02-13-2019 08:29 AM
I am setting up Layer 3 switches (3560s) at our remote sites to allow me to use EIGRP and MPLS to add an additional route back to corporate (currently using ASA VPN Tunnels).
From at 4507r+e at corporate on VLAN1, I can reach any computer on any of the VLANs I have setup as Network (and visa versa).... But ONLY VLAN1 at corporate.
Maybe my version is not correct? Version 03.09.01.E I have downloaded the latest version, but I hesitate to do the upgrade if not needed.
Solved! Go to Solution.
02-13-2019 01:03 PM
02-13-2019 01:08 PM
02-13-2019 01:16 PM
02-13-2019 01:23 PM
02-13-2019 01:30 PM
02-13-2019 02:26 PM
Great..
Which network doens't working with other? ( that you have problem )
02-14-2019 06:11 AM
I am wondering why the 4507 did not learn 10.100.10.0 as an EIGRP route and it was necessary to add a static route for it. On the remote would you post the output of show ip interface brief and of show ip route
Thinking about the static route - there is no need for the static route for 10.10.5.0. The core knows that network as a connected route (not as an EIGRP route).
HTH
Rick
02-14-2019 06:56 AM
I do not know why 10.100.10.0 is not advertised to the core (and that would impact access to anything on the core from that subnet). But I have identified the main reason why the remote can only access vlan 1 of the core. Other than the connected subnet of 10.10.5.0 the core advertises 3 subnets to the remote. It advertises 192.168.100.0 which is vlan 1 and that works. It advertises 192.168.0.0 which is vlan 100 and it does not work. It advertises 172.16.103.0 which is vlan 903 and it does not work. The two vlans that do not work have configured Policy Based Routing. The normal route to get to the Remote is to use connected 10.10.5.2 but the PBR over rides the normal routing and set ip next-hop to a different IP and that prevents traffic from those vlans returning to the remote.
The solution for this issue is to revise the ACL used by PBR for those subnets and make the ACL deny traffic from the core subnets to the remote subnets. This will allow normal routing to take place and the remote will be able to access those subnets.
HTH
Rick
02-14-2019 10:34 AM
02-14-2019 11:00 AM
It is working after doing the following for VLAN100
C
THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may
be intercepted, monitored, recorded, copied, audited, inspected,
and disclosed to authorized site and law enforcement personnel,
as well as authorized officials of other agencies, both domestic
and foreign. By using this system, the user consents to such
interception, monitoring, recording, copying, auditing, inspection,
and disclosure at the discretion of authorized site personnel.
Unauthorized or improper use of this system may result in
administrative disciplinary action and civil and criminal penalties.
By continuing to use this system you indicate your awareness of and
consent to these terms and conditions of use. LOG OFF IMMEDIATELY
if you do not agree to the conditions stated in this warning.
User Access Verification
Enter Username: thunder
Password:
CoreSwitch4507#config t
Enter configuration commands, one per line. End with CNTL/Z.
CoreSwitch4507(config)#exit
CoreSwitch4507#show access-list
Standard IP access list 23
10 permit 24.28.23.243 log
20 permit 192.168.0.0, wildcard bits 0.0.255.255 log (246 matches)
30 permit 172.16.0.0, wildcard bits 0.0.255.255 log (151 matches)
40 deny any log
Extended IP access list 101
10 deny ip any 170.146.0.0 0.0.255.255 log
20 permit ip any any
Extended IP access list 102
10 deny ip any 170.146.0.0 0.0.255.255 log
20 permit ip any any
Extended IP access list 199
10 deny tcp host 192.168.0.99 eq www any log
20 deny tcp any eq www host 192.168.0.99 log
30 deny tcp 192.168.0.0 0.0.0.255 eq 443 any log
40 permit ip any any
Extended IP access list CISCO-CWA-URL-REDIRECT-ACL
100 deny udp any any eq domain
101 deny tcp any any eq domain
102 deny udp any eq bootps any
103 deny udp any any eq bootpc
104 deny udp any eq bootpc any
105 permit tcp any any eq www
Extended IP access list PolicyRoute_1
10 deny ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255 log
20 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 log
30 deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255 log
40 deny ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255 log
50 deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255 log
60 deny ip 192.168.0.0 0.0.0.255 192.168.40.0 0.0.0.255 log
70 deny ip 192.168.0.0 0.0.0.255 192.168.99.0 0.0.0.255 log
80 deny ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255 log
90 deny ip 192.168.0.0 0.0.0.255 192.168.101.0 0.0.0.255 log
100 deny ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255 log
110 deny ip 192.168.0.0 0.0.0.255 192.168.201.0 0.0.0.255 log
120 deny ip 192.168.0.0 0.0.0.255 192.168.202.0 0.0.0.255 log
130 deny ip 192.168.0.0 0.0.0.255 192.168.254.0 0.0.0.255 log
140 permit ip 192.168.0.0 0.0.0.255 any
150 deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_10
10 deny ip 192.168.10.0 0.0.0.255 172.16.90.0 0.0.0.255
20 deny ip 192.168.10.0 0.0.0.255 172.16.100.0 0.0.0.255 log (1160 matches)
30 deny ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.0.255 log (156725963 matches)
40 deny ip 192.168.10.0 0.0.0.255 172.16.101.0 0.0.0.255
50 deny ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255 log (437913 matches)
60 deny ip 192.168.10.0 0.0.0.255 192.168.10.0 0.0.0.255 log (45993241 matches)
70 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 log
80 deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255 log
90 deny ip 192.168.10.0 0.0.0.255 192.168.40.0 0.0.0.255 log
100 deny ip 192.168.10.0 0.0.0.255 192.168.99.0 0.0.0.255 log
110 deny ip 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255 log (18408908 matches)
120 deny ip 192.168.10.0 0.0.0.255 192.168.200.0 0.0.0.255 log (78097889 matches)
130 deny ip 192.168.10.0 0.0.0.255 192.168.254.0 0.0.0.255 log (794 matches)
140 deny ip 192.168.10.0 0.0.0.255 192.168.201.0 0.0.0.255 log (242 matches)
150 deny ip 192.168.10.0 0.0.0.255 192.168.202.0 0.0.0.255 log
160 permit ip any any (974510854 matches)
170 deny ip 192.168.10.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_100
10 deny ip 192.168.0.0 0.0.0.255 172.16.90.0 0.0.0.255
20 deny ip 192.168.0.0 0.0.0.255 172.16.100.0 0.0.0.255 log (41892 matches)
30 deny ip 192.168.0.0 0.0.0.255 172.16.101.0 0.0.0.255
40 deny ip 192.168.0.0 0.0.0.255 172.16.103.0 0.0.0.255 log (1695997 matches)
50 deny ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255 log (32930640 matches)
60 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 log (2667 matches)
70 deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255 log (66966973 matches)
80 deny ip 192.168.0.0 0.0.0.255 192.168.15.0 0.0.0.255 log (2590332 matches)
90 deny ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255 log (2678093 matches)
100 deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255 log (194036 matches)
110 deny ip 192.168.0.0 0.0.0.255 192.168.40.0 0.0.0.255 log (1 match)
120 deny ip 192.168.0.0 0.0.0.255 192.168.99.0 0.0.0.255 log (1 match)
130 deny ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255 log (2043 matches)
140 deny ip 192.168.0.0 0.0.0.255 192.168.254.0 0.0.0.255 log (9692 matches)
150 deny ip 192.168.0.0 0.0.0.255 192.168.101.0 0.0.0.255 log (2 matches)
160 deny ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255 log (1164894 matches)
170 deny ip 192.168.0.0 0.0.0.255 192.168.201.0 0.0.0.255 log (101310 matches)
180 deny ip 192.168.0.0 0.0.0.255 192.168.202.0 0.0.0.255 log (2292 matches)
190 permit ip 192.168.0.0 0.0.0.255 any (4427173709 matches)
200 deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255 log
210 deny ip 192.168.0.0 0.0.0.255 172.16.102.0 0.0.0.255
220 deny ip 192.168.0.0 0.0.0.255 10.10.5.0 0.0.0.255
230 deny ip 192.168.0.0 0.0.0.255 10.100.10.0 0.0.0.255
Extended IP access list PolicyRoute_12
10 deny ip 192.168.12.0 0.0.0.255 172.16.90.0 0.0.0.255
20 deny ip 192.168.12.0 0.0.0.255 172.16.100.0 0.0.0.255 log
30 deny ip 192.168.12.0 0.0.0.255 192.168.0.0 0.0.0.255 log
40 deny ip 192.168.12.0 0.0.0.255 172.16.101.0 0.0.0.255
50 deny ip 192.168.12.0 0.0.0.255 192.168.1.0 0.0.0.255 log
60 deny ip 192.168.12.0 0.0.0.255 192.168.12.0 0.0.0.255 log
70 deny ip 192.168.12.0 0.0.0.255 192.168.20.0 0.0.0.255 log
80 deny ip 192.168.12.0 0.0.0.255 192.168.30.0 0.0.0.255 log
90 deny ip 192.168.12.0 0.0.0.255 192.168.40.0 0.0.0.255 log
100 deny ip 192.168.12.0 0.0.0.255 192.168.99.0 0.0.0.255 log
110 deny ip 192.168.12.0 0.0.0.255 192.168.100.0 0.0.0.255 log
120 deny ip 192.168.12.0 0.0.0.255 192.168.200.0 0.0.0.255 log
130 deny ip 192.168.12.0 0.0.0.255 192.168.254.0 0.0.0.255 log
140 deny ip 192.168.12.0 0.0.0.255 192.168.201.0 0.0.0.255 log
150 deny ip 192.168.12.0 0.0.0.255 192.168.202.0 0.0.0.255 log
160 permit ip any any
170 deny ip 192.168.12.0 0.0.0.255 192.168.10.0 0.0.0.255 log
Extended IP access list PolicyRoute_15
10 deny ip 192.168.15.0 0.0.0.255 192.168.0.0 0.0.0.255 log
20 deny ip 192.168.15.0 0.0.0.255 192.168.1.0 0.0.0.255 log
30 deny ip 192.168.15.0 0.0.0.255 192.168.10.0 0.0.0.255 log
40 deny ip 192.168.15.0 0.0.0.255 192.168.15.0 0.0.0.255 log
50 deny ip 192.168.15.0 0.0.0.255 192.168.20.0 0.0.0.255 log
60 deny ip 192.168.15.0 0.0.0.255 192.168.30.0 0.0.0.255 log
70 deny ip 192.168.15.0 0.0.0.255 192.168.40.0 0.0.0.255 log
80 deny ip 192.168.15.0 0.0.0.255 192.168.99.0 0.0.0.255 log
90 deny ip 192.168.15.0 0.0.0.255 192.168.100.0 0.0.0.255 log
100 deny ip 192.168.15.0 0.0.0.255 192.168.101.0 0.0.0.255 log
110 deny ip 192.168.15.0 0.0.0.255 192.168.200.0 0.0.0.255 log
120 deny ip 192.168.15.0 0.0.0.255 192.168.201.0 0.0.0.255 log
130 deny ip 192.168.15.0 0.0.0.255 192.168.202.0 0.0.0.255 log
140 deny ip 192.168.15.0 0.0.0.255 192.168.254.0 0.0.0.255 log
150 permit ip 192.168.15.0 0.0.0.255 any
160 deny ip 192.168.15.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_20
10 deny ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255 log
20 deny ip 192.168.20.0 0.0.0.255 192.168.1.0 0.0.0.255 log
30 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 log
40 deny ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255 log
50 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 log
60 deny ip 192.168.20.0 0.0.0.255 192.168.40.0 0.0.0.255 log
70 deny ip 192.168.20.0 0.0.0.255 192.168.50.0 0.0.0.255 log
80 deny ip 192.168.20.0 0.0.0.255 192.168.99.0 0.0.0.255 log
90 deny ip 192.168.20.0 0.0.0.255 192.168.100.0 0.0.0.255 log
100 deny ip 192.168.20.0 0.0.0.255 192.168.200.0 0.0.0.255 log
110 deny ip 192.168.20.0 0.0.0.255 192.168.201.0 0.0.0.255 log
120 deny ip 192.168.20.0 0.0.0.255 192.168.202.0 0.0.0.255 log
130 permit ip any any
140 deny ip 192.168.20.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_200
10 deny ip 192.168.200.0 0.0.0.255 172.16.100.0 0.0.0.255 log (184 matches)
20 deny ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.0.255 log (467702 matches)
30 deny ip 192.168.200.0 0.0.0.255 172.16.101.0 0.0.0.255
40 deny ip 192.168.200.0 0.0.0.255 192.168.1.0 0.0.0.255 log
50 deny ip 192.168.200.0 0.0.0.255 192.168.10.0 0.0.0.255 log (2859055 matches)
60 deny ip 192.168.200.0 0.0.0.255 192.168.20.0 0.0.0.255 log
70 deny ip 192.168.200.0 0.0.0.255 192.168.30.0 0.0.0.255 log
80 deny ip 192.168.200.0 0.0.0.255 192.168.40.0 0.0.0.255 log
90 deny ip 192.168.200.0 0.0.0.255 192.168.99.0 0.0.0.255 log
100 deny ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255 log
110 deny ip 192.168.200.0 0.0.0.255 192.168.200.0 0.0.0.255 log (746621 matches)
120 deny ip 192.168.200.0 0.0.0.255 192.168.201.0 0.0.0.255 log
130 deny ip 192.168.200.0 0.0.0.255 192.168.202.0 0.0.0.255 log
140 deny ip 192.168.200.0 0.0.0.255 192.168.254.0 0.0.0.255 log
150 permit ip any any (100253992 matches)
160 deny ip 192.168.200.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_201
10 deny ip 192.168.201.0 0.0.0.255 192.168.0.0 0.0.0.255 log (2580 matches)
20 deny ip 192.168.201.0 0.0.0.255 192.168.1.0 0.0.0.255 log
30 deny ip 192.168.201.0 0.0.0.255 192.168.10.0 0.0.0.255 log
40 deny ip 192.168.201.0 0.0.0.255 192.168.20.0 0.0.0.255 log
50 deny ip 192.168.201.0 0.0.0.255 192.168.30.0 0.0.0.255 log
60 deny ip 192.168.201.0 0.0.0.255 192.168.40.0 0.0.0.255 log
70 deny ip 192.168.201.0 0.0.0.255 192.168.99.0 0.0.0.255 log
80 deny ip 192.168.201.0 0.0.0.255 192.168.100.0 0.0.0.255 log
90 deny ip 192.168.201.0 0.0.0.255 192.168.101.0 0.0.0.255 log
100 deny ip 192.168.201.0 0.0.0.255 192.168.200.0 0.0.0.255 log
110 deny ip 192.168.201.0 0.0.0.255 192.168.201.0 0.0.0.255 log (59412 matches)
120 deny ip 192.168.201.0 0.0.0.255 192.168.202.0 0.0.0.255 log
130 deny ip 192.168.201.0 0.0.0.255 192.168.254.0 0.0.0.255 log
140 permit ip 192.168.201.0 0.0.0.255 any (996849 matches)
150 deny ip 192.168.201.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_202
10 deny ip 192.168.202.0 0.0.0.255 192.168.0.0 0.0.0.255 log
20 deny ip 192.168.202.0 0.0.0.255 192.168.1.0 0.0.0.255 log
30 deny ip 192.168.202.0 0.0.0.255 192.168.10.0 0.0.0.255 log
40 deny ip 192.168.202.0 0.0.0.255 192.168.20.0 0.0.0.255 log
50 deny ip 192.168.202.0 0.0.0.255 192.168.30.0 0.0.0.255 log
60 deny ip 192.168.202.0 0.0.0.255 192.168.40.0 0.0.0.255 log
70 deny ip 192.168.202.0 0.0.0.255 192.168.99.0 0.0.0.255 log
80 deny ip 192.168.202.0 0.0.0.255 192.168.100.0 0.0.0.255 log
90 deny ip 192.168.202.0 0.0.0.255 192.168.101.0 0.0.0.255 log
100 deny ip 192.168.202.0 0.0.0.255 192.168.200.0 0.0.0.255 log
110 deny ip 192.168.202.0 0.0.0.255 192.168.201.0 0.0.0.255 log
120 deny ip 192.168.202.0 0.0.0.255 192.168.202.0 0.0.0.255 log
130 permit ip 192.168.202.0 0.0.0.255 any
140 deny ip 192.168.202.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_901
10 deny ip 172.16.100.0 0.0.0.255 172.16.100.0 0.0.0.255 (2641976 matches)
20 deny ip 172.16.100.0 0.0.0.255 172.16.101.0 0.0.0.255
30 deny ip 172.16.100.0 0.0.0.255 192.168.0.0 0.0.0.255 (18988602 matches)
40 deny ip 172.16.100.0 0.0.0.255 192.168.10.0 0.0.0.255 (18057617 matches)
50 deny ip 172.16.100.0 0.0.0.255 192.168.15.0 0.0.0.255
60 deny ip 172.16.100.0 0.0.0.255 192.168.20.0 0.0.0.255
70 deny ip 172.16.100.0 0.0.0.255 192.168.30.0 0.0.0.255
80 deny ip 172.16.100.0 0.0.0.255 192.168.40.0 0.0.0.255
90 deny ip 172.16.100.0 0.0.0.255 192.168.99.0 0.0.0.255
100 deny ip 172.16.100.0 0.0.0.255 192.168.100.0 0.0.0.255 (1394848 matches)
110 deny ip 172.16.100.0 0.0.0.255 192.168.254.0 0.0.0.255
120 deny ip 172.16.100.0 0.0.0.255 192.168.101.0 0.0.0.255
130 deny ip 172.16.100.0 0.0.0.255 192.168.200.0 0.0.0.255 (18371214 matches)
140 deny ip 172.16.100.0 0.0.0.255 192.168.201.0 0.0.0.255
150 deny ip 172.16.100.0 0.0.0.255 192.168.202.0 0.0.0.255
160 permit ip 172.16.100.0 0.0.0.255 any (86544882 matches)
170 deny ip 172.16.100.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_902
10 deny ip 172.16.102.0 0.0.0.255 172.16.100.0 0.0.0.255
20 deny ip 172.16.102.0 0.0.0.255 172.16.101.0 0.0.0.255
30 deny ip 172.16.102.0 0.0.0.255 172.16.102.0 0.0.0.255 (51579 matches)
40 deny ip 172.16.102.0 0.0.0.255 192.168.0.0 0.0.0.255 (4417 matches)
50 deny ip 172.16.102.0 0.0.0.255 192.168.10.0 0.0.0.255
60 deny ip 172.16.102.0 0.0.0.255 192.168.15.0 0.0.0.255
70 deny ip 172.16.102.0 0.0.0.255 192.168.20.0 0.0.0.255
80 deny ip 172.16.102.0 0.0.0.255 192.168.30.0 0.0.0.255
90 deny ip 172.16.102.0 0.0.0.255 192.168.40.0 0.0.0.255
100 deny ip 172.16.102.0 0.0.0.255 192.168.99.0 0.0.0.255
110 deny ip 172.16.102.0 0.0.0.255 192.168.100.0 0.0.0.255
120 deny ip 172.16.102.0 0.0.0.255 192.168.254.0 0.0.0.255
130 deny ip 172.16.102.0 0.0.0.255 192.168.101.0 0.0.0.255
140 deny ip 172.16.102.0 0.0.0.255 192.168.200.0 0.0.0.255
150 deny ip 172.16.102.0 0.0.0.255 192.168.201.0 0.0.0.255
160 deny ip 172.16.102.0 0.0.0.255 192.168.202.0 0.0.0.255
170 permit ip 172.16.102.0 0.0.0.255 any (25969 matches)
180 deny ip 172.16.102.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_903
10 deny ip 172.16.103.0 0.0.0.255 192.168.0.0 0.0.0.255 (222565230 matches)
20 deny ip 172.16.103.0 0.0.0.255 192.168.10.0 0.0.0.255 (114570947 matches)
30 deny ip 172.16.103.0 0.0.0.255 192.168.200.0 0.0.0.255 (70681186 matches)
40 deny ip 172.16.103.0 0.0.0.255 172.16.90.0 0.0.0.255
50 deny ip 172.16.103.0 0.0.0.255 172.16.100.0 0.0.0.255 (8958 matches)
60 permit ip 172.16.103.0 0.0.0.255 any (496118685 matches)
70 deny ip 172.16.103.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list PolicyRoute_909
10 deny ip 172.16.90.0 0.0.0.255 172.16.90.0 0.0.0.255 (151 matches)
20 deny ip 172.16.90.0 0.0.0.255 172.16.101.0 0.0.0.255
30 deny ip 172.16.90.0 0.0.0.255 192.168.0.0 0.0.0.255
40 deny ip 172.16.90.0 0.0.0.255 192.168.10.0 0.0.0.255
50 deny ip 172.16.90.0 0.0.0.255 192.168.15.0 0.0.0.255
60 deny ip 172.16.90.0 0.0.0.255 192.168.20.0 0.0.0.255
70 deny ip 172.16.90.0 0.0.0.255 192.168.30.0 0.0.0.255
80 deny ip 172.16.90.0 0.0.0.255 192.168.40.0 0.0.0.255
90 deny ip 172.16.90.0 0.0.0.255 192.168.99.0 0.0.0.255
100 deny ip 172.16.90.0 0.0.0.255 192.168.100.0 0.0.0.255
110 deny ip 172.16.90.0 0.0.0.255 192.168.254.0 0.0.0.255
120 deny ip 172.16.90.0 0.0.0.255 192.168.101.0 0.0.0.255
130 deny ip 172.16.90.0 0.0.0.255 192.168.200.0 0.0.0.255
140 deny ip 172.16.90.0 0.0.0.255 192.168.201.0 0.0.0.255
150 deny ip 172.16.90.0 0.0.0.255 192.168.202.0 0.0.0.255
160 permit ip 172.16.90.0 0.0.0.255 any (1468038 matches)
170 deny ip 172.16.90.0 0.0.0.255 192.168.12.0 0.0.0.255 log
Extended IP access list preauth_ipv4_acl (per-user)
10 permit udp any any eq domain
20 permit tcp any any eq domain
30 permit udp any eq bootps any
40 permit udp any any eq bootpc
50 permit udp any eq bootpc any
60 deny ip any any
Extended IP access list system-cpp-all-routers-on-subnet
10 permit ip any host 224.0.0.2
Extended IP access list system-cpp-all-systems-on-subnet
10 permit ip any host 224.0.0.1
Extended IP access list system-cpp-dhcp-cs
10 permit udp any eq bootpc any eq bootps
Extended IP access list system-cpp-dhcp-sc
10 permit udp any eq bootps any eq bootpc
Extended IP access list system-cpp-dhcp-ss
10 permit udp any eq bootps any eq bootps
Extended IP access list system-cpp-energywise-disc
10 permit udp any any eq 0
Extended IP access list system-cpp-hsrpv2
10 permit udp any host 224.0.0.102
Extended IP access list system-cpp-igmp
10 permit igmp any 224.0.0.0 31.255.255.255
Extended IP access list system-cpp-ip-mcast-linklocal
10 permit ip any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ospf
10 permit ospf any any
Extended IP access list system-cpp-pim
10 permit pim any 224.0.0.0 0.0.0.255
Extended IP access list system-cpp-ripv2
10 permit ip any host 224.0.0.9
IPv6 access list DHCP Sever
permit udp any eq 546 any eq 547 sequence 10
permit udp any eq 547 any eq 546 sequence 20
IPv6 access list preauth_ipv6_acl (per-user)
permit udp any any eq domain sequence 10
permit tcp any any eq domain sequence 20
permit icmp any any nd-ns sequence 30
permit icmp any any nd-na sequence 40
permit icmp any any router-solicitation sequence 50
permit icmp any any router-advertisement sequence 60
permit icmp any any redirect sequence 70
permit udp any eq 547 any eq 546 sequence 80
permit udp any eq 546 any eq 547 sequence 90
deny ipv6 any any sequence 100
IPv6 access list system-cpp-dhcpv6-cs
permit udp any eq 546 any eq 547 sequence 10
IPv6 access list system-cpp-dhcpv6-sc
permit udp any eq 547 any eq 546 sequence 10
IPv6 access list system-cpp-icmpv6-na
permit icmp any any nd-na sequence 10
IPv6 access list system-cpp-icmpv6-ns
permit icmp any any nd-ns sequence 10
IPv6 access list system-cpp-icmpv6-ra
permit icmp any any router-advertisement sequence 10
IPv6 access list system-cpp-icmpv6-rr
permit icmp any any redirect sequence 10
IPv6 access list system-cpp-icmpv6-rs
permit icmp any any router-solicitation sequence 10
Extended MAC access list system-cpp-bpdu-range
permit any 0180.c200.0000 0000.0000.0003
Extended MAC access list system-cpp-cdp
permit any host 0100.0ccc.cccc
Extended MAC access list system-cpp-dot1x
permit any any 0x888E
Extended MAC access list system-cpp-mcast-cfm
permit any 0180.c200.0030 0000.0000.000f
Extended MAC access list system-cpp-sstp
permit any host 0100.0ccc.cccd
Extended MAC access list system-cpp-ucast-cfm
permit any host 00d7.8f0d.413d
CoreSwitch4507#config t
Enter configuration commands, one per line. End with CNTL/Z.
CoreSwitch4507(config)#Extended IP access list PolicyRoute_100
^
% Invalid input detected at '^' marker.
CoreSwitch4507(config)#ip access-list extended PolicyRoute_100
CoreSwitch4507(config-ext-nacl)#no deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255 log
CoreSwitch4507(config-ext-nacl)#no deny ip 192.168.0.0 0.0.0.255 172.16.102.0 0.0.0.255
CoreSwitch4507(config-ext-nacl)#no deny ip 192.168.0.0 0.0.0.255 10.10.5.0 0.0.0.255
CoreSwitch4507(config-ext-nacl)#no deny ip 192.168.0.0 0.0.0.255 10.100.10.0 0.0.0.255
CoreSwitch4507(config-ext-nacl)# 181 deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255 log
CoreSwitch4507(config-ext-nacl)# 182 deny ip 192.168.0.0 0.0.0.255 172.16.102.0 0.0.0.255
CoreSwitch4507(config-ext-nacl)# 183 deny ip 192.168.0.0 0.0.0.255 10.10.5.0 0.0.0.255
CoreSwitch4507(config-ext-nacl)# 184 deny ip 192.168.0.0 0.0.0.255 10.100.10.0 0.0.0.255
CoreSwitch4507(config-ext-nacl)#
02-14-2019 11:57 AM
Thank you for the clarification that the issue about 10.100.10.0 was that there was no active device on that vlan and that when you do connect something in that vlan that then the subnet is advertised. It was a good test to try with a static route but it is not needed.
So the real issue was the PBR being applied to traffic for the remote. Changing the acl to deny that traffic is the appropriate solution to the problem. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This was a subtle problem and quite interesting. I believe that other participants will benefit from this discussion. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
HTH
Rick
02-14-2019 10:30 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide