Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Routing issue

please find the file attached

  • Other Network Infrastructure Subjects
4 REPLIES
Cisco Employee

Re: Routing issue

Anand,

I do not think the issue is ACL related.

Did you configure static(s) route(s) on the Linux machine used as a router to reach the IP subnets configured on VLAN 2, 5, 199 and 200.

Hope this helps

Re: Routing issue

sorry hritter, my earlier question little bit wrong, here is the exact.

find the configuration below

interface Vlan199

ip address 192.168.3.251 255.255.255.0

ip access-group 101 in

ip access-group 103 out

interface Vlan200

ip address 192.168.2.251 255.255.255.0

ip access-group 102 in

ip access-group 104 out

interface Vlan2

ip address 10.2.1.251 255.255.255.0

interface vlan5

ip address 10.2.9.251 255.255.255.0

interface vlan6

ip address 10.2.10.251 255.255.255.0

i have put an access list

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.9.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.1.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.9.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.1.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 103 permit ip 10.2.9.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 103 permit ip 10.2.1.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 103 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 103 permit ip 192.168.16.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 104 permit ip 10.2.9.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 104 permit ip 10.2.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 104 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 104 permit ip 192.168.16.0 0.0.0.255 192.168.2.0 0.0.0.255

now except vlan6, all the remaining vlan's can able to speak to vlan199 & vlan200, 192.168.16.x is residing on the otherside of the vlan200. i.e 1 NIC ip is 192.168.2.1/24 & other NIC is 192.168.16.1/24, 192.168.16.1 is connected to 192.168.16.2 via cross cable, i made 192.168.16.1 as router(linux)default gateway in this pc is 192.168.2.251, i had put "ip route 192.168.16.0 255.255.255.0 192.168.2.1" on the switch, actually 192.168.16.2 should ping others networks also(valn199,200,2,5), but it is not pining, also it is not pinging vice versa, what could be the problem, is my access-list is correct or do i need to make changes in that? this is very urgent as i failed on my 1st attempt.

Note:192.168.16.2 can ping up to 192.168.2.1 & not beyond that.

Purple

Re: Routing issue

Can you change ACLs 102 and 104 to read like the following:

access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.9.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.1.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 102 permit ip 192.168.16.0 0.0.0.255 10.2.9.0 0.0.0.255

access-list 102 permit ip 192.168.16.0 0.0.0.255 10.2.1.0 0.0.0.255

access-list 102 permit ip 192.168.16.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 102 permit ip 192.168.16.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 102 permit ip 192.168.16.0 0.0.0.255 192.168.16.0 0.0.0.255

!

access-list 104 permit ip 10.2.9.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 104 permit ip 10.2.1.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 104 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 104 permit ip 192.168.16.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 104 permit ip 10.2.9.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 104 permit ip 10.2.1.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 104 permit ip 192.168.2.0 0.0.0.255 192.168.16.0 0.0.0.255

access-list 104 permit ip 192.168.3.0 0.0.0.255 192.168.16.0 0.0.0.255

Pls do remember to rate posts.

Paresh

New Member

Re: Routing issue

Hi Anand,

Try putting this

access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.10.0 0.0.0.255

access-list 102 permit ip 192.168.2.0 0.0.0.255 10.2.10.0 0.0.0.255

access-list 103 permit ip 10.2.10.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 104 permit ip 10.2.10.0 0.0.0.255 192.168.2.0 0.0.0.255

Pls do rate if it works

86
Views
0
Helpful
4
Replies