Hi,

Thanks for the reply.

Please see attahced the Router and Switch config.

Hope you can see what the issue is as its been causing me hours of headache!

Rob.

Hi Friend,

You have a policy map configured on your sub interface fa0/0.4 and which calls for route map which further calls for access list 99 which specifies the source ip subnet address for your subinterface fa0/0.4 subnet.

Now anything which comes on your subinterface fa0/0.4 from its subnet it will pass the policy and will be fwded as per the route set in your route map overriding the routing table.

So can you change you access list 99 with extended access list with source and destination ip address so that when traffic from your fa0/0.4 hits the subinterface if it is only for specific destinations it will follow the route condition of route map else will follow normal routing table.

HTH

Ankur

*Pls rate all helpfull post

Hi,

I agree with Ankur on this. Probably this is the catch. All the Traffic from Vlan 4 is being directly policy routed over the GRE tunnel 1 and is not cmojng back to the vlan2. Use the Extended ACL as suggested by Ankur and you should be good to go.

HTH,

-amit singh

Hi,

Thanks for this but the issue is with the other subInterface. The fa0/0.2 is the one that is causing the problem. By making access-list 99 extended, will this fix the problem? Thanks a million if so. I'll rate it as solved.

Hi Friend,

As you stated in your original post "just can't get to any device on one of the Vlans" can you confirm from where you can't get to it?

I believe you are not able to get to subinterface fa0/0.2 from your fa0/0.4 subinterface or vice versa? If its intefvlan related yes extended ACL will resolve the issue.

Ankur

Hi,

I can't access any device on fa0/0.2 from any location. I can ping the gateway but thats all.

So you suggest i create an extended ACL for fa0/0.4 - with source ip 10.250.5.0 and destination 192.168..7.137 which is the next hop set out by the route map?

Sorry If i'm confusing the issue.

Hi Friend,

Before changing the ACL, I will recommend you to remove the policy map from the subinterface fa0/0.4 if possible and see if that resolves the issue.

If yes then a plan is required as what is the intention for putting a route map and ACL can be planned accordingly.

HTH

Ankur

Hi,

I've removed the route-map from this interface as you requested but I still can't ping 172.17.11.251 - a device on the Vlan 2.

Could the issue not reside on the switch?

I have this set up on another router and switch in a different site and it seems to work ok.

Hi,

Cna you put " show trunk " output from the switch.

-amit singh

Sure - please see attached:

i see that port 2/29 was in the native vlan 2? can this be changed?

Yes - that fixed it.

Nice one - Thanks for your help.

I'll definatley be using this site alot over the coming weeks\months\years!!!!