I just acquired a 2811 running IOS 12.4, but I cannot run the access-group command simply because it doesn't exist. Has anyone experience this before. I can run access-list no problem, but access-group is not existing. Please help me.
IP access-groups are use on interfaces.
You first use an access-list command to create a single access list entry. Then use the ip access-group command to bind one of more access-list to an interface .
see ip access-list, and IP access-group.
HTH, please rate if this helps.
The command certainly exists in your IOS but perhaps in a place or in a syntax that you are not expecting. Jorge is absolutely correct that the access-group command is under interface config mode. So if you are looking in global config mode (where the access-list command exists, then you will not find the access-group command). But if you look in interface config mode then you will find it.
It may also be that the syntax is not quite what you expected. The command to create an access list is simply access-list. But the command to apply it to an interface is ip access-group. Sometimes it is confusing to remember which commands just start with the command words and which commands start with ip and then the command words. So if you are looking just for access-group then you will not find it. But you can find ip access-group.
Thanks for your reply
But I can assure you that I did all you said but the command 'ip access-group' simply doesn't exist in my IOS 12.4 (Please check the console print screen)
Maybe it's a bug and I need to upgrade or patch my router!
The screen shows all the command that exist under interface config
Thanks again for your help
Just wondering whether the interface he's trying to apply the access list is a layer 2 interface like etherswitch interface.
How can an interface on a router be Layer 2? Althought I think my interface in L3, is there a command to turn it to a L3? How can you see that?
Thanks for your light!
Let's see your privilege level by typing
You are missing a lot of options for ip under that interface.
i wouldn't say its a IOS bug, but i faced a problem on 3750 switch similar to this to such incidents,
while i was giving training to the juniors in my office, i was explaining that that interface vlan 1 cannot be deleted, so i told them to try that option by issuing "no interface vlan 1" but that got deleted also i told them to issue "router eigrp 444" surprisingly this command didn't accept, i was wondering & felt bad infront of the juniors, immediately i doubted that IOS probz, so i had the same back-up image of the switch, juz upgraded & the eigrp command worked out & the "interface vlan 1" was also not able to delete.
IOS was using 12.2(25r)SEC in cisco 3750.
so juz try the option of upgrading the image.
but NO idea what went wrong, the same IOS i was using it on my network for 7 nos. 3750 switches & those never faced such kind of probz.
So the problem must be the flash version? This means its a bug in my flash then, how can brand new router with IOS 12.4 not be able to run the basic access-group command?
Anyway please help me to clarify this, and the exact action to take to solving this issue
Thanks for your help
it is not a bug in the flash or the IOS, juz try upgrading the IOS once again, it will certainly solve the problem, it might happens on rare cases.
As per the show version you have 6 fast ethernet interfaces whereas the router ships with only 2 by default with the motherboard. This means that you have additional ethernet modules on the router (mostly a four port switch).
This will by default be a layer 2 interface as said by sundar and hence you are not able to use this command. you need to check whether this ether switch module supports L3 functions. posting a sh diag would help
also just to make sure that the command is supported, try this on the fa0/0 or fa0/1 which is shipped by default with the router. you should be able to execute the command
HTH, rate if it does
Fa0/0 indeed supports the command access-group!
so this means that my Four (non-default) Ethernet ports cannot be configured with routing commands!!
How can I turn them to L3
Attached is my 'sh diag' result
Thank you for your help!
The module HWIC-4ESW you have doesn't seem to support L3 interfaces as per the data sheet
HTH, rate if it does
Why would cisco sell L2 only interfaces to plug into a router? A router is supposed to do L3, right? It doesn't make sense to me!
Now I'm stick to 4 L2 ports, and there is no way to software-upgrade it.
Thanks for your light
It is actually the other way. These modules are used on the router to give them some switch functionality.
There are few modules which do support L3 functioanlity as well
What if you assign the switch ports to a VLAN (for example VLAN 20) and then try to create an SVI (for example interface vlan 20) and try to put an IP address on it and then try the ip access-group command. I think that should work.