Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access lists not working ?

recently i helped one of my customer to migrate some LAN pts from nortel baystack to cisco 3750 switch.

previously, a nortel baystack was connected to the cisco 3750 through a trunk port, this nortel has only 1 LAN pt on one VLAN only.

the LAN pt was migrated to the cisco 3750, and I assigned the VLAN on the cisco 3750 for this particular port.

the cust found that it is not able to ping after the migration.

on this particular VLAN, there is one access-list implemented.

client -> nortel -> cisc0 3750 Gi1/0/6 -> router

old config

------------------------------

interface GigabitEthernet1/0/6

switchport trunk encapsulation dot1q
switchport mode trunk

interface Vlan6
description Swimming Pool Vlan
ip address 172.25.101.1 255.255.255.0
ip access-group spool in

ip access-list extended spool
permit ip host 172.25.101.110 host 172.22.102.102
deny   ip any any

client -> cisc0 3750 Gi1/0/6 -> router

new config

--------------------------------

interface GigabitEthernet1/0/6
description Swimming Pool Vlan
switchport access vlan 6
switchport mode access
spanning-tree portfast

interface Vlan6
  description Swimming Pool Vlan
  ip address 172.25.101.1 255.255.255.0
  ip access-group spool in

ip access-list extended spool
  permit ip host 172.25.101.110 host 172.22.102.102
  deny   ip any any

IP 172.25.101.110 is the client connected to GigabitEthernet1/0/6, while 172.22.102.102 is at HQ office.

now 172.25.101.110 cannot reach 172.22.102.102.

the only difference is that vlan 6 is not on the cisco 3750 instead of the nortel baystack.

is there anything wrong with the config ??

2 REPLIES
Hall of Fame Super Silver

Re: Access lists not working ?

Hello Yeow,

you have changed the default gateway for the client

verify that:

the client is using 172.25.101.1 as its default gateway with ipconfig /all in the shell (if it is a windows os)

use arp -g to verify that MAC address associated to default gateway is the same as that of SVI Vlan6 on the C3750

SVI MAC address is reported in sh int vlan6 output

Hope to help

Giuseppe

Re: Access lists not working ?

recently i helped one of my customer to migrate some LAN pts from nortel baystack to cisco 3750 switch.

previously, a nortel baystack was connected to the cisco 3750 through a trunk port, this nortel has only 1 LAN pt on one VLAN only.

the LAN pt was migrated to the cisco 3750, and I assigned the VLAN on the cisco 3750 for this particular port.

the cust found that it is not able to ping after the migration.

on this particular VLAN, there is one access-list implemented.

client -> nortel -> cisc0 3750 Gi1/0/6 -> router

old config

------------------------------

interface GigabitEthernet1/0/6

switchport trunk encapsulation dot1q
switchport mode trunk

interface Vlan6
description Swimming Pool Vlan
ip address 172.25.101.1 255.255.255.0
ip access-group spool in

ip access-list extended spool
permit ip host 172.25.101.110 host 172.22.102.102
deny   ip any any

client -> cisc0 3750 Gi1/0/6 -> router

new config

--------------------------------

interface GigabitEthernet1/0/6
description Swimming Pool Vlan
switchport access vlan 6
switchport mode access

Hi,

It should work just check few things are you able to ping the default gateway that 3750 vlan interface ip address from client and from switch are you able to ping the destination server ip address 172.22.102.102 and finally as you have removed on device just clear arp from client pc and the try.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

276
Views
0
Helpful
2
Replies
CreatePlease login to create content