Why this ACL wan't be compiled?

Discussion in 'Cisco' started by Pseto, Jan 31, 2007.

  1. Pseto

    Pseto Guest

    On my 2811 ISR (IOS 12.3(11)T10 adv. ip svc.) I have implemented the
    following ACL bounded to fa0/0 inbound direction:

    access-list 120 remark => INEM
    access-list 120 remark BPCS
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 6910
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 9150
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq
    63000
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq
    55500
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq
    telnet
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 6710
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq 8950
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq
    60000
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.73.93 eq
    55400
    access-list 120 remark pristup sa AS/400 iz KEV-a
    access-list 120 permit ip host 192.168.15.1 192.168.64.0 0.0.15.255
    access-list 120 remark pristup sa Win servera u INEM
    access-list 120 permit ip host 192.168.15.3 192.168.64.0 0.0.15.255
    access-list 120 remark pristup na KIS
    access-list 120 permit tcp 192.168.15.0 0.0.0.255 host 192.168.1.3 eq 443
    access-list 120 remark ICMP
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255
    echo
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3 echo
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255
    administratively-prohibited
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3
    administratively-prohibited
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255
    host-unreachable
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3
    host-unreachable
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255
    packet-too-big
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3
    packet-too-big
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255
    net-unreachable
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3
    net-unreachable
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 192.168.64.0 0.0.15.255
    ttl-exceeded
    access-list 120 permit icmp 192.168.15.0 0.0.0.255 host 192.168.1.3
    ttl-exceeded
    access-list 120 deny ip any any

    After 'access-list compiled' command I'm getting the following 'show
    access-list compiled' output:

    KEV_perimeter#sh access-list compiled
    Compiled ACL statistics:
    ACL State Entries Config Fragment Redundant
    5 Operational 1 1 0 0
    100 Operational 2 2 0 0
    101 Operational 3 3 0 0
    120 Unsupported 0 0 0 0
    5 ACLs, 3 active, 1 builds, 6 entries, 96 ms last compile
    0 history updates, 2000 history entries
    0 mem limits, 128 Mb limit, 1 Mb max memory
    0 compile failures, 0 priming failures
    Overflows: L1 0, L2 0, L3 0
    Table expands:[9]=0 [10]=0 [11]=0 [12]=0 [13]=0 [14]=0 [15]=0
    L0: 1803Kb 2/3 3/4 7/8 2/3 2/3 2/3 2/3
    2/3
    L1: 4Kb 2/12 2/24 2/9 2/9
    L2: 2Kb 2/150 2/81
    L3: 2Kb 2/250
    Ex: 6Kb
    Tl: 1818Kb 36 equivs (14 dynamic)

    Why ACL 120 won't compile?

    Here is the config of fa0/0 interface:

    KEV_perimeter#sh run int fa0/0
    Building configuration...

    Current configuration : 300 bytes
    !
    interface FastEthernet0/0
    ip address 192.168.15.6 255.255.255.0
    ip access-group 120 in
    ip mtu 1492
    ip flow ingress
    ip flow egress
    ip inspect fw out
    ip virtual-reassembly
    service-policy input rate-limit
    service-policy output rate-limit
    ip tcp adjust-mss 1452
    duplex auto
    speed auto
    end

    KEV_perimeter#

    Best Regards,
    Igor
     
    Pseto, Jan 31, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter

    How is Mozilla Compiled (made)

    Peter, May 23, 2005, in forum: Firefox
    Replies:
    1
    Views:
    413
    Roland
    May 23, 2005
  2. kev
    Replies:
    4
    Views:
    548
    Scooby
    Nov 17, 2003
  3. AM
    Replies:
    1
    Views:
    640
    Phillip Remaker
    May 24, 2005
  4. Casper
    Replies:
    1
    Views:
    579
    headsetadapter.com
    Aug 17, 2007
  5. Martin Gallagher
    Replies:
    0
    Views:
    523
    Martin Gallagher
    Nov 27, 2012
Loading...

Share This Page