02-02-2008 03:55 AM - edited 03-05-2019 08:53 PM
We have somany vlans and we put some access-list on trunk link for restricting the intervlan communication.but whenever we are going for ip request from DHCP server, we are not able to get that.the communication between DHCP server vlan and all the other vlans is allowed.pls suggest us on this.
02-02-2008 04:14 AM
Mr. Basu,
plz post the running conf of the device which is doing inter VLAN routing in your LAN
--gaurav
02-02-2008 04:53 AM
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxxxxxxx
!
enable secret 5 xxxxxxxxxxxx
ip subnet-zero
ip routing
ip dhcp-server 10.1.1.21
ip dhcp-server 10.1.2.21
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport access vlan 50
!
interface FastEthernet0/5
switchport access vlan 100
!
interface FastEthernet0/6
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 2
!
interface FastEthernet0/9
switchport access vlan 50
!
interface FastEthernet0/13
switchport access vlan 2
!
interface FastEthernet0/14
switchport access vlan 2
!
interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/24
no switchport
ip address 10.1.26.1 255.255.255.252
ip route-cache policy
flowcontrol receive on
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
ip access-group 110 in
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
ip access-group 110 in
!
interface Vlan1
ip address 10.1.1.1 255.255.255.0
ip helper-address 10.1.2.21
ip helper-address 10.1.1.21
ip directed-broadcast
!
interface Vlan2
ip address 10.1.2.1 255.255.255.0
ip helper-address 10.1.1.21
ip helper-address 10.1.2.21
ip directed-broadcast
!
interface Vlan3
ip address 10.1.3.1 255.255.255.0
ip helper-address 10.1.2.21
ip helper-address 10.1.1.21
!
interface Vlan4
ip address 10.1.4.1 255.255.255.0
ip helper-address 10.1.1.21
ip helper-address 10.1.2.21
!
interface Vlan6
ip address 10.1.6.1 255.255.255.0
ip helper-address 10.1.1.21
ip helper-address 10.1.2.21
!
interface Vlan8
ip address 10.1.8.1 255.255.255.0
ip helper-address 10.1.2.21
ip helper-address 10.1.1.21
!
interface Vlan10
ip address 10.1.10.1 255.255.255.0
ip helper-address 10.1.1.21
ip helper-address 10.1.2.21
ip accounting output-packets
!
access-list 110 permit ip 10.1.1.0 0.0.0.255 any
access-list 110 permit ip 10.1.2.0 0.0.0.255 any
access-list 110 permit ip 10.1.3.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 permit ip 10.1.3.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 110 permit ip 10.1.3.0 0.0.0.255 10.1.3.0 0.0.0.255
access-list 110 deny ip 10.1.3.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.1.3.0 0.0.0.255 any
access-list 110 permit ip 10.1.4.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 permit ip 10.1.4.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 110 permit ip 10.1.4.0 0.0.0.255 10.1.4.0 0.0.0.255
access-list 110 deny ip 10.1.4.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.1.4.0 0.0.0.255 any
access-list 110 permit ip 10.1.6.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 permit ip 10.1.6.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 110 permit ip 10.1.6.0 0.0.0.255 10.1.6.0 0.0.0.255
access-list 110 deny ip 10.1.6.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.1.6.0 0.0.0.255 any
access-list 110 permit ip 10.1.8.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 permit ip 10.1.8.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 110 permit ip 10.1.8.0 0.0.0.255 10.1.8.0 0.0.0.255
access-list 110 deny ip 10.1.8.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.1.8.0 0.0.0.255 any
access-list 110 permit ip 10.1.10.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 110 permit ip 10.1.10.0 0.0.0.255 10.1.2.0 0.0.0.255
access-list 110 permit ip 10.1.10.0 0.0.0.255 10.1.10.0 0.0.0.255
access-list 110 deny ip 10.1.10.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.1.10.0 0.0.0.255 any
arp 10.1.1.16 0007.508d.7700 ARPA alias
!
monitor session 2 source interface Fa0/24
monitor session 2 destination interface Fa0/11
end
02-02-2008 05:22 AM
.. and what all VLAN's should not talk to what all other VLANs. I means what vlan restrictions you are looking for?
--gaurav
02-02-2008 05:42 AM
except the vlan 1 & 2 all other vlan should not talk to each other by any mean but other vlans must talk to vlan 1 & 2.and also vlan 1 & 2 should talk to each other and to other vlans also.
02-02-2008 05:49 AM
do you have 'access-list 110 permit ip any any ' at the end of the access-list 110? Try it once if it is not there.
02-02-2008 06:58 AM
thanks buddy i have just checked it out and its working.Thanks a lot.
02-02-2008 08:36 AM
hi
I Have 1 Question:why you enable ip directed-broadcast on some particular Vlan's
10xs
02-02-2008 12:12 PM
Although Mr. Basu would be the best person to answer this question yet my understanding behind this is :
vlan1 and vlan2 accomodates DHCP servers where they have to reply/acknowledge on a broadcast from clients. By enabling 'ip directed broadcast' on vlan1 and 2 he has enabled all the ports under these vlans to accept DHCP-requests like brodcasts from hosts.
By assigning a separate vlan to DHCP servers he has flexibility of extending the no. of dhcp servers.
This is my understanding, your views invited plz.
--gaurav
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide