1. Home
  2. Cisco Systems
  3. Why this ACL wan't be compiled?

Why this ACL wan't be compiled?

On my 2811 ISR (IOS 12.3(11)T10 adv. ip svc.) I have implemented the following ACL bounded to fa0/0 inbound direction:

access-list 120 remark => INEM access-list 120 remark BPCS access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 6910 access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 9150 access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq

63000 access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 55500 access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq telnet access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 6710 access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 8950 access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 60000 access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 55400 access-list 120 remark pristup sa AS/400 iz KEV-a access-list 120 permit ip host 192.168.15.1 192.168.64.0 0.0.15.255 access-list 120 remark pristup sa Win servera u INEM access-list 120 permit ip host 192.168.15.3 192.168.64.0 0.0.15.255 access-list 120 remark pristup na KIS access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.1.3 eq 443 access-list 120 remark ICMP access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255 echo access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3 echo access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255 administratively-prohibited access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3 administratively-prohibited access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255 host-unreachable access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3 host-unreachable access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255 packet-too-big access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3 packet-too-big access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255 net-unreachable access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3 net-unreachable access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255 ttl-exceeded access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3 ttl-exceeded access-list 120 deny ip any any

After 'access-list compiled' command I'm getting the following 'show access-list compiled' output:

KEV_perimeter#sh access-list compiled Compiled ACL statistics: ACL State Entries Config Fragment Redundant

5 Operational 1 1 0 0 100 Operational 2 2 0 0 101 Operational 3 3 0 0 120 Unsupported 0 0 0 0 5 ACLs, 3 active, 1 builds, 6 entries, 96 ms last compile 0 history updates, 2000 history entries 0 mem limits, 128 Mb limit, 1 Mb max memory 0 compile failures, 0 priming failures Overflows: L1 0, L2 0, L3 0 Table expands:[9]=0 [10]=0 [11]=0 [12]=0 [13]=0 [14]=0 [15]=0 L0: 1803Kb 2/3 3/4 7/8 2/3 2/3 2/3 2/3 2/3 L1: 4Kb 2/12 2/24 2/9 2/9 L2: 2Kb 2/150 2/81 L3: 2Kb 2/250 Ex: 6Kb Tl: 1818Kb 36 equivs (14 dynamic)

Why ACL 120 won't compile?

Here is the config of fa0/0 interface:

KEV_perimeter#sh run int fa0/0 Building configuration...

Current configuration : 300 bytes ! interface FastEthernet0/0 ip address 192.168.15.6 255.255.255.0 ip access-group 120 in ip mtu 1492 ip flow ingress ip flow egress ip inspect fw out ip virtual-reassembly service-policy input rate-limit service-policy output rate-limit ip tcp adjust-mss 1452 duplex auto speed auto end

KEV_perimeter#

Best Regards, Igor

Reply to
Pseto
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.