cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
430
Views
0
Helpful
2
Replies

Bug in 12.4(11)XJ4 IPv6 ACL

jproos
Level 1
Level 1

Hello all,

Since I do not have access to the TAC, I figured the best place to tell Cisco about this problem is on here, please let me know if there is a better way to report bugs if you do not have TAC access.

I searched the bug db but couldn't find any bug that looked like this one.

I have a Cisco 877W with Advanced IP services/K9 IOS 12.4(11)XJ4, as far as I know the latest available software for this box.

The bug is in the syntax of IPv6 access-lists, when you enter an IPv6 access-list you have the following possible keywords:

Cisco877W(config)#ipv6 access-list IP6-OUTSIDE-IN

Cisco877W(config-ipv6-acl)#?

IPv6 Access List configuration commands:

default Set a command to its defaults

deny Specify packets to reject

evaluate Evaluate an access list

exit Exit from access-list configuration mode

no Negate a command or set its defaults

permit Specify packets to forward

remark Access list entry comment

sequence Sequence number for this entry

<cr>

However, after entering a sequence number, the number of keywords is much more limited:

Cisco877W(config-ipv6-acl)#sequence 10 ?

deny Specify packets to reject

permit Specify packets to forward

remark Access list entry comment

Especially 'evaluate' is missing.

Not really a problem as you can also enter the sequence number at the end of the line, or even just enter the lines in the right sequence without a sequence number.

But...

After entering the commands in one of the ways above, they end up in the running config like this:

ipv6 access-list IP6-OUTSIDE-IN

sequence 5 permit icmp any any

sequence 10 evaluate IP6-OUTSIDE-OUT-REFLECT

sequence 15 deny ipv6 any any log

thus, after a write, this will also be in startup-config... and after a reload, the following is displayed:

sequence 10 evaluate IP6-OUTSIDE-OUT-REFLECT

^

% Invalid input detected at '^' marker.

and the line is no longer in my running, effectively disabling my IPv6 access...

I would appreciate it if one of the Cisco-employees here could report this as a bug (or tell me in what way I am horribly wrong ;-) )

Thanks,

Jeroen

2 Replies 2

sureshkumarit
Level 1
Level 1

Hi Jeron,

This Error "% Invalid input detected at "^" marker." state you entered the command incorrectly. The caret (^) marks the point of the error.

Enter a question mark (?) to display all the commands that are available in this command mode. The keywords that you are allowed to enter for the command appear.

Sureh,

Please read my message again, it is not me who enters the command wrong, it's the router itself that enters a command into startup config that it after a subsequent reload does not understand.

Jeroen

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: