09-28-2006 08:53 AM - edited 03-03-2019 05:17 AM
Hi,
I have an amazing pb
I have a 4507 catalyst switch and i have a lot of Vlan(Vlan 31,38,39 are important).
I have an ACL but i opened all.
The pb is that the dns server is not able to resolve an external address (because i want to do a ftp connection).
I have an internet because a I have a pix and i have a proxy in DMZ(in DMZ no pb).
When I see in the ethereal soft in my Vlan 38, it tell me that the switch gateway block the dns request
DNS, exchange...users-->Vlan38
Vlan39-->pix outside
Vlan 31--->other internal network
Please help me I don' understand why
My conf is :
ip route 0.0.0.0 0.0.0.0 192.168.39.251
ip http server
!
access-list 131 remark sur interface vlan 31 Client NB
access-list 131 permit ip any 192.168.31.0 0.0.0.255
access-list 131 permit ip any 192.168.33.0 0.0.0.255
access-list 131 permit ip any 192.168.50.0 0.0.0.255
access-list 131 permit tcp host 192.168.31.151 192.168.38.0 0.0.0.255 gt 1023
access-list 131 permit tcp host 192.168.31.152 192.168.38.0 0.0.0.255 gt 1023
access-list 131 permit tcp host 192.168.31.153 192.168.38.0 0.0.0.255 gt 1023
access-list 131 permit tcp any host 192.168.38.203 eq 135
access-list 131 permit tcp any host 192.168.38.203 gt 1023
access-list 131 deny ip any any
access-list 138 remark sur interface vlan 38 Bur
access-list 138 permit ip any 192.168.38.0 0.0.0.255
access-list 138 permit ip any 192.168.39.0 0.0.0.255
access-list 138 permit ip any 192.168.40.0 0.0.0.255
access-list 138 permit tcp any host 192.168.31.151 eq 9100
access-list 138 permit tcp any host 192.168.31.152 eq 9100
access-list 138 permit tcp any host 192.168.31.153 eq 9100
access-list 138 permit tcp host 192.168.38.203 192.168.31.0 0.0.0.255 gt 1023
access-list 138 deny ip any any
access-list 139 remark sur interface vlan 39 Firewall
access-list 139 deny ip any 192.168.50.0 0.0.0.255
access-list 139 deny ip any 192.168.60.0 0.0.0.255
access-list 139 deny ip any 192.168.32.0 0.0.0.255
access-list 139 deny ip any 192.168.33.0 0.0.0.255
access-list 139 deny ip any 192.168.34.0 0.0.0.255
access-list 139 deny ip any 192.168.35.0 0.0.0.255
access-list 139 deny ip any 192.168.37.0 0.0.0.255
access-list 139 permit ip any any
09-29-2006 02:11 AM
Hi
I made a test and i have a pb in my switch ACL.
Could you help me to improve the ACL.
My pb is that i configure the pix and router. But this switch I never work with this product.
Could you please give me a link to configure this switch.
A the end I have this ACL(I want to open between the Vlan 31 and 38 the printers and exchange flow):
access-list 138 remark sur interface vlan 38 Bureautique
access-list 138 permit tcp any host 192.168.31.151 eq 9100
access-list 138 permit tcp any host 192.168.31.152 eq 9100
access-list 138 permit tcp any host 192.168.31.153 eq 9100
access-list 138 permit tcp host 192.168.38.203 192.168.31.0 0.0.0.255 gt 1023
access-list 138 deny ip any 192.168.50.0 0.0.0.255
access-list 138 deny ip any 192.168.60.0 0.0.0.255
access-list 138 deny ip any 192.168.32.0 0.0.0.255
access-list 138 deny ip any 192.168.33.0 0.0.0.255
access-list 138 deny ip any 192.168.34.0 0.0.0.255
access-list 138 deny ip any 192.168.35.0 0.0.0.255
access-list 138 deny ip any 192.168.37.0 0.0.0.255
access-list 138 permit ip any any
In advance thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: