08-16-2017 06:28 AM - edited 03-08-2019 11:45 AM
See attached for a diagram of the layout of the network. My problem is i require remote access to all of the equipment which i have managed to achieve apart from the L2-SW1 device. Below is what i have found out from troubleshooting;
The gateways of both L2 switches is the same
You can ping the firewall, L3 and L2-SW2 from L2-SW1
You can ping the L2-SW1 from the L3 switches
You can’t ping the L2-SW1 from the firewall;
The config on both L2 switches is the same apart from the below which is in the config for the switch i cant connect to via its public ip address;
'Extended IP access list 122 10 permit ip 192.168.122.0 0.0.0.255 any'
'class-map match-all class122 match access-group 122 ! ! policy-map RATE-LIMIT class class122 police 20000000 800000 exceed-action drop'
I have an access rule to allow my public ip address to connect and i can connect to the other L2 switch and the L3 switch via SSH and ping both public address, just not this last one.
08-21-2017 02:13 PM
Hello,
if the configs of SW_1 and SW_2 are identical except for the access list, just in case the traffic load is really high, you could add:
access-list 122 permit 20 icmp any any
That said, does your policy map have a default class defined ?
policy-map RATE-LIMIT
class class122
police 20000000 800000 exceed-action drop
class class-default
11-05-2017 01:42 PM
Hello
You can ping the firewall, L3 and L2-SW2 from L2-SW1
You can’t ping the L2-SW1 from the firewall;
Got to be a ACL re-strict negating this, Can you post the acls for the fw and L2-Sw1
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide