Just recently took over like 7 cisco routers 2 voip systems and 12 switches in our network.
I have my CCNA but i am confused to my knowledge acl's have to be assigned to something and a recent problem( doing backups from a remote location across a tunnel is bringing up a message saying communications lost. I have done this with a ping going accross the tunnel to the server that i am backing up and according to the ping my tunnel is still up. so i though maybe a acl is blocking it. when i run back up at about 2min and 30 sec it stopping but it has not sent one byte.)So i look at the acls on the remote router and none are assigned anywhere. Is this some sort of CCNP configuration going on? to my knowledge all acls have to be assigned to a interface for in/out traffic.
Here are the acl's
Extended IP access list 101
10 permit tcp host 10.3.250.2 any eq ftp
20 permit tcp host 10.3.250.2 any eq ftp-data
30 permit tcp any eq ftp host 10.3.250.2
40 permit tcp any eq ftp-data host 10.3.250.2
Extended IP access list 102
10 permit ip 10.3.10.0 0.0.0.255 any
Extended IP access list 111
10 permit ip 10.0.0.0 0.0.0.255 any
20 deny ip any any
Extended IP access list 130
10 deny ip 10.3.10.0 0.0.0.255 10.2.0.0 0.0.255.255 (484 matches)
20 permit ip 10.3.10.0 0.0.0.255 any (1792934 matches)
Extended IP access list 140
10 permit gre host 126.96.36.199 host 188.8.131.52 (5460262 matches)
Extended IP access list 141
10 permit ip 10.3.10.0 0.0.0.255 10.2.0.0 0.0.255.255
20 deny ip any any
But like i said they are not assigned to any interface. Can anyone explain why these are not assigned to anything.
If they are doing something should i make or add on to a acl allowing trafic to and from the server ip that i want to back up?
correct, an ACL must be assigned to an interface for an interface to use it to filter traffic.
as to answering "why these ACLs are not assigned...", i don't think we can tell you why your hardware is not configured a certain way.
looking at your posted output of ACLs it is clear that 10 & 20 are in use on at least one interface.
it will be helpful if you can paste your router configuration minus sensative data if you can.
you may very well need an ACL to allow access to backup the server. we cannot tell from this point, need configuration info as well as a 'show ip route' output for starters. this will allow us to create an ACL to fit your topology.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.