Symptom
TRH-SD105-1#show cts role-based counters from 10025
Role-based IPv4 counters
From To SW-Denied HW-Denied SW-Permitt HW-Permitt SW-Monitor HW-Monitor
10025 103 0 27 0 0 0 0
10025 900 0 0 0 0 0 0
10025 901 0 0 0 0 0 0
10025 902 0 0 0 0 0 0
10025 999 0 0 0 0 0 0
TRH-SD105-1#show cts role-based permi from 10025 to 103
IPv4 Role-based permissions from group 10025:EPG_TRH_WLC_EPG to group 103:IT:
RETURN_ACL-08
RBACL Monitor All for Dynamic Policies : FALSE
RBACL Monitor All for Configured Policies : FALSE
TRH-SD105-1#show ip access-lists RETURN_ACL-08
Role-based IP access list RETURN_ACL-08 (downloaded)
10 permit tcp src range 1 1024 dst range 1024 65535 (2 matches) <--- traffic is not being allowed
20 permit tcp src eq 3389 dst range 1024 65535
30 permit tcp src eq 8080 dst range 1024 65535
40 permit tcp src eq 8443 dst range 1024 65535
50 permit udp src range 1 1024 dst range 1024 65535
60 permit udp src eq 3389 dst range 1024 65535
70 permit udp src eq 8080 dst range 1024 65535
80 permit udp src eq 8443 dst range 1024 65535
90 permit icmp
100 deny ip log (6 matches)
TRH-SD105-1#
