09-14-2009 01:00 PM
Hi, i'm using brand new 1 X SFE2000, 1 X RV082 as router and 2 X WAP2000 with linksys power injectors in my network. I would like to have 3 VLANs. first one would be a management vlan, second an admin vlan and the last one a customer vlan. management would be used for computer tech to manage the equipment. the admin Vlan would be used for all the employees, the AD win2k8 server will be on this vlan too. the customer vlan would be used only to get to the internet. VLan 1 would speak to 2 and 3, but 2 and 3 would not speak to each other. I will relay the AD DHCP server on the 3 vlan. The switch is on layer 3 protocol.
Here is my problem, as soon as i activate the IP access list, the switch is locking up and the only way i can get it to work is to go back to a previous saved config without IP access list activated. i'm activating IP access list with all access to any vlan...and still the same problem... MAC access list is working perfectly.
i'm having the latest firmware...
any advice would be welcome !
thanks alot !
09-14-2009 02:31 PM
Hello,
What is the IP subnet for VLAN 1?
What is the IP subnet for VLAN 2?
What is the IP subnet for VLAN 3?
Tell me how it is your setting up your IP ACL?
What routes have you added to the layer 3 switch?
What IP addresses have you added to the layer 3 switch?
What routes have you added to the RV082?
What IP addresses have you added to the RV082?
Regards,
Christopher
09-15-2009 08:45 AM
What is the IP subnet for VLAN 1?
192.168.1.0~254
What is the IP subnet for VLAN 2?
192.168.2.0~254
What is the IP subnet for VLAN 3?
192.168.3.0~254
Tell me how it is your setting up your IP ACL?
prot. src. add. src. mask dest. add dest. mask action
IP any any any any permit
i opened averything to make some test
What routes have you added to the layer 3 switch?
dest ip pref.lenght next hop route type metric
0.0.0.0 /0 192.168.1.1 remote 1
What IP addresses have you added to the layer 3 switch?
192.168.1.2
192.168.2.2
192.168.3.2
What routes have you added to the RV082?
dest ip mask def. gateway hop count interface
192.168.2.0 255.255.255.0 192.168.2.1 1 LAN
192.168.3.0 255.255.255.0 192.168.2.1 1 LAN
What IP addresses have you added to the RV082?
192.168.1.1
multiple subnet config
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0
09-16-2009 06:43 AM
My immediate reaction is to change:
prot. src. add. src. mask dest. add dest. mask action
IP any any any any permit
To:
prot. src. add. src. mask dest. add dest. mask action
ANY any any any any permit
I have some reservations as to how the RV082 is deployed but I have to test an alternative in my lab.
What is the firmware version on the SFE2000?
Can you attach a config file for the SFE?
You say the switch locks up, does it continue to pass any traffic on any ports at all or does it just lock you out of the interface?
If you console the switch after applying your ACL with the serial cable, does it still have an IP bound to the management interface?
09-17-2009 11:30 AM
09-17-2009 11:49 AM
is there a place here i can download a simulator of that switch ?
thanks...
09-18-2009 10:12 AM
No simulator that I am aware of. A program called "Packet Tracer" is available to Cisco university students, and that has a small selection of small business devices but not this one.
I will look into your config today. Immediately I notice that the management/native VLAN was changed from 100. From where did you perform this change?
09-18-2009 10:23 AM
I think i did it from the console
thanks alot !
09-18-2009 10:43 AM
Did
prot. src. add. src. mask dest. add dest. mask action
ANY any any any any permit
Also cause the switch to lock up?
Did you use the default console, or load an alternate console?
09-18-2009 10:51 AM
I didn't tried "any" anywhere as i was supposed to go at the customer's place today...but i got 1 good news, I will replace their linksys switch for a cisco switch...i mean temporarily...by monday morning. This way the SFE2000 will be at my office and out of production...test will be easier this way !
have a good weekend christopher
i'll be back with news by monday
10-20-2009 07:15 AM
Can you please assist me in order to save config file from web GUI to the desktop.
Thank you.
10-23-2009 02:19 PM
09-21-2009 12:18 PM
09-21-2009 02:00 PM
Yes, I have seen this error before. Could you attach the current configuration and tell me what it is you ultimately wish to accomplish with your ACL? If so, I can look at the config, and then I should be able to tell you how to implement what you need. You may in fact be better off contacting the SBSC directly and opening a case with us. Then we could WebEx and work this out. The number here is 866.616.1866.
Regards,
Chris
09-22-2009 06:23 AM
Hi christopher,
i used the same config file posted earlier...but i've only added "ANY" in my test ACL and bind it to a port...what i want to do is very simple
VLAN 1 subnet 192.168.1.0/24.....Admin VLAN subnet to acces my network hardware
VLAN 2 subnet 192.168.2.0/24.....Active Directory domain subnet
VLAN 3 subnet 192.168.3.0/24.....it's my guest internet VLAN wich shoul only have acces to internet
VLAN 1 speak to VLAN 2
VLAN 1 speak to VLAN 3
VLAN 2 speak to VLAN 1
VLAN 2 don't speak to VLAN 3
VLAN 3 speak to VLAN 1 only to be routed out to internet
VLAN 3 speak to VLAN 2 only for DHCP relay...dhcp is my active directory Domain Ctrl on VLAN 2
is that what you've asked for ?
thank again !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide