Hello.

I have a cisco ISR4351/K9  router where i have configured an access-list and applied it to one of the LAN interfaces, one of the ACL statements uses a time range that is defined as below

time-range 6DAY_BRANCHES
periodic weekdays 0:00 to 7:30
periodic Sunday 0:00 to 23:59
periodic Saturday 0:00 to 7:30
periodic Saturday 16:00 to 23:59
periodic weekdays 21:00 to 23:59

the ACL statement is as below:

deny tcp host 10.40.1.10 eq 8380 10.40.0.0 0.0.255.255 time-range 6DAY_BRANCHES (inactive) (1102 matches)

The thing is the ACL has been working fine all along except this morning when i discovered that this line was filtering traffic even though it was in the inactive state, the acl line above was captured just a few seconds after a cleared the ACL counters but as you can see, i was still getting matches and users were unable to access the application in a time period that they should have access.

Has anyone come across this issue? what can be cause?  i verifed the time on the router and it was correct

Software on the router is:

Cisco IOS XE Software, Version 03.15.03.S - Standard Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(2)S3, RELEASE SOFTWARE (fc2)

Regards.