12-30-2019 06:05 AM - edited 02-21-2020 11:12 AM
Hello.
I have a cisco ISR4351/K9 router where i have configured an access-list and applied it to one of the LAN interfaces, one of the ACL statements uses a time range that is defined as below
time-range 6DAY_BRANCHES
periodic weekdays 0:00 to 7:30
periodic Sunday 0:00 to 23:59
periodic Saturday 0:00 to 7:30
periodic Saturday 16:00 to 23:59
periodic weekdays 21:00 to 23:59
the ACL statement is as below:
deny tcp host 10.40.1.10 eq 8380 10.40.0.0 0.0.255.255 time-range 6DAY_BRANCHES (inactive) (1102 matches)
The thing is the ACL has been working fine all along except this morning when i discovered that this line was filtering traffic even though it was in the inactive state, the acl line above was captured just a few seconds after a cleared the ACL counters but as you can see, i was still getting matches and users were unable to access the application in a time period that they should have access.
Has anyone come across this issue? what can be cause? i verifed the time on the router and it was correct
Software on the router is:
Cisco IOS XE Software, Version 03.15.03.S - Standard Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(2)S3, RELEASE SOFTWARE (fc2)
Regards.
Solved! Go to Solution.
01-01-2020 08:03 PM
12-30-2019 06:15 AM
Can you post below information :
#show clock
# show time-range
#show ip access-list XX
01-01-2020 08:03 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide