I have router with three VLANs (1,2) for internal users NATed to external interface (gi0/0) with overload and VLAN (3) with public IPs routed through the same interface. I’ve created simple QoS policy which will match traffic using IP addressing and assigned it to Gi0/0 as below:
access-list 2103 permit ip host 184.108.40.206 any
access-list 2104 permit ip any host 220.127.116.11
class-map match-any VLAN3QoS
match access-group 2103
match access-group 2104
police rate 1000000
service-policy input QoS
service-policy output QoS
This is working well. However when I try to do the same for private IP addresses:
access-list 2103 permit ip 172.16.1.0 0.0.0.255 any
access-list 2104 permit ip any 172.16.1.0 0.0.0.255
it doesn’t work at all unless I match traffic for any (access-list 2103 permit ip any any).
I believe problem is in NAT as external interface can’t recognize internal IP addressing. I know that I can assign the policy directly to VLAN1 and VLAN2 interfaces but I want to do this on Gi0/0.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...