Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
681
Views
5
Helpful
7
Replies

5480 port

289090326
Level 1
Level 1

ā€Ž04-20-2022 08:52 AM

I want to ask a question. At present, I have encountered a wonderful problem. Cisco 4506 writes A C L, deny T C P any 10.70.18.0 0.0.255 5480, and then applies it under  physical interface, which will cause the whole 4506 to be disconnected from the network and inaccessible. I can only log in to console. If the entry 5480 is deleted, I can access it normally. Is there any conflict?
Labels:
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

ā€Ž04-20-2022 08:58 AM

not sure waht causing that issue, you need to post more of that config to look and where you apply that ACL on what interface ?

 

what is your IP address of the device, your device which stop working to connect ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

289090326
Level 1
Level 1
In response to balaji.bandi

ā€Ž04-20-2022 04:40 PM

My environment is like this. Two 4506 devices make VSS, and then they apply ACL on all interfaces. ACL mainly disables source address any and destination address network segment EQ 22 or 23 or 443 or 80 port. At this time, ACL application is OK, and it is also working without error, but there is a interspersed ACL with source and destination address unchanged. Only changing the ACL entry with port EQ 5480 will directly disconnect the network, The whole 4506 can't be accessed and pinged remotely. You can only log in to the console, and there are in the log

 

The private-config has been successfully synchronized to the standby supervisor

The startup-config has been successfully synchronized to the standby supervisor


In fact, my ultimate goal of these two log records is to disable the network segment in the server area and the external office area network, which can access these ports of esxi and vSphere devices in the server area. Therefore, I want to ask whether Cisco devices use any built-in protocols for port 5480? Or does VSS use this port? Very strange phenomenon

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to 289090326

ā€Ž04-20-2022 04:53 PM

not that I am aware cisco use that port, but I believe as you mentioned VMWARE infrastructure uses that port.

 

by denying that port I do not see any issue caused and break that connection.

 

but with out looking how and where applied as mentioned, its difficult judge what went wrong here.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

289090326
Level 1
Level 1
In response to balaji.bandi

ā€Ž04-20-2022 05:01 PM

It's really weird. The current test result is that deny 80 or 443 or 22 or 23 ports are normal, but deny 5480 will lead to 4506 disconnection, unable to provide network services and remote access. The ports of ACL application here are all physical interfaces and vlanif interfaces. Except for port channel and port channel interface, all that can be configured are configured with this ACL, and finally add permit

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to 289090326

ā€Ž04-20-2022 05:05 PM

we are still in the assumption of what configured as I  mentioned, we do not know what is the cause of the issue.

 

instead of any - try the subnet which is not part of your network and check is the still same issue?

Maybe in your network that port is used for something else that we are not aware.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

ā€Ž04-20-2022 01:01 PM

deny tcp any 10.70.18.0 0.0.255 eq 5480
permit tcp any any <- need this because there is deny any any in end of acl

0 Helpful

289090326
Level 1
Level 1
In response to MHM Cisco World

ā€Ž04-20-2022 04:41 PM

My environment is like this. Two 4506 devices make VSS, and then they apply ACL on all interfaces. ACL mainly disables source address any and destination address network segment EQ 22 or 23 or 443 or 80 port. At this time, ACL application is OK, and it is also working without error, but there is a interspersed ACL with source and destination address unchanged. Only changing the ACL entry with port EQ 5480 will directly disconnect the network, The whole 4506 can't be accessed and pinged remotely. You can only log in to the console, and there are in the log

 

The private-config has been successfully synchronized to the standby supervisor

The startup-config has been successfully synchronized to the standby supervisor


I want to ask whether Cisco devices use any built-in protocols for port 5480? Or does VSS use this port? Very strange phenomenon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card