Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Catalyst 3550 Routing Issues

Hi All

Seeing that we've got staff and students on our network, I thought it would be a good idea to implement ACLs to prevent students from getting onto staff vlans.

So I created the ACL, and implemented it on our student vlans only. Now for the problem:

When I do a traceroute to any of our remote sites from a staff vlan, without the ACL implemented on any vlans, the packets travel along the correct route to the destination, and the trace is completed without any problems.

Now if I do a traceroute to the same host on the remote site from the same staff vlan, with the ACL implemented on the student vlans, the packets try to get to the remote host via a student vlan - which does not have access to the remote site. Thus, the traceroute returns Destination net unreachable.

The ACL is 14 lines long, and is implemented only on student vlans. What also happens, is that when I implement the ACL on the student vlans, the HSRP on the 3550 automatically makes all student vlans active on the 3550 - even though they are configured as standby on the 3550.

We are running EIGRP between all our routers.

Any thoughts?

Regards

CvZ

1 REPLY
New Member

Re: Catalyst 3550 Routing Issues

Is the ACL being applied to the HSRP interface? HSRP uses both UDP port 1985 to talk with the other HSRP peer and Multicast to talk with the any other routers on the subnet. Make sure your ACL isn't blocking this traffic.

135
Views
0
Helpful
1
Replies