Table of Contents
Advertisement
Troubleshooting
Unusual Network Activity
Switch 2
10 Net -- VLAN 1
IP: 10.0.8.16
(Deflt. G'way = 10.0.8.1)
Switch 1 cannot
access the 30 Net on
Router X because ACL
101 on the Switch
5400zl denies routed,
outbound IP traffic to
the 10 Net.
Figure C-4. Example of Inadvertently Blocking a Gateway
C-12
Router X
10 Net
IP: 10.0.8.1
IP: 30.29.16.1
(Deflt. Gateway)
To avoid inadvertently blocking the remote gateway for authorized traffic
from another network (such as the 20 Net in this example):
1.
Configure an ACE that specifically permits authorized traffic from the
remote network.
2.
Configure narrowly defined ACEs to block unwanted IP traffic that would
otherwise use the gateway. Such ACEs might deny traffic for a particular
application, particular hosts, or an entire subnet.
3.
Configure a "permit any" ACE to specifically allow any IP traffic to move
through the gateway.
Local Gateway Case. If you use the switch as a gateway for traffic you want
routed between subnets, use these general steps to avoid blocking the gateway
for authorized applications:
1.
Configure gateway security first for routing with specific permit and deny
statements.
2.
Permit authorized traffic.
3.
Deny any unauthorized traffic that you have not already denied in step 1.
5400zl
10 Net -- VLAN 1
IP: 10.08.15
(Deflt. G'Way = 10.0.8.1)
20 Net VLAN 2
IP: 20.0.8.1
(Deflt. G'way
for 20.0.8.1)
30 Net
30.29.16.91
Switch 1
20 Net -- VLAN 2
IP: 20.0.8.21
(Deflt. G'way = 20.0.8.1)
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the 6200yl and is the answer not in the manual?
Questions and answers