12-16-2002 02:41 AM - edited 03-02-2019 03:37 AM
I applyed a ACL to a ip interface which have been assigned a ip address.But I found a error message in the logs,the message is "ACL card not present for interface FastEthernet24",is that means any hardware error or any other error?Will the ACL be effective?
12-16-2002 05:58 AM
In a CAT2948G-L3, ACLs are supported only on Gigabit Ethernet ports and corresponding Gigabit Ethernet subinterfaces. ACLs are not supported on Bridge-Group Virtual Interface (BVI), Fast EtherChannel (FEC), Gigabit EtherChannel (GEC), and Fast Ethernet interfaces.
12-16-2002 07:29 AM
Thanks for your reply.
But I applied a ACL to a fast Ethernet port and I targed log in ACL. I find some messages about ACL in system log .
*Dec 16 11:36:21.140 PRC: %SEC-6-IPACCESSLOGP: list 110 denied tcp 61.153.233.189(4204) -> x.x.x.x(135), 1 packet
*Dec 16 11:36:27.388 PRC: %SEC-6-IPACCESSLOGP: list 110 denied tcp 61.153.233.189(3016) -> x.x.x.x(135), 1 packet
*Dec 16 11:36:31.648 PRC: %SEC-6-IPACCESSLOGP: list 110 denied tcp 61.153.233.189(3499) -> x.x.x.x(135), 1 packet
*Dec 16 11:36:33.576 PRC: %SEC-6-IPACCESSLOGP: list 110 denied tcp 61.153.233.189(3833) -> x.x.x.x(135), 1 packet
*Dec 16 11:36:35.424 PRC: %SEC-6-IPACCESSLOGP: list 110 denied tcp 61.153.233.189(3978) -> x.x.x.x(135), 1 packet
*Dec 16 11:36:36.816 PRC: %SEC-6-IPACCESSLOGP: list 110 denied tcp 61.153.233.189(4108) -> x.x.x.x(135), 1 packet
*Dec 16 11:36:48.012 PRC: %SEC-6-IPACCESSLOGP: list 110 denied tcp 61.153.233.189(3217) -> x.x.x.x(135), 1 packet
*Dec 16 11:42:17.636 PRC: %SEC-6-IPACCESSLOGP: list 110 denied tcp 61.153.233.189(3978) -> x.x.x.x(135), 1 packet
*Dec 16 19:01:27.494 PRC: %SEC-6-IPACCESSLOGP: list 110 denied tcp 210.21.113.187(1035) -> x.x.x.x(135), 1 packet
for the security I replace the destination ip address with x.x.x.x.
And here is the ACL I applied:
2948g#show ip access-lists 110
Extended IP access list 110
deny udp any any eq 1434 log (1750 matches)
deny tcp any any eq 135 log (3875 matches)
permit icmp any any (1648980 matches)
permit ip any any (380488327 matches)
So now my question is if the ACL is effective?
12-16-2002 08:16 PM
log mite be coming but ACL only works on the gigabit ports.
Here is the URL for your ref.
http://www.cisco.com/univercd/cc/td/doc/product/l3sw/4908g_l3/ios_12/18w522a/config/acl_cnfg.htm
Keep the following restrictions in mind when configuring ACLs on the Catalyst 2948G-L3 and 4908G-L3 switch routers:
ACLs are supported only on Gigabit Ethernet ports and corresponding Gigabit Ethernet subinterfaces.
ACLs are not supported on Bridge-Group Virtual Interface (BVI), Fast EtherChannel (FEC), Gigabit EtherChannel (GEC), and Fast Ethernet interfaces.
Reflexive and dynamic ACLs are not supported on Catalyst 2948G-L3 and 4908G-L3 switch routers.
Access violations accounting is not supported on Catalyst 2948G-L3 and 4908G-L3 switch routers.
ACL logging is supported only for packets going to the CPU, not for switched packets.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide