RE: ACL

From: Salau, Yemi (yemi.salau@siemens.com)
Date: Mon Apr 14 2008 - 09:03:24 ART

• Next message: Edward Balow: "RE: Can anybody explain me when we should use bgp and when we"
• Previous message: jenifer Dcosta: "Re: Can anybody explain me when we should use bgp and when we"
• Maybe in reply to: Marc La Porte: "ACL"
• Next in thread: Anderson Alves: "RE: ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

SW8#sh version
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.3(14)T7,
RELEASE
SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 22-Mar-06 21:46 by pwade

ROM: ROMMON Emulation Microcode
ROM: 3600 Software (C3640-JK9O3S-M), Version 12.3(14)T7, RELEASE
SOFTWARE (fc2)

Rack1R8 uptime is 3 days, 34 minutes
System returned to ROM by unknown reload cause - suspect
boot_data[BOOT_COUNT] 0
x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be
found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 3640 (R4700) processor (revision 0xFF) with 124928K/6144K bytes of
memory.
Processor board ID 00000000
R4700 CPU at 100MHz, Implementation 33, Rev 1.2
16 FastEthernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
125K bytes of NVRAM.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

SW8#

SW8#sh logg
Syslog logging: enabled (11 messages dropped, 5 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)

    Console logging: level debugging, 124629 messages logged, xml
disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 7 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled

No active filter modules.

    Trap logging: level errors, 112 message lines logged

Log Buffer (4096 bytes):

*Mar 4 00:21:10.246: %SYS-5-CONFIG_I: Configured from console by
console
*Mar 4 00:21:24.350: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp
10.10.44.5 -
> 10.10.33.4 (0/0), 4 packets
*Mar 4 00:21:24.350: %SEC-6-IPACCESSLOGRP: list 150 permitted ospf
10.10.44.5 -
> 224.0.0.5, 34 packets
*Mar 4 00:22:24.354: %SEC-6-IPACCESSLOGP: list 150 denied tcp
10.10.44.5(0) ->
10.10.33.4(0), 11 packets
*Mar 4 00:26:24.378: %SEC-6-IPACCESSLOGDP: list 150 permitted icmp
10.10.44.5 -
> 10.10.33.4 (0/0), 10 packets
*Mar 4 00:26:24.382: %SEC-6-IPACCESSLOGRP: list 150 permitted ospf
10.10.44.5 -
> 224.0.0.5, 30 packets
*Mar 4 00:27:24.390: %SEC-6-IPACCESSLOGP: list 150 denied tcp
10.10.44.5(0) ->
10.10.33.4(0), 4 packets
SW8#

!
interface Vlan20
 ip address 10.10.33.8 255.255.255.0
!
interface Vlan40
 ip address 10.10.44.8 255.255.255.0
 ip access-group 150 in
!

!
interface FastEthernet1/4
 switchport access vlan 20
!
interface FastEthernet1/5
 switchport access vlan 40
end

R4#telnet 10.10.44.5
Trying 10.10.44.5 ...
% Connection timed out; remote host not responding

R4#

SW8#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW8(config)#int vlan 40
SW8(config-if)#no ip access-group 150 in
SW8(config-if)#

R4#telnet 10.10.44.5
Trying 10.10.44.5 ... Open

User Access Verification

Password:
R5>

R8#sh access-lists
Extended IP access list 150
    10 deny tcp any any log (20 matches)
    20 permit ip any any log (148 matches)
R8#

Many Thanks
 
Yemi Salau

-----Original Message-----
From: Sadiq Yakasai [mailto:sadiqtanko@gmail.com]
Sent: Monday, April 14, 2008 12:19 PM
To: Salau, Yemi
Cc: mohamed ouamer; ccielab@groupstudy.com
Subject: Re: ACL

Hi Yemi,

So did you have an IP address on the SVI? I must say, I tried this a
while ago and the access-group command did not have any effect on the
SVI. But if I remember correctly, my SVI did not have any IP address
on it as well as I was working on a 3560.

I also went through the documentation and theres no mention of a
config option for this and hence why I assumed its not an option at
exposal.

What kind of switch is SW8?

Sadiq

Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE

• Next message: Edward Balow: "RE: Can anybody explain me when we should use bgp and when we"
• Previous message: jenifer Dcosta: "Re: Can anybody explain me when we should use bgp and when we"
• Maybe in reply to: Marc La Porte: "ACL"
• Next in thread: Anderson Alves: "RE: ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART