07-21-2006 11:41 AM - edited 03-03-2019 04:10 AM
I have added a few access-lists to 7204 router with IOS 12.3. When I do "show access-list", there is no "matches" showing for new access-lists. Only change I have made was to enable netflow a few weeks ago. Previous access-lists are still working ( at least showing matches). If I remove an old access-list and add it back in, it will quit working also. Can anyone give some suggestions?
Thanks
Jeff
07-21-2006 12:08 PM
Jeff
It would be helpful if you would post from the config the specifics of how the access list is configured and also how the access list is assigned (is it in access-group or access-class or in a distribute list or in a route map or what).
HTH
Rick
07-21-2006 04:26 PM
The configure is fairly simple....
hostname WAN1-7200
!
boot system flash disk0:c7200-jk9s-mz.123-1a.bin
ver
ip cef
ipx routing 0008.e263.8008
mpls ldp logging neighbor-changes
class-map match-all IP
match protocol ip
class-map match-all NOTES
match access-group 101
class-map match-any COW
match access-group 107
match access-group 108
match access-group 109
class-map match-any OtherIP
match protocol ip
!
!
policy-map small-office
class NOTES
bandwidth percent 20
class OtherIP
bandwidth percent 20
class COW
bandwidth percent 45
class class-default
bandwidth percent 10
dlsw bridge-group 2
!
interface Loopback0
ip address 10.100.100.14 255.255.255.255
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface FastEthernet0/0
description Internal LAN
ip address 10.1.129.6 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip summary-address eigrp 100 10.11.0.0 255.255.0.0 5
duplex full
speed 100
ipx network 101129 encapsulation SAP
bridge-group 2
interface Serial1/1.61 point-to-point
description *****Windsor Office*****
ip address 10.20.1.61 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ipx network 101761
frame-relay interface-dlci 200
class 1.54link
!
router eigrp 100
redistribute static
passive-interface Serial1/0.31
passive-interface Serial1/0.32
passive-interface Serial1/0.44
passive-interface Serial1/0.50
passive-interface Serial1/0.150
passive-interface Serial1/0.151
passive-interface Serial1/0.152
passive-interface Serial1/0.200
passive-interface Serial1/1.61
network 10.0.0.0
auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.129.1
ip route 10.11.1.0 255.255.255.0 10.251.1.2
ip route 10.11.2.0 255.255.255.0 10.251.1.6
ip route 10.11.7.0 255.255.255.0 10.251.1.30
ip route 10.11.9.0 255.255.255.0 10.20.1.62
ip route 10.28.2.0 255.255.255.0 10.20.1.170
ip flow-export source FastEthernet0/0
ip flow-export version 5 peer-as
ip flow-export destination 10.1.124.12 2055
!
map-class frame-relay 512link
frame-relay traffic-rate 512000 512000
service-policy output small-office
map-class frame-relay 1.54link
frame-relay traffic-rate 1540000 1540000
service-policy output small-office
access-list 59 permit 10.1.124.4
access-list 59 permit 10.1.124.12
access-list 59 permit 10.1.124.11
access-list 59 permit 10.1.138.41
access-list 59 permit 10.1.124.0 0.0.0.255
access-list 101 permit tcp any eq 1352 any
access-list 102 permit tcp any eq 3389 any
access-list 107 permit tcp host 10.1.139.12 any
access-list 108 permit tcp host 10.1.139.74 any
access-list 109 permit tcp host 10.1.136.101 any
access-list 159 permit tcp host 10.1.124.4 any eq telnet
access-list 159 permit tcp host 10.1.91.12 any eq 22
access-list 159 permit tcp host 10.1.91.11 any eq 22
access-list 159 permit tcp host 10.1.91.10 any eq 22
access-list 159 permit tcp 10.1.2.0 0.0.0.255 any eq 22
access-list 159 permit tcp host 10.1.124.4 any eq 22
access-list 159 permit tcp host 10.1.91.17 any eq 22
access-list 159 permit tcp host 10.1.91.191 any eq 22
access-list 159 permit tcp 10.1.91.0 0.0.0.255 any eq 22
access-list 159 permit tcp 10.1.91.0 0.0.0.255 any eq telnet
access-list 1001 permit 35632444.0000.0000.0001
access-list 1001 deny FFFFFFFF
priority-list 1 protocol ip high list 102
bridge 2 protocol ieee
line con 0
exec-timeout 15 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
access-class 159 in
exec-timeout 5 0
logging synchronous
transport input telnet ssh
line vty 5 14
access-class 159 in
exec-timeout 5 0
logging synchronous
transport input telnet ssh
line vty 15
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide