Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
996
Views
6
Helpful
4
Replies

object-group base ACLs removed after reboot the cisco 4500x switch

Srinivas N
Level 1
Level 1

‎04-11-2022 06:36 AM

Hi Team,

 

Earlier we have created combination of object group acl & normal acl on cisco 4500x switch (HA).

yesterday, due to power issue suddenly our switch has been rebooted and we have noticed that when switch is up, object-based ACLs were removed, but object entries are not removed.

Below are the sample ACLs and switch version details, can anyone address the reason.

Switch details

WS-C4500X-32

Version 03.08.01.E RELEASE SOFTWARE (fc2)

cat4500e-universalk9.SPA.03.08.01.E.152-4.E1.bin

object group ACLs (after switch rebooting, those were remove)
30 permit object-group HYD_CommonSer-Ports 10.100.18.0 0.0.0.127 object-group HYD_Common-Servers
40 permit object-group HYD_ConfNW-Ports 10.100.18.0 0.0.0.127 object-group HYD_ConferenceNW
50 permit object-group HYD_EMail-Ports host 192.168.108.5 host 192.168.2.222
60 permit ip 10.100.18.0 0.0.0.127 object-group HYD_Common-Servers
61 permit object-group TEMP-PORTS 10.100.18.0 0.0.0.127 object-group TEMP-SERVERS

 

Normal ACLs (after rebooting the switch, no impact)
access-list 2006 permit tcp host 192.168.32.231 host 192.168.19.200 eq 22
access-list 2006 permit tcp host 192.168.32.235 host 192.168.19.200 eq ftp
access-list 2006 permit tcp host 192.168.32.235 host 192.168.19.200 eq 22
access-list 2110 permit tcp host 192.168.52.32 host 192.168.19.200 eq 443
access-list 2110 permit tcp host 192.168.52.55 host 192.168.19.200 eq 443
access-list 2110 permit ip host 192.168.52.103 host 192.168.19.200
access-list 2110 permit tcp host 192.168.52.19 host 192.168.19.200 eq www

Thanks & Regards,
Srinivas.
1 person had this problem
Labels:
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎04-11-2022 06:59 AM

Are you sure the config is saved ? what happends when you add the config back ? is that taking or not taking ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

‎04-11-2022 07:52 AM

SW# show diagnostic result module 1 detail <- do this check the memory if it pass check or not.

 

0 Helpful

Srinivas N
Level 1
Level 1
In response to MHM Cisco World

‎04-21-2022 03:44 AM

Hi MHM Thanks for reply.

 

below is the status of diagnostic.

4) supervisor-rx-errors ------------> .

Error code ------------------> 0 (DIAG_SUCCESS)
Total run count -------------> 15913
Last test testing type ------> Health Monitoring
Last test execution time ----> Apr 21 2022 16:02:03
First test failure time -----> n/a
Last test failure time ------> n/a
Last test pass time ---------> Apr 21 2022 16:02:03
Total failure count ---------> 0
Consecutive failure count ---> 0

 

we will save the config frequently.

Since power issue device was rebooted, only group-based ACLs were removed, normal ACLs and other configuration are fine. 

Thanks & Regards,
Srinivas.
0 Helpful

rubenmartinez2
Level 1
Level 1

‎07-11-2023 11:39 AM

Was a solution ever found? I am having the same issue without any luck.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card