cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1300
Views
0
Helpful
2
Replies

Access-list bug in cisco 3650

AARON LONG
Level 1
Level 1

I  ran into a strange issue while attempting to apply policy routing to a Cisco3560 router. I configured 'sdm perfer routing' to enable the resources for policy routing, and entered my access-list and policy map:

access-list 101 deny   ip 10.30.1.0 255.255.255.0 10.30.0.0 255.255.255.0

access-list 101 permit ip 10.30.1.0 255.255.255.0 any


route-map RPPolicy1 permit 10
match ip address 101
set ip next-hop 10.8.2.9

interface Vlan71
description <redacted>
ip address 10.30.1.1 255.255.255.0
ip policy route-map RPPolicy1
After I was done with my configuration, I tried to validate my policy-routing was working, and it had failed. I checked my configurations and found that the values in the ACL had been altered:
access-list 101 deny   ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 101 permit ip 0.0.0.0 255.255.255.0 any
I tried to re-enter the ACL, but the access-list keeps having my networks get altered. My software version is:
Version 12.2(25)SEB2
Any ideas?

2 Replies 2

Mark Yeates
Level 7
Level 7

Aaron,

The reason your ACL's are doing that is because you are not using wildcard masks. You must use inverted masks instead of a regular subnet mask. Here are your ACL's with the wildcard masks:

access-list 101  deny   ip 10.30.1.0 0.0.0.255 10.30.0.0 0.0.0.255

access-list 101 permit ip  10.30.1.0 0.0.0.255 any

Here's a guide to show you how to do this.

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#topic2

HTH,

Mark

--

Review Cisco Networking for a $25 gift card