From: zhang-meng (meng_zhang@call-center.com.cn)
Date: Thu Dec 25 2003 - 00:49:37 GMT-3
> Hi: Group
>
> A problem about access-list(Cisco 6509),
> The scenario
> three vlan: vlan 1 (10.1.10.0/24), vlan 2(10.2.20.0/24), vlan
3(10.3.30. 0/24)
three VLANs:
The DHCP, DNS and WINS servers are in 10.1.10.0/24
DHCP server IP = 10.1.1.10
DNS server IP = 10.1.1.11
WINS server IP = 10.1.1.12
E-mail server IP= 10.1.1.100
DHCP clients in 10.2.20.0 and 10.3.30.0 will receive the DNS and WINs IP
addresses when they are assigned a DHCP IP address. This VLAN needs an ip
helper address configured and pointing to the DHCP server. Cisco 6509 will
route any communication between these clients and the DNS, WINS server.
but if I add access-list
for example:
access-list 101 deny ip 10.1.10.1 0.0.0.255 10.2.20.1 0.0.0.255
> access-list 101 deny ip 10.1.10.1 0.0.0.255 10.3.30.1 0.0.0.255
> access-list 101 permit ip any any
> vlan 1 ip access-group 101 in
whether or not DNS message can forward other vlans.
Could you have some principle for DNS. I have some confuse for this
principle.
Could you have some suggestion and example for this.
Best Regards
Zhang
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:44 GMT-3