Hi, All! I have Cisco Catalyst 3550. Recently, I have upgraded Cisco IOS. After upgrading IOS, ACL isn't working any more. WHY??? Maybe not enought TCAM resources?.. but in the previous IOS ACEs were functioning properly.
On the switch I have QoS, DHCP Snooping, Dinamic ARP Inspector, VLANs, SNMP running.
Old Cisco IOS: 12.2 (25) SEE IPSERVICES
new IOS: 12.2 (44) SE
Help me, please! Maybe somebody had similar problem?
Can you post the output from "sh run int XXXX", where XXXX is the interface that you have applied this ACL. Also, what is the source and destination IP of your testing and also the default gateway of the host that you are trying to source the packet from.
Well, my PC have ip=10.1.1.42/16 default gateway=10.1.0.2, I'm just successfully pinging the host 172.16.1.5 and another hosts, but pinging is not allowed by this ACL! Sometimes ACL begin working correctly 5 minutes-3 hour, but after this time IOS unload ACL from tcam resources (tcam resources more than enough), and ACL's don't working any more.
I have the second Cisco 3550 in another node, I conducted experiment yesterday. Before experiment ACL's in Cisco 3550 were working correctly. I upgraded Cisco IOS to 12.2 (44) SE IP Services (now first 3550 and second 3550 have same IOS), after upgrading IOS, ACL isn't working any more normally, and situation the same the first Cisco3550. After I began installing Cisco IOS another version, my results:
1) Cisco IOS to 12.2 (40) IP Services - ACL's isn't work
2) Cisco IOS to 12.2 (37) IP Services - ACL's isn't work
3) Cisco IOS to 12.2 (35) IP Services - ACL's isn't work
4) Cisco IOS to 12.2 (25) SEE5 IP Services - ACL's work well!
5) Cisco IOS to 12.2 (25) SEE IP Services - ACL's work well!
If it's helps to understand situation, I make show you config-file my Cisco Catalyst 3550.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...