Chee Tong,
> 1)I am very confused with access-list now, I have named my access-list as
> below
> <snip>
> But I found when apply multiple access group in the int E0,
> like below
> Router(config-if)#ip access-group a3000 in
> Router(config-if)#ip access-group range in
> Router(config-if)#ip access-group telnet in
>
> but when I Router#sh run only ip access-group telnet in shown in the
config
> (the last one), where are the a3000, range ??
Only one access list may be applied per interface, per direction, at any
given time.
If you want all these access-list statements to work together, then you will
need to put them into a single access list, ie:
ip access-list extended MyGroovyStuff
contents of a3000 ...
contents of range ...
contents of telnet ...
Then apply the new list to your interface, ie:
interface ethernet 0
ip access-group MyGroovyStuff in
> 2)When I type sh access-list, why it shows me that access-group "range" is
> still applied as shown below. Besides, why the line
> permit tcp host 199.105.182.190 eq 8194 host 192.168.3.112 eq 8201 (17
> matches) and etc appear in the Extended IP access list telnet and I
thought
> it should show in the Extended IP access list range
> <snip>
I would guess that any matches on the 'a3000' and 'range' access lists
(providing that you are applying them to your interface in the order you
listed above) are as a result of 'hits' on the access list while you are
making the change, eg:
> Router(config-if)#ip access-group a3000 in
When you type this command and press enter, it is applied to your interface.
Stats will be logged for this list from now until when you type the next
line and press enter (say 10 seconds).
> Router(config-if)#ip access-group range in
Same behavious as above, but now the 'range' access list has been applied
and the 'a3000' list removed.
> Router(config-if)#ip access-group telnet in
Now your final access list 'telnet' is applied (and neither 'a3000' or
'range' are applied to the interface.
I am also assuming that you have entered the 'ip access-group ...' commands
a number of times in your effort to fix it and each time traffic that
matches the list (even though that list may only be active for a very short
while), a 'match' is recorded.
> 3)In my config file, there are entry like "no ip route-cache" as shown
> below, may I know how to delete it?
Enter the command 'route-cache' (ie. the opposite of no route-cache), eg:
router(config)#interface ethernet 0
router(config-if)#route-cache
> 4)when I do a on router
> SIN01>sh ip route connected
> C 58.199.164.0/22 is directly connected, FastEthernet0/0
> C 58.199.126.0/27 is directly connected, FastEthernet0/0
>
> Why two networks can state directly connected to one interface, what does
it
> mean??
You may have two IP addresses configured for the interface.
Regards
Adam Burgess
Brisbane, Australia
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
