Table of Contents
Advertisement
In figure C-4, this ACE
denies access to the
10 Net's 10.0.8.1 router
gateway needed by
the 20 Net.
(Subnet mask is
255.255.255.0.)
Figure C-3. Example of ACE Blocking an Entire Subnet
Switch 2
10 Net -- VLAN 1
IP: 10.0.8.16
(Deflt. G'way = 10.0.8.1)
Switch 1 cannot
access the 30 Net on
Router X because ACL
101 on the Switch
5300xl or 3400cl denies
routed, outbound IP
traffic to the 10 Net.
Figure C-4. Example of Inadvertently Blocking a Gateway
to include the switch's IP address. For an example of this problem,
refer to the section titled "General ACL Operating Notes" in the
"Access Control Lists (ACLs)" chapter of the Advanced Traffic
Management Guide for your switch.
Routing Through a Gateway on the Switch Fails
Configuring a "deny" ACE that includes a gateway address can block traffic
attempting to use the gateway as a next-hop.
Remote Gateway Case on a Series 5300xl Switch. For example, config
uring ACL "101" (below) and applying it outbound on VLAN 1 in figure C-4
includes the router gateway (10.0.8.1) needed by devices on other networks.
This can prevent the switch from sending ARP and other routing messages to
the gateway router to support traffic from authorized remote networks.
Router X
10 Net
IP: 10.0.8.1
IP: 30.29.16.1
(Deflt. Gateway)
5300xl, 3400cl, or 6400cl
Switch
10 Net -- VLAN 1
IP: 10.08.15
(Deflt. G'Way = 10.0.8.1)
20 Net VLAN 2
IP: 20.0.8.1
(Deflt. G'way
for20.0.8.1)
30 Net
30.29.16.91
Troubleshooting
Unusual Network Activity
Switch 1
20 Net -- VLAN 2
IP: 20.0.8.21
(Deflt. G'way = 20.0.8.1)
C-11
Advertisement
Chapters
Table of Contents
Troubleshooting
