06-19-2007 08:36 AM - edited 03-05-2019 04:49 PM
Hello,
I just acquired a 2811 running IOS 12.4, but I cannot run the access-group command simply because it doesn't exist. Has anyone experience this before. I can run access-list no problem, but access-group is not existing. Please help me.
Thanks
06-19-2007 08:54 AM
IP access-groups are use on interfaces.
You first use an access-list command to create a single access list entry. Then use the ip access-group command to bind one of more access-list to an interface .
see ip access-list, and IP access-group.
http://www.cisco.com/en/US/products/ps6350/products_command_reference_chapter09186a0080446277.html
HTH, please rate if this helps.
Jorge
06-19-2007 09:14 AM
Sam
The command certainly exists in your IOS but perhaps in a place or in a syntax that you are not expecting. Jorge is absolutely correct that the access-group command is under interface config mode. So if you are looking in global config mode (where the access-list command exists, then you will not find the access-group command). But if you look in interface config mode then you will find it.
It may also be that the syntax is not quite what you expected. The command to create an access list is simply access-list. But the command to apply it to an interface is ip access-group. Sometimes it is confusing to remember which commands just start with the command words and which commands start with ip and then the command words. So if you are looking just for access-group then you will not find it. But you can find ip access-group.
HTH
Rick
06-19-2007 09:39 AM
Thanks for your reply
But I can assure you that I did all you said but the command 'ip access-group' simply doesn't exist in my IOS 12.4 (Please check the console print screen)
Maybe it's a bug and I need to upgrade or patch my router!
The screen shows all the command that exist under interface config
Thanks again for your help
06-19-2007 10:01 AM
interesting !!!
send us
" show version " and " show ip interface brief "
06-19-2007 10:07 AM
Just wondering whether the interface he's trying to apply the access list is a layer 2 interface like etherswitch interface.
HTH
Sundar
06-19-2007 10:17 AM
Sundar, that sounds like right, that interface does not look like a layer 3 interface.
06-20-2007 10:24 PM
Hi Sundar,
How can an interface on a router be Layer 2? Althought I think my interface in L3, is there a command to turn it to a L3? How can you see that?
Thanks for your light!
06-19-2007 10:43 AM
06-19-2007 10:44 AM
Let's see your privilege level by typing
show privilege
You are missing a lot of options for ip under that interface.
06-19-2007 11:48 PM
My privilege is:
Current privilege level is 15
06-19-2007 11:59 PM
Hey,
i wouldn't say its a IOS bug, but i faced a problem on 3750 switch similar to this to such incidents,
while i was giving training to the juniors in my office, i was explaining that that interface vlan 1 cannot be deleted, so i told them to try that option by issuing "no interface vlan 1" but that got deleted also i told them to issue "router eigrp 444" surprisingly this command didn't accept, i was wondering & felt bad infront of the juniors, immediately i doubted that IOS probz, so i had the same back-up image of the switch, juz upgraded & the eigrp command worked out & the "interface vlan 1" was also not able to delete.
IOS was using 12.2(25r)SEC in cisco 3750.
so juz try the option of upgrading the image.
but NO idea what went wrong, the same IOS i was using it on my network for 7 nos. 3750 switches & those never faced such kind of probz.
06-20-2007 10:27 PM
So the problem must be the flash version? This means its a bug in my flash then, how can brand new router with IOS 12.4 not be able to run the basic access-group command?
Anyway please help me to clarify this, and the exact action to take to solving this issue
Thanks for your help
Mujos
06-20-2007 10:29 PM
it is not a bug in the flash or the IOS, juz try upgrading the IOS once again, it will certainly solve the problem, it might happens on rare cases.
06-20-2007 11:12 PM
Mujos,
As per the show version you have 6 fast ethernet interfaces whereas the router ships with only 2 by default with the motherboard. This means that you have additional ethernet modules on the router (mostly a four port switch).
This will by default be a layer 2 interface as said by sundar and hence you are not able to use this command. you need to check whether this ether switch module supports L3 functions. posting a sh diag would help
also just to make sure that the command is supported, try this on the fa0/0 or fa0/1 which is shipped by default with the router. you should be able to execute the command
HTH, rate if it does
Narayan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide