[c-nsp] Strange bug in Catalyst 6500 + SUP720 + ACL

Joe Loiacono jloiacon at csc.com
Tue Feb 6 18:14:47 EST 2007


cisco-nsp-bounces at puck.nether.net wrote on 02/06/2007 04:51:48 PM:
> 
> 
>    Hi all,
> 
>    I have the folllowing configuration:
> 
>    interface vlan 7
>    ip address 10.11.0.0 255.255.0.0
>    ip access-group 170 out
> 
>    and then ...
> 
>    access-list 170 permit tcp any any established
>    access-list 170 permit tcp any any range 1018 1023
> 
>    I've found this ACL will permit any tcp connection to network 
> 10.11.0.0 to any port.

Without an 'ip access-group 160 in', inbound is wide open.

> 
>    IOS Version is 12.2(18)SXE6
> 
>    Any ideas ?
> 
> Regards
> Juan
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list