We have Cisco 1841 router, 2 MBPS leased line, Cisco 3560 layer III switch,
515e PIX and Squid proxy server running on Linux. We use 193.168.1.x IP for internal usage. We created 1 new subnet i.e 192.168.2.0 . A guy from vednor configured layer III switch. He created 2 VLAN's. So users from 192.168.2.0 can not access machines inside 193.168.1.x subnet and vice versa. Now problem is machines in 192.168.2.0 network are iMac
G5 machines. Those machines can browse internet but can not access FTP of there
server located at Canada. What is the most possible problem Is it neccesary to make more changes in layer III switch or
There are many possible causes for shuch an error , but lets start with troubleshooting . The next ones should be checked first . By the way , try to bypass things as far as it possible . You may disable proxy (in browser settings) during the test , such staff would be allways helpful . The initial checks are :
1) First of all , check the IP connectivity . Are the packets leave the LAN ? Is there a traceroute to the destination only from the WAN connection (for instance) or from the LAN too ?
2) Bypass the firewall . Maybe by a simple telnet check you will be able to decide where the problem originated .
3) Check he logs . It's almost allways helpful . Especially checking the firewall ones ... sometimes .
Since these machines can access the internet with a browser, it looks like only ftp is blocked. I'm going to make a guess that users on 192.168.1.X can ftp to the Internet. To check thism, try the following from a command prompt: ftp ftp.cisco.com. You should get a response.
If you get a response from Cisco's ftp site on the 192.168.1.x network, the problem is probably in your Squid proxy server. You may have to add ftp capability to the 192.168.2.x network. If you don't get a response from the Cisco ftp server, the problem may be that the Squid proxy server is not configured to allow FTP.
If the Squid server is not the problem. Check the pix firewall for an outgoing access-control list. If this ACL exists, verify that ftp is permitted from the 192.168.2.x network.
You may also have to check the Cisco 1841 router for an ACL that blocks ftp traffic from the 192.168.2.x network. This ACL will be applied to either the 192.168.2.x interface or the interface that connects to the PIX.
I don't believe the problem is with the 3560 switch. This device is a layer 2 device, and the routing is done from your router.
Thanx all for reply. The subnet 192.168.2.x is added 1 week ago. And the man who came from Canada to India he left back. But thanx
for reply. I'll probabbly check if i can connect to Cisco's FTP. I tried HTTP upload, download from the respective subnet but not FTP. The man tried to connect to his FTP located at Canada via a tool. He failed to connect via his subnet. But from our subnet he got connected.
So may be conclusion is we must add entries of 192.168.2.x subnet and port 21 in our squid proxy ??
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.