 

this is cisco 2800 series router...

Labels:
0 Helpful
5 Replies 5

InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎08-26-2014 12:34 AM

Hi,

Not sure what might have gone wrong at this point of time.

1- Did you try bouncing the interface?

2- How often you have seen this issue?

3- Whats the IOS running on the box?

Regards

Inayath

 

0 Helpful

darkdesire.cisco
Level 1
Level 1
In response to InayathUlla Sharieff

‎08-26-2014 03:51 AM

it was a simple ACL applied inbound direction. I reckon code is 12.4.

 

This is second strange behavior i have seen in a cisco router in last 10 days. a few days back remote access vpn stop working and we rebooted the router and all start wroking..it seems Cisco gone on the path of windows ie reboot :P

0 Helpful

Boyan Sotirov
Level 1
Level 1
In response to darkdesire.cisco

‎08-26-2014 04:37 AM

While you were testing... were there any matches on the ACL when a traffic was generated?

0 Helpful

Boyan Sotirov
Level 1
Level 1

‎08-26-2014 02:18 AM

I can't recall having such an issue with an ACL on an interface...

Could you post a sample config?

0 Helpful

Kevin Dorrell
Level 10
Level 10

‎08-26-2014 05:00 AM

Maybe the clue is in the "until this morning".  Is it possible that the ACL is blocking DHCP or some other protocol that is only used at startup?  Removing the DHCP would allow the user to get his IP address, and he would continue to work even if you put back the ACL ... until next time he reboots his machine.

It is only a suggestion ....

Perhaps you need to put a deny ip any any log at the end of the ACL, and see if anything interesting comes out on your syslog.

 

Kevin Dorrell

Luxembourg

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card