Hi,

I have an amazing pb

I have a 4507 catalyst switch and i have a lot of Vlan(Vlan 31,38,39 are important).

I have an ACL but i opened all.

The pb is that the dns server is not able to resolve an external address (because i want to do a ftp connection).

I have an internet because a I have a pix and i have a proxy in DMZ(in DMZ no pb).

When I see in the ethereal soft in my Vlan 38, it tell me that the switch gateway block the dns request

DNS, exchange...users-->Vlan38

Vlan39-->pix outside

Vlan 31--->other internal network

Please help me I don' understand why

My conf is :

ip route 0.0.0.0 0.0.0.0 192.168.39.251

ip http server

!

access-list 131 remark sur interface vlan 31 Client NB

access-list 131 permit ip any 192.168.31.0 0.0.0.255

access-list 131 permit ip any 192.168.33.0 0.0.0.255

access-list 131 permit ip any 192.168.50.0 0.0.0.255

access-list 131 permit tcp host 192.168.31.151 192.168.38.0 0.0.0.255 gt 1023

access-list 131 permit tcp host 192.168.31.152 192.168.38.0 0.0.0.255 gt 1023

access-list 131 permit tcp host 192.168.31.153 192.168.38.0 0.0.0.255 gt 1023

access-list 131 permit tcp any host 192.168.38.203 eq 135

access-list 131 permit tcp any host 192.168.38.203 gt 1023

access-list 131 deny ip any any

access-list 138 remark sur interface vlan 38 Bur

access-list 138 permit ip any 192.168.38.0 0.0.0.255

access-list 138 permit ip any 192.168.39.0 0.0.0.255

access-list 138 permit ip any 192.168.40.0 0.0.0.255

access-list 138 permit tcp any host 192.168.31.151 eq 9100

access-list 138 permit tcp any host 192.168.31.152 eq 9100

access-list 138 permit tcp any host 192.168.31.153 eq 9100

access-list 138 permit tcp host 192.168.38.203 192.168.31.0 0.0.0.255 gt 1023

access-list 138 deny ip any any

access-list 139 remark sur interface vlan 39 Firewall

access-list 139 deny ip any 192.168.50.0 0.0.0.255

access-list 139 deny ip any 192.168.60.0 0.0.0.255

access-list 139 deny ip any 192.168.32.0 0.0.0.255

access-list 139 deny ip any 192.168.33.0 0.0.0.255

access-list 139 deny ip any 192.168.34.0 0.0.0.255

access-list 139 deny ip any 192.168.35.0 0.0.0.255

access-list 139 deny ip any 192.168.37.0 0.0.0.255

access-list 139 permit ip any any