1 UC500 2 Networks

jcarter · ‎09-23-2010

I have a UC500 where a workstation needs to connect to a separate network besides the UC network. The link to the separate network is connected to fastethernet0/1/0. The IP scheme is 10.32.4.0/24. The gateway on that network is 10.32.4.254.

I connected the workstation to fastethernet0/1/1. So far, I created a VLAN10 with an address of 10.32.4.245. I can ping 10.32.4.245 from the workstation. I cannot ping 10.32.4.254 from the workstation. If I telnet to the UC500, I can ping 10.32.4.254 no problem.

I tried to add a static route to 10.32.4.0 using VLAN10 as the interface. That did not make a difference as far as pinging was concerned.

Anyone have an idea of how to fix this?

jburton · ‎09-23-2010

jcarter@mungerinc.com
I have a UC500 where a workstation needs to connect to a separate network besides the UC network.  The link to the separate network is connected to fastethernet0/1/0.  The IP scheme is 10.32.4.0/24.  The gateway on that network is 10.32.4.254. 
I connected the workstation to fastethernet0/1/1.  So far, I created a VLAN10 with an address of 10.32.4.245.  I can ping 10.32.4.245 from the workstation.  I cannot ping 10.32.4.254 from the workstation. If I telnet to the UC500, I can ping 10.32.4.254 no problem.
I tried to add a static route to 10.32.4.0 using VLAN10 as the interface.  That did not make a difference as far as pinging was concerned.
Anyone have an idea of how to fix this?

Here's what I did in a simular situation.

Caveats .. my OtherNet is VLAN201 and the network is 192.168.43.0/255.255.255.0

vlan 201

name LinkToOtherNet

interface FastEthernet0/1/0

switchport trunk native vlan 201

switchport mode trunk

macro description cisco-switch

interface Vlan201

description ** Link to OtherNet **

ip address 192.168.43.240 255.255.255.0

ip access-group 104 in

ip virtual-reassembly

That seems to have worked just fine on my end ... but naturally your mileage may vary....

jcarter · ‎09-23-2010

What does your access-list 104 look like?

jburton · ‎09-23-2010

jcarter@mungerinc.com

What does your access-list 104 look like?

access-list 104 deny tcp any eq 5060 any eq 5060

access-list 104 deny udp any eq 5060 any eq 5060

access-list 104 deny tcp any eq 5061 any eq 5061

access-list 104 deny udp any eq 5061 any eq 5061

access-list 104 deny tcp any eq 2427 any eq 2427

access-list 104 deny udp any eq 2427 any eq 2427

access-list 104 deny tcp any eq 2517 any eq 2517

access-list 104 deny udp any eq 2517 any eq 2517

access-list 104 deny tcp any eq 1718 any eq 1718

access-list 104 deny udp any eq 1718 any eq 1718

access-list 104 deny tcp any eq 1719 any eq 1719

access-list 104 deny udp any eq 1719 any eq 1719

access-list 104 deny tcp any eq 1720 any eq 1720

access-list 104 deny udp any eq 1720 any eq 1720

access-list 104 permit ip any any

Pretty much to keep SIP from sneeking in.... Plus a few other bad things...

jcarter · ‎09-28-2010

I still cannot get this to work. I attached the running config. I tried it with and without the route statement that is currently in the config. Do I need to do anything to the port that the pc is plugged into that needs access to the other network? It is fastethernet0/1/1.

jburton · ‎09-28-2010

jcarter@mungerinc.com

I still cannot get this to work. I attached the running config. I tried it with and without the route statement that is currently in the config. Do I need to do anything to the port that the pc is plugged into that needs access to the other network? It is fastethernet0/1/1.

Jason..

You'll need to plug the switch that supports your OtherNet (VLAN10) into FastE0/1/0. You shouldn't need any route statement for VLAN10. Since FastE0/1/0 is part of your OtherNet it'll know how to pass traffic back and forth to whatever other VLANs you've assigned to it...

I note you're routing to the BVI, not bad, but sometimes confusing. I like to route serial (T1) traffic to interfaces, and Ethernet traffic to addresses. But that is entirely a matter of personal preference...

Naturally, your mileage may vary....