Re: 3550 can't get rid of acl -- very weird

From: ccie2be (ccie2be@nyc.rr.com)
Date: Sat Jan 29 2005 - 09:10:47 GMT-3

Actually, I found this bug on a 3550 running 12.2(25)SE, so it hasn't been
fixed just yet.

SW1#sh ver
Cisco IOS Software, C3550 Software (C3550-I5Q3L2-M), Version 12.2(25)SE,
RELEASE
 SOFTWARE (fc)
Copyright (c) 1986-2004 by Cisco Systems, Inc.
Compiled Wed 10-Nov-04 18:07 by yenanh

ROM: Bootstrap program is C3550 boot loader

 SW1 uptime is 3 weeks, 3 days, 21 hours, 7 minutes
System returned to ROM by power-on
System image file is "flash:c3550-i5q3l2-mz.122-25.SE.bin"

Cisco WS-C3550-24 (PowerPC) processor (revision G0) with 65526K/8192K bytes
of m
emory.
Processor board ID CHK0645W1K6
Last reset from warm-reset
Running Layer2/3 Switching Image

But, still in all, I'm glad to know this is a documented bug and I'm not
going crazy.

Thanks. Tim

----- Original Message -----
From: "Balaji Siva" <bsivasub@gmail.com>
To: "Zafar Khan" <mahaguru@gmail.com>
Cc: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>;
"Richard Dumoulin" <Richard.Dumoulin@vanco.fr>
Sent: Saturday, January 29, 2005 1:09 AM
Subject: Re: 3550 can't get rid of acl -- very weird

> For the record, this bug is fixed in 12.2(25)SE for 3550
>
>
>
> On Sat, 29 Jan 2005 11:01:45 +0500, Zafar Khan <mahaguru@gmail.com> wrote:
> > Here's the answer:
> > http://www.groupstudy.com/archives/ccielab/200406/msg01743.html
> >
> > For a detailed description, download the cisco authored pdf
> > "Implementing Network Access Control Phase One Configuration and
> > Deployment " . its a > 3 meg file
> >
> > HTH
> >
> > Zafar
> >
> >
> > On Fri, 28 Jan 2005 12:19:02 -0500, ccie2be <ccie2be@nyc.rr.com> wrote:
> > > RE: 3550 can't get rid of acl -- very weirdThanks, guess it's time to
call
> > > pest control.
> > >
> > >
> > > ----- Original Message -----
> > > From: Richard Dumoulin
> > > To: ccie2be ; Group Study
> > > Sent: Friday, January 28, 2005 12:12 PM
> > > Subject: RE: 3550 can't get rid of acl -- very weird
> > >
> > > Someone answered this some time ago. It is a bug,
> > >
> > > -- Richard
> > >
> > > -----Original Message-----
> > > From: ccie2be [mailto:ccie2be@nyc.rr.com]
> > > Sent: Friday, January 28, 2005 4:42 PM
> > > To: Group Study
> > > Subject: 3550 can't get rid of acl -- very weird
> > >
> > > Hey guys,
> > >
> > > Has this ever happened to you?
> > >
> > > When I do a show run on this 3550, there's no acl in the config.
> > >
> > > But, when I do a show access-list, I get the following:
> > >
> > > SW1#sh access-list
> > > Extended IP access list sl_def_acl
> > > 10 deny tcp any any eq telnet
> > > 20 deny tcp any any eq www
> > > 30 deny tcp any any eq 22
> > > 40 permit ip any any
> > > SW1#
> > >
> > > I tried to delete this acl, but it won't go away.
> > >
> > > SW1(config)#no ip access-list ext sl_def_acl
> > > SW1(config)#
> > > SW1#s
> > > 3w3d: %SYS-5-CONFIG_I: Configured from console by console
> > > SW1#sh access-list
> > > Extended IP access list sl_def_acl
> > > 10 deny tcp any any eq telnet
> > > 20 deny tcp any any eq www
> > > 30 deny tcp any any eq 22
> > > 40 permit ip any any
> > > SW1#
> > >
> > > Anybody have any idea what's going on?
> > >
> > > TIA, Tim
> > >
> > >

This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:27 GMT-3