Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1928
Views
0
Helpful
5
Replies

Can not access FTP from subnet

abhyankar
Level 1
Level 1

‎09-21-2006 04:02 AM - edited ‎03-03-2019 05:09 AM

We have Cisco 1841 router, 2 MBPS leased line, Cisco 3560 layer III switch,

515e PIX and Squid proxy server running on Linux. We use 193.168.1.x IP for internal usage. We created 1 new subnet i.e 192.168.2.0 . A guy from vednor configured layer III switch. He created 2 VLAN's. So users from 192.168.2.0 can not access machines inside 193.168.1.x subnet and vice versa. Now problem is machines in 192.168.2.0 network are iMac

G5 machines. Those machines can browse internet but can not access FTP of there

server located at Canada. What is the most possible problem Is it neccesary to make more changes in layer III switch or

changes has to made in PIX and router

or in proxy server ? I am confused....

Labels:
0 Helpful
5 Replies 5

sourabhagarwal
Level 4
Level 4

‎09-21-2006 04:26 AM

what i understand form your problem is that you have 2 VLANs configured on 3560 switch and now users in one VLAN can't access users in another VLAN and vice-versa.

most probable problems could be:

1. inter-vlan routing is not properly configured on 3560 switch.

2. check if switches connecting to users have both VLAN information in their VLAN database.

3. make sure that edge switchport have proper VLAN membership.

machines which are not able to access FTP, check if any access list is applied at the VLAN interface which is blocking FTP traffic.

let me know if it helps or you have more queries...

0 Helpful

abhyankar
Level 1
Level 1
In response to sourabhagarwal

‎09-21-2006 05:07 AM

We dont want users to acces machines. The machines in 192.168.2.x subnet are Apple machines. We want them to browse there own FTP server only which is located at Canada..

They use "Timbaktu" protocol. We dont want users to see other machines in our network but want them to give internet acces, they can access internet but can not browse FTP..

0 Helpful

amk_gremlin
Level 1
Level 1
In response to abhyankar

‎09-21-2006 01:02 PM

There are many possible causes for shuch an error , but lets start with troubleshooting . The next ones should be checked first . By the way , try to bypass things as far as it possible . You may disable proxy (in browser settings) during the test , such staff would be allways helpful . The initial checks are :

1) First of all , check the IP connectivity . Are the packets leave the LAN ? Is there a traceroute to the destination only from the WAN connection (for instance) or from the LAN too ?

2) Bypass the firewall . Maybe by a simple telnet check you will be able to decide where the problem originated .

3) Check he logs . It's almost allways helpful . Especially checking the firewall ones ... sometimes .

0 Helpful

bbaltas
Level 1
Level 1

‎09-21-2006 02:00 PM

Since these machines can access the internet with a browser, it looks like only ftp is blocked. I'm going to make a guess that users on 192.168.1.X can ftp to the Internet. To check thism, try the following from a command prompt: ftp ftp.cisco.com. You should get a response.

If you get a response from Cisco's ftp site on the 192.168.1.x network, the problem is probably in your Squid proxy server. You may have to add ftp capability to the 192.168.2.x network. If you don't get a response from the Cisco ftp server, the problem may be that the Squid proxy server is not configured to allow FTP.

If the Squid server is not the problem. Check the pix firewall for an outgoing access-control list. If this ACL exists, verify that ftp is permitted from the 192.168.2.x network.

You may also have to check the Cisco 1841 router for an ACL that blocks ftp traffic from the 192.168.2.x network. This ACL will be applied to either the 192.168.2.x interface or the interface that connects to the PIX.

I don't believe the problem is with the 3560 switch. This device is a layer 2 device, and the routing is done from your router.

Good Luck

Bill Baltas

0 Helpful

abhyankar
Level 1
Level 1
In response to bbaltas

‎09-22-2006 01:18 AM

Thanx all for reply. The subnet 192.168.2.x is added 1 week ago. And the man who came from Canada to India he left back. But thanx

for reply. I'll probabbly check if i can connect to Cisco's FTP. I tried HTTP upload, download from the respective subnet but not FTP. The man tried to connect to his FTP located at Canada via a tool. He failed to connect via his subnet. But from our subnet he got connected.

So may be conclusion is we must add entries of 192.168.2.x subnet and port 21 in our squid proxy ??

Regard's,

Amey Abhyankar.

0 Helpful
Customers Also Viewed These Support Documents