I’m hoping someone can shed some light on this. Not a fault as such, but some weird and unexpected behaviour.
Applying a port ACL to block inbound traffic from 2 devices (10.9.9.9 and 10.9.9.10) to another 3 devices (10.9.9.15, 10.9.9.16 and 10.9.9.17).
ACL as follows (not actual ip addresses)
Ip access-list extended ICMBLOCK
Deny ip 10.9.9.9 0.0.0.1 10.9.9.15 0.0.0.2 log
Permit ip any any log
This was then applied inbound to the 2 switchports which connect 10.9.9.9 and 10.9.9.10
Int)# ip access-group ICMBLOCK in
1) Traffic to 10.9.9.15 and 10.9.9.17 was blocked. But traffic to 10.9.9.16 was permitted through. Shouldn’t the reverse mask on 10.9.9.15 0.0.0.2 cover all 3 destination Ips?
2) Once the trial was finished, I removed the access-group from both switchports. However, log messages indicating permits and denys still appeared. I swear the acl was not applied to any other interfaces.
Eventually I had to delete the acl itself to stop this behaviour
Does anyone know why this behaviour occurred? Any help gratefully received.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...