access-list works on router 1841 and 1921 but does not on 4221

nnikolaros · ‎07-24-2019

the following access-list works on the 1841 and on the 1921 but not on the 4221 router IOS is

isr4200-universalk9_ias.16.09.03.SPA.bin

access-list 110 permit eigrp 172.16.16.0 0.0.15.255 host 224.0.0.10
access-list 110 permit eigrp 172.16.16.0 0.0.15.255 172.16.16.0 0.0.15.255
access-list 110 permit icmp 172.20.0.0 0.0.255.255 172.20.0.0 0.0.255.255 echo
access-list 110 permit icmp 172.20.0.0 0.0.255.255 172.20.0.0 0.0.255.255 echo-reply
access-list 110 permit tcp 172.20.0.0 0.0.255.255 172.20.0.0 0.0.255.255 eq 1521
access-list 110 permit tcp 172.20.0.0 0.0.255.255 172.20.0.0 0.0.255.255 eq 4300
access-list 110 permit tcp 172.20.0.0 0.0.255.255 172.20.0.0 0.0.255.255 eq 4301
access-list 110 permit tcp 172.20.0.0 0.0.255.255 172.20.0.0 0.0.255.255 eq 4350
access-list 110 permit tcp 172.20.0.0 0.0.255.255 172.20.0.0 0.0.255.255 eq 4351
access-list 110 permit tcp 172.20.0.0 0.0.255.255 172.20.0.0 0.0.255.255 eq 5001
access-list 110 deny ip any any log

the icmp and the eigrp part works but the rest does not, when i remove the access-list from the interface all works.

if i add permit ip 172.20.0.0 0.0.255.255 172.20.0.0 0.0.255.255 it works.

the access-list is applied on a tunnel interface for a dmvpn.

the whole configuration works on other cisco router models from the 1841 to the 1921 but not on the 4221.

Francesco Molino · ‎07-24-2019

Hi

I got an issue last time i used these routers.
The issue was with CEF.
On your tunnel, can you disable CEF (no ip route-cache cef) and try again?

Have you opened a TAC case in the mean time?

Don't recall the version i was running but can do some research. What version are you running?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question