11-14-2006 02:13 PM - edited 03-03-2019 02:42 PM
Dears All,
I have gateway router 7206vxr on which I have two wan links. I want to distribute my traffic using Route-Map with named acl. I followed the document related to named acl
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080431038.html
Now problem is, the document says in step 4 and 5 that we can use optional parameter [sequence-number] so that we can edit named acl or place new entry any where in acl based on this [sequence-number]. But In real when tried to implement it on gateway router, I could not. Sequence number had not been accepted.
FLAG-Gate#
FLAG-Gate#conf t
Enter configuration commands, one per line. End with CNTL/Z.
FLAG-Gate(config)#ip access-list extended MyACL
FLAG-Gate(config-ext-nacl)#?
Ext Access List configuration commands:
default Set a command to its defaults
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
evaluate Evaluate an access list
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
FLAG-Gate(config-ext-nacl)#1000 permit ip host 192.168.161.168 any
% Invalid input detected at '^' marker.
FLAG-Gate(config-ext-nacl)#
So what would be the reason? Why I could not enter sequence # 1000? Without it command was acceptable.
Waiting for Response
Regards,
11-14-2006 02:16 PM
This feature was introduced in 12.3(7)T. You are possibly using an older software release which does not support this option.
Paresh.
PS. Pls do remember to rate posts.
11-14-2006 02:20 PM
Ramiz
The link that you sent describes a feature in release 12.3(7)T (though sequence numbers are not the primary focus of the feature). You have not identified for us what version of code you are running but I suspect that the version of code that you are running does not have support for the sequence number feature.
If your code does not support the sequence number feature the access list and the route map should still work properly if you enter the access list without sequence numbers. If you believe that you really need the sequence numbers you may need to upgrade the code on your router.
HTH
Rick
11-14-2006 06:13 PM
Ok thanks for responding. Tell me if i don't want to upgrade ios and still want to insert an entry in between some other entries. Is it posible?
For Example
First i have acl entries
ip access-list extended Test
permit ip host 192.168.12.5 any
permit ip host 192.168.13.2 any
permit ip 192.168.200.0 0.0.0.255 any
permit ip 172.16.10.0 0.0.0.255 any
now i want to add an acl entry "deny ip host 192.168.200.5 any" in between "permit ip host 192.168.13.2 any" and "permit ip 192.168.200.0 0.0.0.255 any" so that route-map would apply on network 192.168.200.0 except host 192.168.200.5.
How is it possible without sequence number? and regarding router's IOS
Gateway#
Gateway#show version
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-JS-M), Version 12.2(34), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Thu 02-Mar-06 04:32 by pwade
Image text-base: 0x60008940, data-base: 0x6168E000
ROM: System Bootstrap, Version 12.2(4r)B2, RELEASE SOFTWARE (fc2)
BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(13)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Regards
11-14-2006 02:39 PM
Hi ,
Sequence number for named access-list should be supported by ios which you are using in 7206 router.means IOS should have that feature in it.
Please take a look at the following link at cisco.com...
It shows that sequence numbers for ACLs were first introduced in 12.2(14)S, 12.2(15)T and
12.3(2)T.
Check whether the ios in router is supporting sequence number for named access-list feature.
Hope it clarifies you.Plz rate it.
Thanks,
satish
11-15-2006 07:31 AM
Ok thanks for responding. Tell me if i don't want to upgrade ios and still want to insert an entry in between some other entries. Is it posible?
For Example
First i have acl entries
ip access-list extended Test
permit ip host 192.168.12.5 any
permit ip host 192.168.13.2 any
permit ip 192.168.200.0 0.0.0.255 any
permit ip 172.16.10.0 0.0.0.255 any
now i want to add an acl entry "deny ip host 192.168.200.5 any" in between "permit ip host 192.168.13.2 any" and "permit ip 192.168.200.0 0.0.0.255 any" so that route-map would apply on network 192.168.200.0 except host 192.168.200.5.
How is it possible without sequence number? and regarding router's IOS
Gateway#
Gateway#show version
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-JS-M), Version 12.2(34), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Thu 02-Mar-06 04:32 by pwade
Image text-base: 0x60008940, data-base: 0x6168E000
ROM: System Bootstrap, Version 12.2(4r)B2, RELEASE SOFTWARE (fc2)
BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(13)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Regards
11-16-2006 03:16 AM
If the IOS you have does not support sequence numbers (which by the looks it doesn't) then you will need to re-create the access-list.
The best way to do this is to create a second access-list and call it "Test2" (for this example) and then enter in the new permit statements.
Then apply the "Test2" access-list to the route-map, keep both the access-lists on the router as it will allow you to fallback to the previous one just in case something goes wrong.
The next time you need to add in another line to the middle of the ACL, clear the old "Test" list enter in the new details and apply that to the route-map.
HTH
11-17-2006 07:12 AM
Dear,
Ok thanks for response. Please tell me from where i can download newer version 12.3(7)T? I heard that if a person have cisco certification, he can download ios from cisco.com. I have passed Composit, BCRAN and CIT.
Need your assistance Please.
Regards
Ramiz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide