[c-nsp] Ambiguous ACL "log" in 12.2(58)SE2?
Jeff Kell
jeff-kell at utc.edu
Wed Jan 18 16:46:43 EST 2012
Hrmm... looks like this release is attempting to take multiple services:
> Grote-Uplink(config-ext-nacl)#101 permit tcp any host 192.168.128.74 eq smtp syslog ftp
That was *accepted*. So a trailing "log" on a "tcp" permit is ambiguous with "login"
(rlogin/513), and it's impossible to make it unambiguous (apparently).
What's going on here? TCP ACLs on existing switches with trailing "log" are having
those statements removed at startup and causing a bit of havoc...
Anyone else seeing this?
Running c3560e-universalk9-mz.122-58.SE2.bin on a WS-C3560X-24T-S with an IP services
license.
Jeff
On 1/18/2012 10:14 AM, Jeff Kell wrote:
> Running into this on a 3560X IP Services (context is accepted by everything else...)
>
>> Grote-Uplink(config-ext-nacl)#85 permit tcp any any eq 9100 log
>> % Ambiguous command: "85 permit tcp any any eq 9100 log"
>> Grote-Uplink(config-ext-nacl)#85 permit tcp any any eq 9100 log ! log
>> % Ambiguous command: "85 permit tcp any any eq 9100 log ! log"
>> Grote-Uplink(config-ext-nacl)#85 permit tcp any any eq 9100 log
>> % Ambiguous command: "85 permit tcp any any eq 9100 log "
>> Grote-Uplink(config-ext-nacl)#
> What's up with that?
>
> Jeff
>
More information about the cisco-nsp
mailing list