Prev: Pix 501 VPN
Next: pix ver 8 show run scrolls
From: Mark Knight on 12 Jan 2010 18:11
Hi,

Using a C877W-M running 15.0(1)M1

Should I be able to change the access-group on dialer 1 without killing
traffic?

I replaced:

ip access-group 100 in

by running the command:

ip access-group test in

each access-list was completely trivial. However as soon as I change
the access-group it seems to kill all traffic through the interface
until I run a:

clear interface dialer 1

Is this expected behaviour? I thought changing the access-group on an
interface was meant to be a safe and atomic way to change an access
list!

Cheers,
--
Mark A. R. Knight finger: spam(a)knigma.org
Tel: +44 7973 410732 http://www.knigma.org/
s/spam/markk/g



From: Igor Mamuzic aka Pseto on 13 Jan 2010 16:20
"Mark Knight" <spam(a)knigma.org> wrote in message
news:ZbABeDBvGQTLFwME(a)lap.knigma.org...
> Hi,
>
> Using a C877W-M running 15.0(1)M1
>
> Should I be able to change the access-group on dialer 1 without killing
> traffic?
>
> I replaced:
>
> ip access-group 100 in
>
> by running the command:
>
> ip access-group test in
>
> each access-list was completely trivial. However as soon as I change
> the access-group it seems to kill all traffic through the interface
> until I run a:
>
> clear interface dialer 1
>
> Is this expected behaviour? I thought changing the access-group on an
> interface was meant to be a safe and atomic way to change an access
> list!
>

Funny since I've done the same a trilion times so far never experienced such
issues, but on IOS versions 12.4 and 12.3. It sounds like a bug to me. Do
you face the same problem when you type: 'no ip access-group 100' in and
then 'ip access-group test in'? That's the way I'm always doing it.





From: Mark Knight on 13 Jan 2010 17:14
In message <hildjj$q0d$1(a)ss408.t-com.hr>, Igor Mamuzic aka Pseto
<igor.mamuzicMAKNI_OVO(a)zg.t-com.hr> writes
>Funny since I've done the same a trilion times so far never experienced such
>issues, but on IOS versions 12.4 and 12.3. It sounds like a bug to me. Do
>you face the same problem when you type: 'no ip access-group 100' in and
>then 'ip access-group test in'? That's the way I'm always doing it.

Thanks for your reply. Even just "no ip access-group test in" bring
traffic to a crashing halt.

Damn, I upgraded to overcome a bug (after downgrading to overcome a
bug). This isn't good!

124(24).T2 = Broken IPv6
124(24).T = Broken DHCP
150(1).M1 = Broken access lists

Cheers,
--
Mark A. R. Knight finger: spam(a)knigma.org
Tel: +44 7973 410732 http://www.knigma.org/
s/spam/markk/g
From: Bob Goddard on 14 Jan 2010 04:43
Mark Knight wrote:

> In message <hildjj$q0d$1(a)ss408.t-com.hr>, Igor Mamuzic aka Pseto
> <igor.mamuzicMAKNI_OVO(a)zg.t-com.hr> writes
>>Funny since I've done the same a trilion times so far never experienced
>>such
>>issues, but on IOS versions 12.4 and 12.3. It sounds like a bug to me. Do
>>you face the same problem when you type: 'no ip access-group 100' in and
>>then 'ip access-group test in'? That's the way I'm always doing it.
>
> Thanks for your reply. Even just "no ip access-group test in" bring
> traffic to a crashing halt.
>
> Damn, I upgraded to overcome a bug (after downgrading to overcome a
> bug). This isn't good!
>
> 124(24).T2 = Broken IPv6
> 124(24).T = Broken DHCP
> 150(1).M1 = Broken access lists

Mark, probably the best release is 12.4.20(T4). It's IPv6 is not so broken
and it works well with A&A. IPv6 will even work over the wireless provided
it's not bridged to the ethernet.


B

--
http://www.mailtrap.org.uk/
 | 
Pages: 1
Prev: Pix 501 VPN
Next: pix ver 8 show run scrolls