Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
0
Helpful
3
Replies

Changed behavior between IOS-XE 17.3 and 17.6 with default IPV6 ACLS´?

maamann
Level 1
Level 1

‎12-21-2022 03:44 AM - edited ‎12-21-2022 03:59 AM

Hi 

With our Guest SSID i use the implicit_deny_v6 ACL where is provided per default from the IOS-XE .

There was never a issue with IOS-XE17.3.XX with this ACL but something changed with 17.6 .

Since we use new C9800 Controllers with IOS-XE 17.6.4 ( latest TAC recommendation) i discovered that i can´t select any more the 

"implicit_deny_v6" ACL under

/configuration/Tags&Profiles/policy/YOURPOLICYPROFILE/Access Policies/WLAN ACL/ ipv6 ACL/

the ACL exists on the controller but is no longer selectable in the GUI like it was with IOS-XE 17.3.xx

Here the evidence that the ipv6 ACL exists on the controller 

#sh ipv6 access-list
IPv6 access list implicit_deny_v6
deny ipv6 any any sequence 10
IPv6 access list implicit_permit_v6
permit ipv6 any any sequence 10

Did somebody else have the same experience and solved already this problem , or is it worth to open a TAC Case ?

I see this behavior on different C9800-L-F controllers , reboot did´t fix the issue  and you can not configure this ACL , because it already exist

Regards Markus

 

Labels:
0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎12-21-2022 05:51 AM

 

 - Do you have the option to set the particular feature through the CLI-only, you may find it when viewing the running-config on the previous mode and try accordingly. Whilst at have a go with WirelessAnalyzer (useful for all kind of topics and hints!) : use the CLI command : show  tech   wireless , have the output analyzed by  https://cway.cisco.com/tools/WirelessAnalyzer/  , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer.           

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

maamann
Level 1
Level 1
In response to marce1000

‎12-21-2022 06:28 AM

yes i already set the ipv6 ACL via CLI , i just found this issue accidentally , because i just wanted to change the VLAN for the SSID and where confused why the "update and apply to device" did not working and then i have seen that the GUI complains about the IPV6 ACL . Btw. you can not see the ipv6 ACL via the pull down Menu like it is the case with 17.3.xx

0 Helpful

marce1000
VIP
VIP
In response to maamann

‎12-21-2022 09:44 AM

 

 - Looks like a (new) bug , you may file an enhancement through TAC , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card