Changing access-groups

Discussion in 'Cisco' started by Mark Knight, Jan 12, 2010.

  1. Mark Knight

    Mark Knight Guest

    Hi,

    Using a C877W-M running 15.0(1)M1

    Should I be able to change the access-group on dialer 1 without killing
    traffic?

    I replaced:

    ip access-group 100 in

    by running the command:

    ip access-group test in

    each access-list was completely trivial. However as soon as I change
    the access-group it seems to kill all traffic through the interface
    until I run a:

    clear interface dialer 1

    Is this expected behaviour? I thought changing the access-group on an
    interface was meant to be a safe and atomic way to change an access
    list!

    Cheers,
    --
    Mark A. R. Knight finger:
    Tel: +44 7973 410732 http://www.knigma.org/
    s/spam/markk/g
     
    Mark Knight, Jan 12, 2010
    #1
    1. Advertising

  2. "Mark Knight" <> wrote in message
    news:...
    > Hi,
    >
    > Using a C877W-M running 15.0(1)M1
    >
    > Should I be able to change the access-group on dialer 1 without killing
    > traffic?
    >
    > I replaced:
    >
    > ip access-group 100 in
    >
    > by running the command:
    >
    > ip access-group test in
    >
    > each access-list was completely trivial. However as soon as I change
    > the access-group it seems to kill all traffic through the interface
    > until I run a:
    >
    > clear interface dialer 1
    >
    > Is this expected behaviour? I thought changing the access-group on an
    > interface was meant to be a safe and atomic way to change an access
    > list!
    >


    Funny since I've done the same a trilion times so far never experienced such
    issues, but on IOS versions 12.4 and 12.3. It sounds like a bug to me. Do
    you face the same problem when you type: 'no ip access-group 100' in and
    then 'ip access-group test in'? That's the way I'm always doing it.
     
    Igor Mamuzic aka Pseto, Jan 13, 2010
    #2
    1. Advertising

  3. Mark Knight

    Mark Knight Guest

    In message <hildjj$q0d$-com.hr>, Igor Mamuzic aka Pseto
    <-com.hr> writes
    >Funny since I've done the same a trilion times so far never experienced such
    >issues, but on IOS versions 12.4 and 12.3. It sounds like a bug to me. Do
    >you face the same problem when you type: 'no ip access-group 100' in and
    >then 'ip access-group test in'? That's the way I'm always doing it.


    Thanks for your reply. Even just "no ip access-group test in" bring
    traffic to a crashing halt.

    Damn, I upgraded to overcome a bug (after downgrading to overcome a
    bug). This isn't good!

    124(24).T2 = Broken IPv6
    124(24).T = Broken DHCP
    150(1).M1 = Broken access lists

    Cheers,
    --
    Mark A. R. Knight finger:
    Tel: +44 7973 410732 http://www.knigma.org/
    s/spam/markk/g
     
    Mark Knight, Jan 13, 2010
    #3
  4. Mark Knight

    Bob Goddard Guest

    Mark Knight wrote:

    > In message <hildjj$q0d$-com.hr>, Igor Mamuzic aka Pseto
    > <-com.hr> writes
    >>Funny since I've done the same a trilion times so far never experienced
    >>such
    >>issues, but on IOS versions 12.4 and 12.3. It sounds like a bug to me. Do
    >>you face the same problem when you type: 'no ip access-group 100' in and
    >>then 'ip access-group test in'? That's the way I'm always doing it.

    >
    > Thanks for your reply. Even just "no ip access-group test in" bring
    > traffic to a crashing halt.
    >
    > Damn, I upgraded to overcome a bug (after downgrading to overcome a
    > bug). This isn't good!
    >
    > 124(24).T2 = Broken IPv6
    > 124(24).T = Broken DHCP
    > 150(1).M1 = Broken access lists


    Mark, probably the best release is 12.4.20(T4). It's IPv6 is not so broken
    and it works well with A&A. IPv6 will even work over the wireless provided
    it's not bridged to the ethernet.


    B

    --
    http://www.mailtrap.org.uk/
     
    Bob Goddard, Jan 14, 2010
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Yehavi Bourvine
    Replies:
    1
    Views:
    1,095
    Hansang Bae
    Aug 26, 2004
  2. John Sasso
    Replies:
    0
    Views:
    546
    John Sasso
    Oct 2, 2004
  3. AM
    Replies:
    2
    Views:
    453
  4. jamy
    Replies:
    4
    Views:
    21,171
  5. Dr Nova
    Replies:
    1
    Views:
    302
    SagaBoi17
    Jun 11, 2005
Loading...

Share This Page