Bug in SAN-OS 3.3(5) with tftp access-list entries

MDS3(config)# ip access-list MGMT permit udp 172.16.3.0 0.0.0.255 eq port ? <0-65535> Enter source port number dns Domain name server (UDP port 53) ftp File transfer control (TCP port 21) ftp-data File transfer data (TCP port 20) http World wide web HTTP (TCP port 443) ntp Network time protocol (UDP port 123) radius Radius (TCP port 1812) sftp Simple file transfer protocol (TCP port 115) smtp Simple mail transfer protocol (TCP port 25) snmp SNMP (UDP port 161) snmp-trap SNMP trap (UDP port 162) ssh SSH remote login protocol (TCP port 22) syslog Syslog (UDP port 514) tacacs-ds TACACS-database service (TCP port 65) telnet Telnet (TCP port 23) tftp Trivial file transfer protocol (UDP port 69) wbem-http WBEM HTTP (TCP port 5988) wbem-https WBEM HTTPS (TCP port 5989) www World wide web HTTP (TCP port 80) Whether you configure the access-list using the keyword "tftp", or just specify "eq port 69" for a UDP entry, it is transposed into the keyword "tftp":

MDS3(config)#ip access-list MGMT permit udp any 172.16.3.153 0.0.0.0 eq port 69MDS3(config)#exitMDS3#show run | inc tftpip access-list MGMT permit udp any 172.16.3.153 0.0.0.0 eq port tftp When you try to remove the ACL entry, using the tftp keyword, as its displayed (essentially cut-and-paste) it fails:

MDS3# show run | inc MGMTip access-list MGMT permit tcp any 172.16.3.153 0.0.0.0 eq port telnetip access-list MGMT permit tcp any 172.16.3.153 0.0.0.0 eq port sship access-list MGMT permit tcp any 172.16.3.153 0.0.0.0 eq port httpip access-list MGMT permit udp 172.16.3.240 0.0.0.0 eq port radius 172.16.3.153 0.0.0.0ip access-list MGMT permit udp 172.16.3.0 0.0.0.255 172.16.3.153 0.0.0.0 eq port snmpip access-list MGMT permit tcp 172.16.3.241 0.0.0.0 eq port 49 172.16.3.153 0.0.0.0ip access-list MGMT permit udp 172.16.3.0 0.0.0.255 172.16.3.153 0.0.0.0 eq port tftp ip access-group MGMT inMDS3# conf tEnter configuration commands, one per line. End with CNTL/Z.MDS3(config)# no ip access-list MGMT permit udp 172.16.3.0 0.0.0.255 172.16.3.153 0.0.0.0 eq port tftp ^% invalid parameter detected at '^' marker.MDS3(config)# MDS3(config)# no ip access-list MGMT permit udp 172.16.3.0 0.0.0.255 172.16.3.153 0.0.0.0 eq port 69MDS3(config)# exit This is tested on a lab MDS, SAN-OS version 3.3(5). Should be easy for you all to create an ACL with tftp in it and observe you cannot delete it with cut and paste (prefixed with "no"). As usual I will post the bugID once I get it back from TAC, I am not sure if this is an already logged bug or not, but it may be marked "internal only" as many seem to be. I am not sure if this effects any other versions of SAN-OS/NX-OS as I have only tested 3.3(5) at this time.