cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1511
Views
0
Helpful
2
Replies

Reflexive ACL missing on the IOS 15.4(3)S2

peter.jevos
Level 1
Level 1

Hi 

I noticed that reflexive ACL are missing on the 4300 routers ( particularly on the IOS 15.4(3)S2 )

The keywords evaluate and reflective are missing there:
# permit ip 10.1.1.0 0.0.0.255 any reflect r-out timeout 300
% Invalid input detected at '^' marker.

# evaluate r-out                           ^
% Invalid input detected at '^' marker.

R1(config)#ip access-list exte test
R1(config-ext-nacl)#?
Ext Access List configuration commands:
  <1-2147483647>  Sequence Number
  default         Set a command to its defaults
  deny            Specify packets to reject
  exit            Exit from access-list configuration mode
  no              Negate a command or set its defaults
  permit          Specify packets to forward
  remark          Access list entry comment

The IOS is:

System image file is "bootflash:/isr4300-universalk9.03.13.02.S.154-3.S2-ext.SPA.bin"

Was it replaced by something other ? do you know the workaround ?
 

Thanks

 

 

 

 

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Peter

Just answered a similar question in another forum with the same query.

I haven't used those routers but I did a search on Feature Navigator and there is no mention of reflexive acls for those platforms. It's not always accurate in what it says but it does tie in with what you and the other poster were saying.

I suspect you are meant to ZBFW if you want stateful inspection of traffic on those platforms.

Jon

View solution in original post

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Peter

Just answered a similar question in another forum with the same query.

I haven't used those routers but I did a search on Feature Navigator and there is no mention of reflexive acls for those platforms. It's not always accurate in what it says but it does tie in with what you and the other poster were saying.

I suspect you are meant to ZBFW if you want stateful inspection of traffic on those platforms.

Jon

The reflexive ACL feature is not supported in your IOS XE version.  You are running 3.13.2S(ED) while reflexive ACL is only supported up to 3.10S.

As Jon has mentioned you will need to use ZBFW.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: