04-05-2006 01:41 PM - edited 03-03-2019 02:40 AM
please find the file attached
04-05-2006 02:12 PM
Anand,
I do not think the issue is ACL related.
Did you configure static(s) route(s) on the Linux machine used as a router to reach the IP subnets configured on VLAN 2, 5, 199 and 200.
Hope this helps
04-05-2006 09:40 PM
sorry hritter, my earlier question little bit wrong, here is the exact.
find the configuration below
interface Vlan199
ip address 192.168.3.251 255.255.255.0
ip access-group 101 in
ip access-group 103 out
interface Vlan200
ip address 192.168.2.251 255.255.255.0
ip access-group 102 in
ip access-group 104 out
interface Vlan2
ip address 10.2.1.251 255.255.255.0
interface vlan5
ip address 10.2.9.251 255.255.255.0
interface vlan6
ip address 10.2.10.251 255.255.255.0
i have put an access list
access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.9.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.9.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 103 permit ip 10.2.9.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 permit ip 10.2.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 103 permit ip 192.168.16.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 104 permit ip 10.2.9.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 permit ip 10.2.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 permit ip 192.168.16.0 0.0.0.255 192.168.2.0 0.0.0.255
now except vlan6, all the remaining vlan's can able to speak to vlan199 & vlan200, 192.168.16.x is residing on the otherside of the vlan200. i.e 1 NIC ip is 192.168.2.1/24 & other NIC is 192.168.16.1/24, 192.168.16.1 is connected to 192.168.16.2 via cross cable, i made 192.168.16.1 as router(linux)default gateway in this pc is 192.168.2.251, i had put "ip route 192.168.16.0 255.255.255.0 192.168.2.1" on the switch, actually 192.168.16.2 should ping others networks also(valn199,200,2,5), but it is not pining, also it is not pinging vice versa, what could be the problem, is my access-list is correct or do i need to make changes in that? this is very urgent as i failed on my 1st attempt.
Note:192.168.16.2 can ping up to 192.168.2.1 & not beyond that.
04-06-2006 02:12 AM
Can you change ACLs 102 and 104 to read like the following:
access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.9.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 102 permit ip 192.168.16.0 0.0.0.255 10.2.9.0 0.0.0.255
access-list 102 permit ip 192.168.16.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 102 permit ip 192.168.16.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.16.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 permit ip 192.168.16.0 0.0.0.255 192.168.16.0 0.0.0.255
!
access-list 104 permit ip 10.2.9.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 permit ip 10.2.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 permit ip 192.168.16.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 104 permit ip 10.2.9.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 104 permit ip 10.2.1.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.16.0 0.0.0.255
access-list 104 permit ip 192.168.3.0 0.0.0.255 192.168.16.0 0.0.0.255
Pls do remember to rate posts.
Paresh
04-07-2006 04:21 AM
Hi Anand,
Try putting this
access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.10.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.10.0 0.0.0.255
access-list 103 permit ip 10.2.10.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 104 permit ip 10.2.10.0 0.0.0.255 192.168.2.0 0.0.0.255
Pls do rate if it works
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide