Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL weird Behaviour!

Hello Guys,

below is my topology 




Router has got inbound ACL applied to the user1 facing interface. This acl has got entries to permit user1 traffic. Everything was working untill this morning and all sudden user1 start syaing that he is not able to access anything.

i did check and confirm acl is same and have all required permit statements. I removed the acl(no ip access-list ABC in ) and put it back and all start working again.


I am wondering if router acl got hanged or what issue was? anyone experienced this issue before?



this is cisco 2800 series router...

Cisco Employee

Hi,Not sure what might have


Not sure what might have gone wrong at this point of time.

1- Did you try bouncing the interface?

2- How often you have seen this issue?

3- Whats the IOS running on the box?




New Member

it was a simple ACL applied

it was a simple ACL applied inbound direction. I reckon code is 12.4.


This is second strange behavior i have seen in a cisco router in last 10 days. a few days back remote access vpn stop working and we rebooted the router and all start seems Cisco gone on the path of windows ie reboot :P

New Member

While you were testing...

While you were testing... were there any matches on the ACL when a traffic was generated?

New Member

I can't recall having such an

I can't recall having such an issue with an ACL on an interface...

Could you post a sample config?

Maybe the clue is in the

Maybe the clue is in the "until this morning".  Is it possible that the ACL is blocking DHCP or some other protocol that is only used at startup?  Removing the DHCP would allow the user to get his IP address, and he would continue to work even if you put back the ACL ... until next time he reboots his machine.

It is only a suggestion ....

Perhaps you need to put a deny ip any any log at the end of the ACL, and see if anything interesting comes out on your syslog.


Kevin Dorrell