Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
The system consists of a switch with two VLANs for hosts, and a router with two WAN connections.Switch:Interface vlan10 - 192.168.1.1/24, with some hostsInterface vlan20 - 192.168.2.1/24, with some hostsinterface g0/12 - 172.16.0.2/252, uplink to rou...
Very strange behaviour on a layer 3 switch. The second entry can affect the first entry in an ACL.A computer is in a vlan. The vlan has an ACL. The ACL references an object group to specify the protocol and port number.interface vlan4
ip address 192....
For inter-vlan routing, router on a stick is a simple deployment. To mitigate the bottleneck created by the trunk link, we can use port aggregation. However, in modern networks, layer 3 switch is the most common solution for inter-vlan routing. Peopl...
Reflexive ACLs are configured on a C3560-CX switch to regulate inter-vlan traffic.Simplified settings to describe the scanario:interface Vlan10
ip access-group acl_in in
ip access-group acl_out out
access-list acl_in
permit icmp any any reflect acl_...
I'm trying to configure some access rules on a 3560CX switch.This works without using an object group:ip access-list extended test1
permit tcp any any 80 reflect reflexive_acl This works without using a reflexive ACL:object-group service www_ports
...
If I understand your code correctly, you are treating traffic from Vlan20 as exceptions, and treating traffic from Vlan10 as default/normal. I have no doubt about this logic. But if I want to learn how to treat them equally, could you please show me?...
Hi Paul,May I please ask why my config doesn't work? As I see, it has correct and clear logic, and complies with the syntax and usage of PBR and NAT.I could replace my code with your correct version, but that would still leave me having no idea what ...
There is no gateway address listed in sh ip route static. Instead, it's just the interface name, such as "0.0.0.0/0 is directly connected, g0/0/1"That actual IP address changes every time when the interface is disabled/enabled or the route is reboote...
Hi Paul,My configuration is not "obtained an example". I typed them letter by letter on the keyboard following Cisco official documentation and third-party articles. It's not an example code copied and pasted from somewhere.https://www.cisco.com/c/en...
