Re: Forward traffic from subnet to another on C3750

gabecz · ‎04-22-2024

hi guys thanks for your suggestions in advance

i just reconsidered my whole message. after trying some things. i think i need to set up acl but i'm far from good at it.

what would be the ip access-list extended or access-list lines that'd allow me to have network on the windows machines on this setup?

i can't share the bgp and neighbor lines of the config but here is the beginning of the config and the nic settings

i rolled back to a plain setup for now.

sh ru on cisco-a

version 15.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service compress-config
!
hostname cisco-a
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console informational
no logging monitor
!
no aaa new-model
clock timezone pst -8 0
clock summer-time pdt recurring
no ipv6 cef
ipv6 multicast rpf use-bgp
no ip icmp rate-limit unreachable
!
no ip domain-lookup
no ip cef
!
spanning-tree mode pvst
spanning-tree extend system-id
!

vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
interface Loopback0
ip address 123.123.1.7 255.255.255.255
!
interface Ethernet0/0
description Internet Access
no switchport
ip address dhcp
no ip redirects
no ip proxy-arp
no cdp enable
!
interface Ethernet0/1
description iBGP peering link to cisco-b
no switchport
ip address 172.16.13.0 255.255.255.254
no ip redirects
!
interface Ethernet0/12
no switchport
ip address 123.123.13.246 255.255.255.252
no ip redirects

no ip http server

route-map A_to_B permit 10
match ip address 100
set metric 100
!
route-map set-med permit 10
set metric 80
!
!
snmp-server community cispublic RO 15
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end

MHM Cisco World · ‎04-24-2024

You need in Routet two NAT overload

One for each host subnet

MHM

Georg Pauwen · ‎04-24-2024

Hello,

can you post the configs of both 3750 switches ?

gabecz · ‎04-25-2024

updated my post with the config. cisco-b is identical to this but the 3 ip addresses. loopback 8 instead of 7, e0/1 1 instead of 0, and 242 instead of 246 on e0/12 is all the difference. thanks for any suggestion

gabecz · ‎04-25-2024

basically from windows i can ping the switch interface that connects to opnsense, but not opnsense and vice versa from opnsense i can ping the interface on the swtich that connects to the windows machine but not the windows machine.

isn't this one of those things where you need to have an access list and do ip access-group X in and ip access-group Y out on these interfaces? sorry for my kitchen language.

Georg Pauwen · ‎04-26-2024

Hello,

post the full running configs of both switches and the router...

MHM Cisco World · ‎04-26-2024

share traceroute from window to opensense

MHM

paul driver · ‎04-26-2024

Hello

@gabecz wrote:
from windows i can ping the switch interface that connects to opnsense, but not opnsense and vice versa i can ping the interface on the swtich that connects to the windows machine but not the windows machine.

Do you have the windows software firewall on?- if so by default windows negates echo-reply (ping reply)
Add an allow rule for icmp echo-reply in the fw or temporally turn off the fw and test again

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul