Showing results for 
Search instead for 
Did you mean: 



I noticed our switch randomly block phones on vlan 34 which is odd.Some of this communication are within the same subnet and should not be hitting the access list at all.

Here is my log


.29.132(48378) (Vlan34 004e.006e.0000) ->, 1 packet
*Apr 15 22:03:04.421: %SEC-6-IPACCESSLOGP: list 134 denied tcp (Vlan34 004e.006e.0000) ->, 1 packet
*Apr 15 22:03:14.427: %SEC-6-IPACCESSLOGP: list 134 denied tcp (Vlan34 004e.006e.0000) ->, 1 packet
*Apr 15 22:03:15.439: %SEC-6-IPACCESSLOGP: list 134 denied tcp (Vlan34 004e.006e.0000) ->, 1 packet
*Apr 15 22:03:16.451: %SEC-6-IPACCESSLOGP: list 134 denied tcp (Vlan34 004e.006e.0000) ->, 1 packet
*Apr 15 22:03:24.412: %BUFCAP-6-DISABLE: Capture Point cap disabled.
*Apr 15 22:03:24.726: %SEC-6-IPACCESSLOGP: list 134 denied udp (Vlan34 01dc.0200.0400) ->, 1 packet




The access-list 134 is below:


cisco-stack1#show ip access-list 134
Extended IP access list 134
9 permit ip any host
10 permit ip any host (124 matches)
20 permit ip any host
29 permit ip host
30 permit ip host
31 permit ip host
32 permit ip host
40 permit udp host eq domain
50 permit udp host eq domain
60 permit ip host host
61 permit ip host host
62 permit ip host any
70 permit ip host host
71 permit ip host any
80 permit ip host host
81 permit ip host host
82 permit ip host any
90 permit ip host host
91 permit ip host any
92 permit ip host any
100 deny ip any log-input (3067200 matches)
110 deny ip any
120 deny ip any (54250 matches


Any ideas to fix this please


4 Replies 4

Muhammad Awais Khan
Cisco Employee
Cisco Employee



this IP " "looks like for Cucm right ? 


IP Phones need communication to communication manager servers, Voice gateway Routers and maybe communication to Webex/Jabber if configured.


Did you allowed that in your list ?

the ip is a server,host withing vla 34 tries to communicate with it

Local span Capture on po1 (which goes to ip phone 10.X.X.X ) displays traffic from the ip phone to with a destination mac of 22:Ac:1a:0c:ab:c1 which is the mac address of SVI vlan34 on the c9200L. This explains why this traffic is being processed on SVI vlan34 and consequently being processed by ACL 134 even though both devices are the same subnet.
Traffic destined for should have the mac address of

Yue Tong
100 deny ip any log-input (3067200 matches)
This ACL is used by all Deny source IP addresses to access the destination network
I think it is related to this ACL.

100 deny ip any log-input (3067200 matches)

CCIE #62933
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers