From: Toh Soon, Lim (tohsoon28@gmail.com)
Date: Wed Sep 05 2007 - 15:36:18 ART
Hi Group,
I can't figure out this issue. Hope you can spot the problem.
R4 -----Cat3550----- BB1
|
|
BB3
R4 and BB1 connect to Cat3550 on VLAN4. Both run RIPv2 and eBGP. Cat3550 has
no SVI on VLAN4. BB3 connects to Cat3550 on VLAN10. Cat3550 has an SVI on
VLAN10 and runs eBGP with BB3. The protocols work without issue.
Now, I added the following VACL config on the Cat3550:
!
vlan access-map TESTVACL 10
action forward
match ip address 170
!
vlan filter TESTVACL vlan-list 4,10
!
access-list 170 permit tcp any any eq telnet
access-list 170 permit tcp any any eq bgp
access-list 170 permit icmp any any
!
I did "cle arp", "cle ip ro *", and "cle ip bgp *". As expected, R4 & BB1
can ping to each other, so do Cat3550 & BB3. R4 & BB1 do not receive each
others' RIP updates.
However, I encountered the following issues:
(1) The Cat3550-BB3 eBGP session successfully came up but not the R4-BB1
eBGP session. After I added the line "access-list 170 permit tcp any eq bgp
any", R4-BB1 eBGP session came up.
(2) R4 & BB1 can't telnet to each other. Cat3550 can't telnet to BB3 but BB3
can telnet to Cat3550! After I added the line "access-list 170 permit tcp
any eq telnet any", the telnet issue was resolved.
What did I configure wrongly to get such a weird results? Appreciate it if
anyone can enlighten me. Also can anyone please lab it up and verify if you
get the same results?
Thank you.
B.Rgds,
Lim TS
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:09 ART