Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACLs on Dot11Radio interface blocks ALL traffic

On an AP1220 w/IOS 12.2(11)JA1, all traffic is blocked when an ACL is applied on either the RF interface or the FastE interface, even explicitly permitted traffic. Also, using the "log" command after an ACL line fails to log anything. Below is the ACL I want to apply to the Dot11Radio 0 interface. It blocks ALL traffic:

access-list 100 permit udp any any eq bootpc log

access-list 100 permit tcp any host 10.0.0.1 eq 1723 log

access-list 100 permit gre any host 10.0.0.1 log

access-list 100 deny ip any any log

Here is a test ACL that blocked ALL traffic, as well:

access-list 101 permit udp any any log

access-list 101 permit tcp any any log

access-list 101 permit icmp any any log

access-list 101 permit ip any any log

Both ACLs blocked all traffic and failed to log a single event. If the ACL is removed, everything works. HELP!

1 REPLY
Bronze

Re: ACLs on Dot11Radio interface blocks ALL traffic

It's a known bug CSCec28612 - AP1200 access-list doesnt work on radio int with a log keyword

149
Views
0
Helpful
1
Replies