01-20-2016 01:32 AM - edited 03-01-2019 08:09 AM
An IP Access-List could not be removed completly from the running-configuration. This ACL was bound to a monitor session before. When I issue the "no ip access-list CAPTURE-LOADBALANCER" command all entrys of the ACL will be deleted but the statement "ip access-list CAPTURE-LOADBALANCER" will remain in the running-configuration. Currently I am not able to reboot the system. Anyone having an idea what might be the problem? No related bugs found but looks like one. NX-OS version is 7.0(5)N1(1) on an Cisco Nexus N5K-C5596UP.
HOSTNAME# show monitor session 1
session 1
---------------
type : local
state : down (Session admin shut)
acl-name : CAPTURE
source intf :
rx : Po60
tx : Po60
both : Po60
source VLANs :
rx :
source VSANs :
rx :
destination ports : Eth1/47
Legend: f = forwarding enabled, l = learning enabled
N5K1-RZ1# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
N5K1-RZ1(config)# no ip access-list CAPTURE-LOADBALANCER
N5K1-RZ1# sh ip access-lists
IPV4 ACL CAPTURE
10 permit ip 129.0.11.146/32 10.100.26.11/32
20 permit ip 129.0.11.146/32 10.100.26.12/32
30 permit ip 10.100.26.12/32 129.0.11.146/32
40 permit ip 10.100.26.11/32 129.0.11.146/32
50 permit ip 129.0.11.146/32 129.0.12.29/32
60 permit ip 129.0.12.29/32 129.0.11.146/32
IPV4 ACL CAPTURE-LOADBALANCER
IPV4 ACL IP_traffic
10 permit ip any any
01-21-2016 04:59 AM
Hi Florian,
Are you sure this ACL was removed from any policy or interface?
Thanks,
Mark
01-21-2016 05:17 AM
Hi Mark,
I am pretty sure, because the ACL was only bound to a monitor session.
N5K1-RZ1# show running-config | include CAPTURE-LOADBALANCER
ip access-list CAPTURE-LOADBALANCER
On another vPC Pair of N5K-C5596UP I am having the same issue only the ACL is having another name.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide