Guest

Preview Tool

Cisco Bug: CSCut36948 - Access list applied not working as expected.

Last Modified

Mar 09, 2018

Products (1)

  • Cisco MDS 9000 NX-OS and SAN-OS Software

Known Affected Releases

6.2(8)TS(0.28)

Description (partial)

Symptom:
Customer was able to confirm that the device was accepting ssh connections from hosts outside of the Rackspace network, even though the addresses were outside of scope of the access-list:
show access-list vty-ord1
IP access list vty-ord1
         10 remark Bastions
        20 permit ip x.x.x.x/32 any 
        30 permit ip x.x.x.x/32 any 
        40 remark Zenoss
        50 permit ip x.x.x.x 0.127.0.255 any 

        60 remark BackBone Dev
        70 permit ip x.x.x.0/24 any 
        80 remark Autohost
        90 permit ip x.x.x.0/24 any 
        100 remark FDaaT
        110 permit ip x.x.x.0/28 any 
        120 permit ip x.x.x.x/32 any 
        130 permit ip x.x.x.x 0.127.0.31 any

Conditions:
Device was accepting ssh connections from hosts outside of the Rackspace network, even though the addresses were outside of scope of the access-list:
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.