I am unable to apply access lists on any interface on a 8510CSR- every time I attempt to, I receive this message (substitute GigabitEthernet0/0/0 for your favorite interface)
core8500(config-if)#ip access-group 101 in Warning: Could not apply ACLs on GigabitEthernet0/0/0 The ACL is : access-list 101 deny ip host 10.10.50.64 host 10.1.1.151 ...attempting to prevent one host from accessing another. Pretty simple (or so I thought). I am running version 121-7a.EY. Any ideas on what could be causing this? I've posted my running config at the very bottom if interested. Thanks, Sean Current configuration : 2875 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname core8500 ! enable secret 5 weeeeeyeahright enable password 7 110A1016141D ! spd headroom 1024 sdm ipqos zero sdm policy 0 ip subnet-zero no ip finger ip domain-name devel.net ip name-server 10.10.50.139 ! ! ! ! interface Loopback0 ip address 192.168.3.254 255.255.255.255 ! interface GigabitEthernet0/0/0 ip address 10.5.1.1 255.255.255.252 no negotiation auto ! interface FastEthernet1/0/0 ip address 10.8.1.2 255.255.255.252 ! interface FastEthernet1/0/1 ip address 10.5.1.5 255.255.255.252 ! interface FastEthernet1/0/2 ip address 10.5.1.17 255.255.255.252 ! interface FastEthernet1/0/3 ip address 10.5.1.37 255.255.255.252 ! interface FastEthernet1/0/4 ip address 10.6.1.6 255.255.255.252 ! interface FastEthernet1/0/5 ip address 10.2.1.1 255.255.255.0 ! interface FastEthernet1/0/6 ip address 10.1.1.1 255.255.255.0 ip access-group 101 out duplex half speed 100 ! interface FastEthernet1/0/7 ip address 10.1.200.1 255.255.255.0 no ip redirects ! interface FastEthernet1/0/7.1 ! interface FastEthernet1/0/7.2 ! interface FastEthernet1/0/7.201 encapsulation dot1Q 201 ip address 10.1.201.1 255.255.255.0 no ip redirects ! interface FastEthernet1/0/7.202 encapsulation dot1Q 202 ip address 10.1.202.1 255.255.255.0 no ip redirects ! interface FastEthernet1/0/7.203 encapsulation dot1Q 203 ip address 10.1.203.1 255.255.255.0 no ip redirects ! interface Ethernet0 ip address 10.99.99.99 255.255.255.0 ! interface Ethernet0.1 ! interface Ethernet0.2 ! router ospf 10 router-id 192.168.3.254 log-adjacency-changes redistribute static subnets passive-interface GigabitEthernet0/0/0 network 10.0.0.0 0.255.255.255 area 0 network 192.168.3.254 0.0.0.0 area 0 default-information originate always ! ip classless ip route 0.0.0.0 0.0.0.0 10.8.1.1 ip route 10.2.101.0 255.255.255.0 10.2.1.100 ip route 10.10.0.0 255.255.0.0 10.5.1.2 ip route 10.10.96.0 255.255.224.0 Null0 ip route 10.10.128.0 255.255.192.0 Null0 ip route 10.10.192.0 255.255.192.0 Null0 no ip http server ip ospf name-lookup ! access-list 101 deny ip host 10.10.50.64 host 10.1.1.151 snmp-server community public RO snmp-server trap-source Loopback0 snmp-server location QA LAB snmp-server contact Quality Assurance snmp-server enable traps snmp snmp-server enable traps ima snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps chassis-fail snmp-server enable traps chassis-change snmp-server enable traps bgp snmp-server enable traps syslog snmp-server enable traps rsvp ! ! line con 0 logging synchronous full-help transport input none line aux 0 line vty 0 4 exec-timeout 30 0 password 7 070C285F4D06 login length 0 ! end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26024&t=26024 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
