>Chee Tong,
>
>> 1)I am very confused with access-list now, I have named my access-list as
>> below
>> <snip>
>> But I found when apply multiple access group in the int E0,
>> like below
>> Router(config-if)#ip access-group a3000 in
>> Router(config-if)#ip access-group range in
>> Router(config-if)#ip access-group telnet in
>>
>> but when I Router#sh run only ip access-group telnet in shown in the
>config
>> (the last one), where are the a3000, range ??
>
>Only one access list may be applied per interface, per direction,
per protocol type.
>at any
>given time.
For IP, access lists generally apply to the packet headers and
possibly TCP/IP fields of packets that normally would enter the
router at one interface and leave it on another.
There are many other access-list like commands that deal with traffic
that is intended to enter the router and stay there, such as access
groups, distribute lists, etc., or cause an action originating in the
router (e.g., dialer lists).
The key to all of these is understanding that each line of access
lists and access-list-like commands has a pattern to match and an
action to take when that pattern is matched. Multi-line access lists
are scanned top-to-bottom until either the match condition is met
(and scanning stops) or the implicit deny all at the end is reached.
Route maps, crypto maps, etc., are more complex, in that they have
patterns to match, but can apply multiple actions on a match.
>
>If you want all these access-list statements to work together, then you will
>need to put them into a single access list, ie:
> ip access-list extended MyGroovyStuff
> contents of a3000 ...
> contents of range ...
> contents of telnet ...
>
>Then apply the new list to your interface, ie:
> interface ethernet 0
> ip access-group MyGroovyStuff in
>
>> 2)When I type sh access-list, why it shows me that access-group "range" is
>> still applied as shown below. Besides, why the line
>> permit tcp host 199.105.182.190 eq 8194 host 192.168.3.112 eq 8201 (17
>> matches) and etc appear in the Extended IP access list telnet and I
>thought
>> it should show in the Extended IP access list range
>> <snip>
>
>I would guess that any matches on the 'a3000' and 'range' access lists
>(providing that you are applying them to your interface in the order you
>listed above) are as a result of 'hits' on the access list while you are
>making the change, eg:
>
>> Router(config-if)#ip access-group a3000 in
>
>When you type this command and press enter, it is applied to your interface.
>Stats will be logged for this list from now until when you type the next
>line and press enter (say 10 seconds).
>
>> Router(config-if)#ip access-group range in
>
>Same behavious as above, but now the 'range' access list has been applied
>and the 'a3000' list removed.
>
>> Router(config-if)#ip access-group telnet in
>
>Now your final access list 'telnet' is applied (and neither 'a3000' or
>'range' are applied to the interface.
>
>I am also assuming that you have entered the 'ip access-group ...' commands
>a number of times in your effort to fix it and each time traffic that
>matches the list (even though that list may only be active for a very short
>while), a 'match' is recorded.
>
>> 3)In my config file, there are entry like "no ip route-cache" as shown
>> below, may I know how to delete it?
>
>Enter the command 'route-cache' (ie. the opposite of no route-cache), eg:
>
> router(config)#interface ethernet 0
> router(config-if)#route-cache
>
>> 4)when I do a on router
>> SIN01>sh ip route connected
>> C 58.199.164.0/22 is directly connected, FastEthernet0/0
>> C 58.199.126.0/27 is directly connected, FastEthernet0/0
>>
>> Why two networks can state directly connected to one interface, what does
>it
>> mean??
>
>You may have two IP addresses configured for the interface.
>
>Regards
>
>Adam Burgess
>Brisbane, Australia
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
