Your policy routing which has PEZA ACL makes host from VLAN101 hop to 10.1.1.6 and back.

permit ip 10.1.2.0 0.0.0.127 any

Router 10.1.1.6 interface is clean of ACL for windows file sharing?

Hmmm, the last line in your reply gives more question than answer :)

i can ping 10.1.7.4.

i cannot telnet 10.1.7.4 on port 3389

i cannot telnet 10.1.7.4 on port 445

im using putty program for telnet to work on different ports aside from default.

AS mentioned in my previous post, your policy routing which has PEZA ACL makes host from VLAN101 hop to 10.1.1.6 and back to reach 10.1.7.x.

permit ip 10.1.2.0 0.0.0.127 any

Router 10.1.1.6 interface is clean of ACL for windows file sharing?

When logic doesn't work, its time to perform sniffing. Use wireshark http://www.wireshark.org/

HostA (10.1.2.18)= host connecting to shared file in HostB

HostB (10.1.7.4) = host with file sharing enable

Sniff HostA port in switch and trigger a file sharing connection from HostA to HostB. Save the result and post it here.

Sniff HostB port in switch and trigger a file sharing connection from HostA to HostB. Save the result and post it here.

my policy based routing is just for traffic bound to internet. traffic inside our LAN shoud be denied to those two router.

I will try the sniffing.

i will post again the result. maybe next week.

Thank so much for all your help.

how can i check this bidings? pls pls pls help. i didnt heard of this.

Hi

its "Control Panel > Network Connections > Advanced > Advanced Settings ...."

Thanks

Check bindings http://support.microsoft.com/kb/894564

But you already disable Win XP Firewall and you are able to connect in the same network (VLAN).

I remember during NT4 that you can connect PC to PC file sharing only in the same broadcast domain. In a large enterprise with multiple network you need client server. Anyway, I no windows expert so don't take this comment seriously :)

im thinking of bindings on switches. my mistake.

anyway ill try the sniffing first. havent tried it.

thanks guys.

If you can ping from VLAN to VLAN this isn't a InterVLAN issue. This is clearly a DNS/WINS/DNS Suffix issue, you don't go into a great deal of detail how your Windows machines are set up. If you have a domain controller in the network with Active Directory DNS this should be automatic, however DNS since Windows 2008 is far from automatic. By default on a Windows Domain Controller DNS will set up as a forwarder. If this is configured as a forwarder your clients will be registering to a remote host (most likely the ISP DNS); this doesn't do your local clients any good while trying to resolve names. If this is the case configure your DNS to resolve from root hints. You should also configure WINS lookup since you have gone to the trouble to install WINS.

If you don't have an Active Domain Controller this gets more complicated. Since Windows 2000 clients have relied on DNS to find things on the network. If there is no domain controller the clients have nowhere to register, you will have to open up your DNS server to dynamic registration.

Finally the DNS suffix search order will also cause this if it is not configured properly, again not knowing your Windows infrastructure it is impossible to recommend. All of this should be handed out to the client with DHCP. The DHCP server should also be handing out the netbios-node-type to the clients, however if DNS/WINS/DNS Suffix are not correct it won't matter.

Regards,

Sam