09-23-2010 08:15 AM - edited 03-21-2019 03:02 AM
I have a UC500 where a workstation needs to connect to a separate network besides the UC network. The link to the separate network is connected to fastethernet0/1/0. The IP scheme is 10.32.4.0/24. The gateway on that network is 10.32.4.254.
I connected the workstation to fastethernet0/1/1. So far, I created a VLAN10 with an address of 10.32.4.245. I can ping 10.32.4.245 from the workstation. I cannot ping 10.32.4.254 from the workstation. If I telnet to the UC500, I can ping 10.32.4.254 no problem.
I tried to add a static route to 10.32.4.0 using VLAN10 as the interface. That did not make a difference as far as pinging was concerned.
Anyone have an idea of how to fix this?
09-23-2010 09:10 AM
I have a UC500 where a workstation needs to connect to a separate network besides the UC network. The link to the separate network is connected to fastethernet0/1/0. The IP scheme is 10.32.4.0/24. The gateway on that network is 10.32.4.254.
I connected the workstation to fastethernet0/1/1. So far, I created a VLAN10 with an address of 10.32.4.245. I can ping 10.32.4.245 from the workstation. I cannot ping 10.32.4.254 from the workstation. If I telnet to the UC500, I can ping 10.32.4.254 no problem.
I tried to add a static route to 10.32.4.0 using VLAN10 as the interface. That did not make a difference as far as pinging was concerned.
Anyone have an idea of how to fix this?
Here's what I did in a simular situation.
Caveats .. my OtherNet is VLAN201 and the network is 192.168.43.0/255.255.255.0
vlan 201
name LinkToOtherNet
interface FastEthernet0/1/0
switchport trunk native vlan 201
switchport mode trunk
macro description cisco-switch
interface Vlan201
description ** Link to OtherNet **
ip address 192.168.43.240 255.255.255.0
ip access-group 104 in
ip virtual-reassembly
That seems to have worked just fine on my end ... but naturally your mileage may vary....
09-23-2010 12:44 PM
What does your access-list 104 look like?
09-23-2010 01:12 PM
What does your access-list 104 look like?
access-list 104 deny tcp any eq 5060 any eq 5060
access-list 104 deny udp any eq 5060 any eq 5060
access-list 104 deny tcp any eq 5061 any eq 5061
access-list 104 deny udp any eq 5061 any eq 5061
access-list 104 deny tcp any eq 2427 any eq 2427
access-list 104 deny udp any eq 2427 any eq 2427
access-list 104 deny tcp any eq 2517 any eq 2517
access-list 104 deny udp any eq 2517 any eq 2517
access-list 104 deny tcp any eq 1718 any eq 1718
access-list 104 deny udp any eq 1718 any eq 1718
access-list 104 deny tcp any eq 1719 any eq 1719
access-list 104 deny udp any eq 1719 any eq 1719
access-list 104 deny tcp any eq 1720 any eq 1720
access-list 104 deny udp any eq 1720 any eq 1720
access-list 104 permit ip any any
Pretty much to keep SIP from sneeking in.... Plus a few other bad things...
09-28-2010 07:01 AM
09-28-2010 07:10 AM
I still cannot get this to work. I attached the running config. I tried it with and without the route statement that is currently in the config. Do I need to do anything to the port that the pc is plugged into that needs access to the other network? It is fastethernet0/1/1.
Jason..
You'll need to plug the switch that supports your OtherNet (VLAN10) into FastE0/1/0. You shouldn't need any route statement for VLAN10. Since FastE0/1/0 is part of your OtherNet it'll know how to pass traffic back and forth to whatever other VLANs you've assigned to it...
I note you're routing to the BVI, not bad, but sometimes confusing. I like to route serial (T1) traffic to interfaces, and Ethernet traffic to addresses. But that is entirely a matter of personal preference...
Naturally, your mileage may vary....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide