[c-nsp] route problem

Rodney Dunn rodunn at cisco.com
Mon Nov 17 18:48:44 EST 2008


I'm assuming your diagram was:

normal user----vlan 500---3560 switch---2801router---internet
gusest users---vlan 167--/

such that inter vlan routing would happen on the 3560.

Just follow the packet via 'sh ip route'.

So a norma user goes to a webserver..what is the address?

When the packet leaves the normal user does it make it in the
3560 ACL on the ingress interface?
If so, what does 'sh ip route' say for the destination of the packet?
Go to next hop...etc..

Rodney


On Mon, Nov 17, 2008 at 05:05:42PM -0600, Dan Letkeman wrote:
> Hello,
> 
> I have setup a guest vlan for internet access.  When the users connect
> to the guest network they get only internet access and no access to
> any of the servers on the rest of the network.  The problem I'm having
> now is that the users on the guest network cannot access our internal
> web servers.  I'm wondering if this is a simple access list problem or
> is it a route problem?
> 
> topology is a follows:
> 
> 
> normal user----------vlan 500--------------3560 switch----------2801
> router------------internet
>                                                           |
>                                                           |
> guest users---------vlan 167---------------------
> 
> 
> There is an access list on vlan 167 on the 3560 switch that only
> allows the guest users access to the internet.  So when I do a trace
> route from the guest network to the internal web address I get a
> timeout at the router.  The internal web server resolves with our
> external ip address because the guest users are not using our internal
> dns servers.
> 
> Any ideas where I should start?
> 
> Dan.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list