03-07-2010 07:02 AM - edited 03-06-2019 10:02 AM
Hi
I've a big problem with 3750 (IOS version c3750-ipservicesk9-tar.122-53.SE)
Two Vlan are defined on 3750:
- vlan 20 - ip 192.168.20.253
- vlan 10 - ip 192.168.10.253
All client on vlan 20 have as default gateway 192.168.20.253
All client on vlan 10 have as default gateway 192.168.10.253
I need this action
- All vlan 20 client must connect to vlan 10 client
- All vlan 10 client must connect to vlan 20 client
- If source address of a packet is in 192.168.20.0/24 and its destination address is different from 192.168.10.0/24 the next hop must be 192.168.20.254
- If source address of a packet is in 192.168.10.0/24 and its destination address is different from 192.168.20.0/24 the next hop must be 192.168.10.254
- If source address of a packet is in 192.168.10.0/24 and its destination address is equal to 192.168.20.0/24 the packet must be routing from 3750 and it haven't next hop
- If source address of a packet is in 192.168.20.0/24 and its destination address is equal to 192.168.10.0/24 the packet must be routing from 3750 and it haven't next hop
I've applied this command
!
interface Vlan10
ip address 192.168.10.253 255.255.255.0
ip pim sparse-dense-mode
ip policy route-map Vlan_10
!
interface Vlan20
ip address 192.168.20.253 255.255.255.0
ip pim sparse-dense-mode
ip policy route-map Vlan_20
!
!
ip classless
ip http server
ip http secure-server
!
!
ip sla enable reaction-alerts
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 103 permit ip 192.168.10.0 0.0.0.255 any
access-list 105 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 106 permit ip 192.168.20.0 0.0.0.255 any
route-map Vlan_20 permit 10
match ip address 105
set ip next-hop 192.168.10.253
!
route-map Vlan_20 permit 30
match ip address 106
set ip next-hop 192.168.20.254
!
route-map Vlan_10 permit 10
match ip address 101
set ip next-hop 192.168.20.253
!
route-map Vlan_10 permit 30
match ip address 103
set ip next-hop 192.168.10.254
Results is:
Vlan10 Client go on the web by 192.168.10.254 (correct)
Vlan20 Client go on the web by 192.168.20.254 (correct)
It's impossible ping 192.168.10.253 or 192.168.20.253 from rispective vlan (error)
Vlan10 CLient and Vlan20 CLient not ping between each other
Anyone can help me?
Sorry for my bad english
Antonio
03-07-2010 12:14 PM
Hi,
IMHO, there's a mistake
route-map Vlan_20 permit 10
match ip address 105
set ip next-hop 192.168.10.253
should be
route-map Vlan_20 permit 10
match ip address 105
set ip next-hop 192.168.20.253
and also
route-map Vlan_10 permit 10
match ip address 101
set ip next-hop 192.168.20.253
should be
route-map Vlan_10 permit 10
match ip address 101
set ip next-hop 192.168.10.253
Or you could even remove the "set ..." portions of both "route-map Vlan_20 permit 10" and "route-map Vlan_10 permit 10" route-map sections.
HTH,
Milan
03-09-2010 06:07 AM
Hi
The next hop is correct because packet from 10 to 20 must be processed by 192.168.20.253 and pachet from 20 to 10 must be processed by 192.168.10.253.
I solved the problem by correct use the access-list
interface Vlan10
ip address 192.168.10.253 255.255.255.0
ip pim sparse-dense-mode
ip policy route-map Vlan_10
!
interface Vlan20
ip address 192.168.20.253 255.255.255.0
ip pim sparse-dense-mode
ip policy route-map Vlan_20
!
access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 102 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 102 permit ip 192.168.20.0 0.0.0.255 any
route-map Vlan_20 permit 10
match ip address 102
set ip next-hop 192.168.20.254
!
route-map Vlan_10 permit 10
match ip address 101
set ip next-hop 192.168.10.254
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide