Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Where can we confirm if an access-list is applied on an interface 2

Status
Not open for further replies.
Krelian

Krelian

MIS
May 30, 2001
23
US
Here is an interesting one. Our consultant has setup a Cisco 2600 with serial int s0/0 and int e0/0. There is a extended access-list 199 configured with the usual statements to deny internet chats and special ports. But when I use "sh ip int" to try check which interface the access-list is applied to, I get for both interfaces s0/0 and e0/0:

Outgoing access list is not set
Inbound access list is not set

I know the access-list is being applied since users are blocked from connecting on-line or special ports for stuff like Napster, thru the router. But how is this being applied and where is this shown? Doesn't anyone have any idea?

Krelian
 
Sort by date Sort by votes
Try using the "show interface" command this will show you information for all router interfaces including Access lists that are set.

"Show access-list" and "show running-config" should also provide you with the information you require.
 
Upvote 0 Downvote
Do a show running and look at the interface configs. Look for a line that says "access-group 199 (in-out). If you do not see this, the ACL is not applied. If this is the case, do you have a firewall or another device that would do filtering. Does the router have the IP/FW IOS on it?
 
Upvote 0 Downvote
Just checked "sh int" and "sh run" and there is nothing about access-group on any of the interfaces. So I guess without the access-group statement, access-list 199 is not applied on the interfaces. The only other thing the router has is NAT overload. Well, maybe Trimmer is right. Maybe there is some other device doing the filtering. Anyways, the search continues.

Krelian
 
Upvote 0 Downvote
I think the full command you want is "ip access-group 199 (in-out)" to apply the access list on the appropriate port.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jarod_paris
  • Locked
  • Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
149
jarod_paris
jarod_paris
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
180
bdk76
bdk76
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
118
testman1
testman1
Willi DB
  • Locked
  • Question
Polycom410 Forward an incoming call
Replies
0
Views
76
Willi DB
Willi DB
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
179
BIS
BIS

Part and Inventory Search

Sponsor

Back
Top