Symptom

When Explicit ACL is configured on the physical interface on which Loopback TLOC interface is bound, implicit acl on the loopback interface may not be working per expectations.

Conditions

The default drop/accept on the explicit acl, may supersede Loopback implicit acl behavior. With default-drop, all the flows except those that matches explicit acl sequences, will be dropped. This may affect control and data connections too. With default-accept, all the flows not matching sequence, will be allowed by default.

Workaround

With default-drop, Configure control and data connections to be allowed via explicit acl sequence. With default-allow, Configure explicit acl sequence for flows that needs to be dropped

Further Problem Description