Sam

The command certainly exists in your IOS but perhaps in a place or in a syntax that you are not expecting. Jorge is absolutely correct that the access-group command is under interface config mode. So if you are looking in global config mode (where the access-list command exists, then you will not find the access-group command). But if you look in interface config mode then you will find it.

It may also be that the syntax is not quite what you expected. The command to create an access list is simply access-list. But the command to apply it to an interface is ip access-group. Sometimes it is confusing to remember which commands just start with the command words and which commands start with ip and then the command words. So if you are looking just for access-group then you will not find it. But you can find ip access-group.

HTH

Rick

Thanks for your reply

But I can assure you that I did all you said but the command 'ip access-group' simply doesn't exist in my IOS 12.4 (Please check the console print screen)

Maybe it's a bug and I need to upgrade or patch my router!

The screen shows all the command that exist under interface config

Thanks again for your help

interesting !!!

send us

" show version " and " show ip interface brief "

Just wondering whether the interface he's trying to apply the access list is a layer 2 interface like etherswitch interface.

HTH

Sundar

Sundar, that sounds like right, that interface does not look like a layer 3 interface.

Hi Sundar,

How can an interface on a router be Layer 2? Althought I think my interface in L3, is there a command to turn it to a L3? How can you see that?

Thanks for your light!

Here are print screens of both commands

Again, thank you for helping

My privilege is:

Current privilege level is 15

Hey,

i wouldn't say its a IOS bug, but i faced a problem on 3750 switch similar to this to such incidents,

while i was giving training to the juniors in my office, i was explaining that that interface vlan 1 cannot be deleted, so i told them to try that option by issuing "no interface vlan 1" but that got deleted also i told them to issue "router eigrp 444" surprisingly this command didn't accept, i was wondering & felt bad infront of the juniors, immediately i doubted that IOS probz, so i had the same back-up image of the switch, juz upgraded & the eigrp command worked out & the "interface vlan 1" was also not able to delete.

IOS was using 12.2(25r)SEC in cisco 3750.

so juz try the option of upgrading the image.

but NO idea what went wrong, the same IOS i was using it on my network for 7 nos. 3750 switches & those never faced such kind of probz.

So the problem must be the flash version? This means its a bug in my flash then, how can brand new router with IOS 12.4 not be able to run the basic access-group command?

Anyway please help me to clarify this, and the exact action to take to solving this issue

Thanks for your help

Mujos

it is not a bug in the flash or the IOS, juz try upgrading the IOS once again, it will certainly solve the problem, it might happens on rare cases.

Mujos,

As per the show version you have 6 fast ethernet interfaces whereas the router ships with only 2 by default with the motherboard. This means that you have additional ethernet modules on the router (mostly a four port switch).

This will by default be a layer 2 interface as said by sundar and hence you are not able to use this command. you need to check whether this ether switch module supports L3 functions. posting a sh diag would help

also just to make sure that the command is supported, try this on the fa0/0 or fa0/1 which is shipped by default with the router. you should be able to execute the command

HTH, rate if it does

Narayan