12-04-2012 03:21 AM - edited 03-07-2019 10:23 AM
Hi,
We have a pair of 6509's with duplicate ACL lists & entries.
1 = Version 12.2(33)SXI4a
2 = Version 12.2(18)SXF15a
I wanted to remove some logging that was on an entry on one of our extended ACL's. On 1 this worked fine with the
no 400
400 <acl rule without log>
However on 2 it lets me carry out the no 400 command but when i go to add the 400 <acl rule without log> i get the error
% Duplicate sequence number.
sure enough when i perform the 'Show access-lists <Name>' it is still there!
I have tried the following:
It looks like it is just this line it seems to think it has removed but hasn't?!
I understand an option is to duplicate the ACL in a text editor remove line, delete the ACL and put the edit back in .....however i wondered if this is something known (bug) or that anyone has encountered, should we come accross it again
12-04-2012 04:03 AM
It looks like you could have bug CSCso73076....
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCso73076&from=summary
It says that it was fixed in version 12.2(33)SXI which should be covered under your switch 1, so I would recommend an upgrade on switch 2.
HTH,
John
*** Please rate all useful posts ***
12-04-2012 04:18 AM
Hi John,
My apologies, I got the switch and code versions the wrong way round. This should actually be
6509_1 = Version 12.2(18)SXF15a
6509_2 = Version 12.2(33)SXI4a
So the issue 6509 actually has a version that shouldnt be affected by that bug.
Also the ACL has near 200 lines in it and i can still delete and create others......Its Just this one line (400) that won't delete.
Cheers
Stuart
12-04-2012 04:20 AM
Where is the acl used and what's its purpose? Have you tried a maintenance window and remove the acl from whatever it's applied to, try to remove the entry, and then reapply the acl?
HTH,
John
*** Please rate all useful posts ***
12-04-2012 04:27 AM
Hi john,
It looks as though re-applying it is the approach we will have to take, However i was reaching out to see if anyone had had similar occurance or knew of any reason why just one line wont delete.
The ACL is an extended ACL preventing one subnet from accessing the other.
Rgds
Stuart
12-04-2012 04:30 AM
Stuart,
It really should be as simple as going into the acl and doing a "no
HTH,
John
*** Please rate all useful posts ***
12-04-2012 04:37 AM
I know
and when i run that command for that line/ace (400) it doesnt moan or error....However when you do a 'show access-list
Rgds
Stuart
12-04-2012 04:39 AM
I know this is a silly question, but did you try removing the line by specifying the complete line?
no 400 deny ip any host x.x.x.x log
HTH,
John
*** Please rate all useful posts ***
12-04-2012 04:45 AM
Hi John,
Yes ....No joy
Rgds
Stuart
12-04-2012 09:36 AM
Are you actually in ACL config mode when you try this? Maybe you can post the actual screenshots of your commands. Have never heard of anything like that. you could also try to exit out of acl config mode after removing the 400 entry and then go back in and try to put the new one in. Or put it back in as entry 401 .
conf t
ip access-list extended
no 400
12-05-2012 12:16 AM
Hi Glen,
Indeed I am...
Basically I am running the commands above. I Edit ACL entiries on a number of occasions but this is the first time I have seen this.
It has worked on 6509_1 and appears to run the command no 400
I didnt want to delete and reapply the ACL just yet, so I made a duplicate with a slightly different name, applied that to the VLAN Int and left the other unused so I can try and fathom out why it is not removing it.
Rgds
Stuart
12-06-2012 07:09 AM
Has anyone experienced this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide