[c-nsp] Strange bug in Catalyst 6500 + SUP720 + ACL
Joe Loiacono
jloiacon at csc.com
Tue Feb 6 18:14:47 EST 2007
cisco-nsp-bounces at puck.nether.net wrote on 02/06/2007 04:51:48 PM:
>
>
> Hi all,
>
> I have the folllowing configuration:
>
> interface vlan 7
> ip address 10.11.0.0 255.255.0.0
> ip access-group 170 out
>
> and then ...
>
> access-list 170 permit tcp any any established
> access-list 170 permit tcp any any range 1018 1023
>
> I've found this ACL will permit any tcp connection to network
> 10.11.0.0 to any port.
Without an 'ip access-group 160 in', inbound is wide open.
>
> IOS Version is 12.2(18)SXE6
>
> Any ideas ?
>
> Regards
> Juan
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list