09-12-2019 08:42 PM - edited 09-14-2019 12:59 PM
09-12-2019 10:10 PM
Hi,
It looks like you have an ACL issue for the return traffic. I believe you can successfully PING the device as of now. In order to be able to SSH and/or HTTPS to the device, you need to add an ACL entry from 10.99.7.0/24 to the source VLAN.
ip access-list extended Restrict_wifi_mgt
permit icmp 10.99.7.0 0.0.0.255 any
permit ip 10.99.7.0 0.0.0.255 host 10.99.0.50
permit ip 10.99.7.0 0.0.0.255 host 10.99.0.10
permit ip 10.99.7.0 0.0.0.255 host 10.99.130.10
permit ip 10.99.7.0 0.0.0.255 host 10.5.1.93
permit ip 10.99.7.0 0.0.0.255 host 10.21.130.31
permit ip 10.99.7.0 0.0.0.255 host 10.5.1.34
permit ip 10.99.7.0 0.0.0.255 X.X.X.X x.x.x.x
deny ip 10.99.7.0 0.0.0.255 any
permit ip any any
HTH,
Meheretab
09-13-2019 03:26 AM
Hello
@mediaworksnz wrote:
Hello, I have a device within VLAN 99 that I am trying to connect to via SSH or HTTPS (my router is a Cisco 1921).
I can do this successfully if I connect my laptop to an 'access vlan 99' port on the connecting switch, however from any other VLAN I cannot connect (even if I set the router's 'ssh source-interface vlan' to 99).
I do have an access-list on VLAN 99 but the direction is 'INBOUND' so should not affect traffic coming in to VLAN 99 from other VLANs. Can anyone see what is causing the problem ?
interface GigabitEthernet0/0
description LAN Switch
no ip address
interface GigabitEthernet0/0.10
description Data
encapsulation dot1Q 10
ip address 10.21.7.1 255.255.255.0
interface GigabitEthernet0/0.99
description WiFi
encapsulation dot1Q 99
ip address 10.99.7.1 255.255.255.0
ip access-group Restrict_wifi_mgt in
You dont have an active vlan 1 subnet specified on your router I can only see vlan10-99 ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: