Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
0
Helpful
2
Replies

ip access-list could not be removed from running-configuration

Florian.Figula
Level 1
Level 1

‎01-20-2016 01:32 AM - edited ‎03-01-2019 08:09 AM

An IP Access-List could not be removed completly from the running-configuration. This ACL was bound to a monitor session before. When I issue the "no ip access-list CAPTURE-LOADBALANCER" command all entrys of the ACL will be deleted but the statement "ip access-list CAPTURE-LOADBALANCER" will remain in the running-configuration. Currently I am not able to reboot the system. Anyone having an idea what might be the problem? No related bugs found but looks like one. NX-OS version is 7.0(5)N1(1) on an Cisco Nexus N5K-C5596UP.

HOSTNAME# show monitor session 1
   session 1
---------------
type              : local
state             : down (Session admin shut)
acl-name          : CAPTURE
source intf       :
    rx            : Po60
    tx            : Po60
    both          : Po60
source VLANs      :
    rx            :
source VSANs      :
    rx            :
destination ports : Eth1/47

Legend: f = forwarding enabled, l = learning enabled

N5K1-RZ1# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
N5K1-RZ1(config)# no ip access-list CAPTURE-LOADBALANCER

N5K1-RZ1# sh ip access-lists

IPV4 ACL CAPTURE
        10 permit ip 129.0.11.146/32 10.100.26.11/32
        20 permit ip 129.0.11.146/32 10.100.26.12/32
        30 permit ip 10.100.26.12/32 129.0.11.146/32
        40 permit ip 10.100.26.11/32 129.0.11.146/32
        50 permit ip 129.0.11.146/32 129.0.12.29/32
        60 permit ip 129.0.12.29/32 129.0.11.146/32
IPV4 ACL CAPTURE-LOADBALANCER
IPV4 ACL IP_traffic
        10 permit ip any any

Labels:
0 Helpful
2 Replies 2

Mark
Level 1
Level 1

‎01-21-2016 04:59 AM

Hi Florian,

Are you sure this ACL was removed from any policy or interface?

Thanks,

Mark

0 Helpful

Florian.Figula
Level 1
Level 1
In response to Mark

‎01-21-2016 05:17 AM

Hi Mark,

I am pretty sure, because the ACL was only bound to a monitor session.

N5K1-RZ1# show running-config | include CAPTURE-LOADBALANCER
ip access-list CAPTURE-LOADBALANCER

On another vPC Pair of N5K-C5596UP I am having the same issue only the ACL is having another name.

0 Helpful
Customers Also Viewed These Support Documents