cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
284
Views
0
Helpful
1
Replies

Pb ACL dns

hassanimagid
Level 1
Level 1

Hi,

I have an amazing pb

I have a 4507 catalyst switch and i have a lot of Vlan(Vlan 31,38,39 are important).

I have an ACL but i opened all.

The pb is that the dns server is not able to resolve an external address (because i want to do a ftp connection).

I have an internet because a I have a pix and i have a proxy in DMZ(in DMZ no pb).

When I see in the ethereal soft in my Vlan 38, it tell me that the switch gateway block the dns request

DNS, exchange...users-->Vlan38

Vlan39-->pix outside

Vlan 31--->other internal network

Please help me I don' understand why

My conf is :

ip route 0.0.0.0 0.0.0.0 192.168.39.251

ip http server

!

access-list 131 remark sur interface vlan 31 Client NB

access-list 131 permit ip any 192.168.31.0 0.0.0.255

access-list 131 permit ip any 192.168.33.0 0.0.0.255

access-list 131 permit ip any 192.168.50.0 0.0.0.255

access-list 131 permit tcp host 192.168.31.151 192.168.38.0 0.0.0.255 gt 1023

access-list 131 permit tcp host 192.168.31.152 192.168.38.0 0.0.0.255 gt 1023

access-list 131 permit tcp host 192.168.31.153 192.168.38.0 0.0.0.255 gt 1023

access-list 131 permit tcp any host 192.168.38.203 eq 135

access-list 131 permit tcp any host 192.168.38.203 gt 1023

access-list 131 deny ip any any

access-list 138 remark sur interface vlan 38 Bur

access-list 138 permit ip any 192.168.38.0 0.0.0.255

access-list 138 permit ip any 192.168.39.0 0.0.0.255

access-list 138 permit ip any 192.168.40.0 0.0.0.255

access-list 138 permit tcp any host 192.168.31.151 eq 9100

access-list 138 permit tcp any host 192.168.31.152 eq 9100

access-list 138 permit tcp any host 192.168.31.153 eq 9100

access-list 138 permit tcp host 192.168.38.203 192.168.31.0 0.0.0.255 gt 1023

access-list 138 deny ip any any

access-list 139 remark sur interface vlan 39 Firewall

access-list 139 deny ip any 192.168.50.0 0.0.0.255

access-list 139 deny ip any 192.168.60.0 0.0.0.255

access-list 139 deny ip any 192.168.32.0 0.0.0.255

access-list 139 deny ip any 192.168.33.0 0.0.0.255

access-list 139 deny ip any 192.168.34.0 0.0.0.255

access-list 139 deny ip any 192.168.35.0 0.0.0.255

access-list 139 deny ip any 192.168.37.0 0.0.0.255

access-list 139 permit ip any any

1 Reply 1

hassanimagid
Level 1
Level 1

Hi

I made a test and i have a pb in my switch ACL.

Could you help me to improve the ACL.

My pb is that i configure the pix and router. But this switch I never work with this product.

Could you please give me a link to configure this switch.

A the end I have this ACL(I want to open between the Vlan 31 and 38 the printers and exchange flow):

access-list 138 remark sur interface vlan 38 Bureautique

access-list 138 permit tcp any host 192.168.31.151 eq 9100

access-list 138 permit tcp any host 192.168.31.152 eq 9100

access-list 138 permit tcp any host 192.168.31.153 eq 9100

access-list 138 permit tcp host 192.168.38.203 192.168.31.0 0.0.0.255 gt 1023

access-list 138 deny ip any 192.168.50.0 0.0.0.255

access-list 138 deny ip any 192.168.60.0 0.0.0.255

access-list 138 deny ip any 192.168.32.0 0.0.0.255

access-list 138 deny ip any 192.168.33.0 0.0.0.255

access-list 138 deny ip any 192.168.34.0 0.0.0.255

access-list 138 deny ip any 192.168.35.0 0.0.0.255

access-list 138 deny ip any 192.168.37.0 0.0.0.255

access-list 138 permit ip any any

In advance thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: