Thanks for kind and quick replay.

Actually I didn't get you. Kindly please explain more. I am stuck with that one.

Default Gateway for DHCP is Switch Port IP address which we connected DHCP server IP range?

Kindly Help me Please.

Yes, you are correct. The gateway must be in the same range. After you set gateway on dhcp server, you should be able to ping it from switch with any source. Please check this command on switch as an example.

ping 10.20.30.9 source 10.27.130.1

Thanks for you help.

Above are ok.

That 3750G has some issue. I got to change the firmware. I copied that firmware from switch. but when I tried to upload from tftp server it shows "error opening tftp".

I can download any file from switch to tftp server.

when put show flash on that switch this show

drw   c3750-ipbasek9-mz.122-58.SE1

in directory mode. ican't see c3750-ipbasek9-mz.122-58.SE1.bin this file.

But backup to tftp server. Directory has any issue for uploading.

Please provide steps for uploading new firmware.

Thanks for advance.

Kindly help me please

Hello,

It is very simple.

Check the the link below for that

https://www.youtube.com/watch?v=HFKHb4hy56U.

Copy TFTP Flash

make sure here you put the complete name of IOS plus .bin

Also check the configuration of your TFTP server. You need to put the IOS in the default directory of TFTP server. When you upload your IOS into TFTP server, search that IOS in your computer. Put the new IOS next tothe IOS you find after search.

Masoud

By default, there is no restriction for communication, so VLAN managment can access to other VLAN. You need to put restriction on other VLAN to access VLAN 10.

ip access-list extended managmet
permit tcp 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 established
permit tcp 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 established
permit icmp 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 echo-reply
permit icmp 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255 echo-reply
deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip any any

Int vlan 10
ip access-group managmet OUT (edited)  ( Changing IN to OUT suggested by Paul)

Please try it and give feedback.

Hope it helps,

Masoud

Masoud

Hello Masoud

Remember your query on a prvious post regards svi racl logic

Take a look at this picture example from Peter to clarify https://supportforums.cisco.com/discussion/12043016/pls-explain-svi-acl-source-and-destination-direction

Res

Paul

Hello,

oops. My mistake. You are right. I need to put on out interface.

Thanks for mentioning.

Best,

Masoud

Summary. The rule of thumb for the direction of the ACL on SVI above are:

ACL always have the form of , while the direction of the ACL int SVI works as below:

If it’s INBOUND (“ip access-group ACL out”), then it means “It’s going OUT TO the VLAN100 access ports.”
If it’s OUTBOUND (“ip access-group ACL in”), then it means “It’s going AWAY from the VLAN100”