ammadeyy2020
asked on
access-list uknown
Below is my router configuration
im trying to use net support manager to manage clients remotely
from 30 range i can connect to clients on 80
but from 50 range i cant connect to clients on 80, can connect to 30, 20
i want to 50 range to have full access to entire network
i havent applied any access-list yet, bot for some reason im unable to connect to 80 range, from 50
Router Configuration
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
speed auto
!
interface FastEthernet0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0.40
encapsulation dot1Q 40
ip address 192.168.40.1 255.255.255.0
!
interface FastEthernet0.50
encapsulation dot1Q 50
ip address 192.168.50.1 255.255.255.0
!
interface FastEthernet0.60
encapsulation dot1Q 60
ip address 192.168.60.1 255.255.255.0
!
interface FastEthernet0.70
encapsulation dot1Q 70
ip address 192.168.70.1 255.255.255.0
!
interface FastEthernet0.80
encapsulation dot1Q 80
ip address 192.168.80.1 255.255.255.0
!
interface FastEthernet0.90
encapsulation dot1Q 90
ip address 192.168.90.1 255.255.255.0
ip access-group 2 out
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.2
no ip http server
!
ip access-list extended DMZ_TRAFFIC_IN
permit tcp any 192.168.20.0 0.0.0.255 eq 445
permit tcp any 192.168.20.0 0.0.0.255 eq 3772
permit tcp any 192.168.20.0 0.0.0.255 eq 3773
permit tcp any 192.168.20.0 0.0.0.255 eq 3774
permit tcp any 192.168.20.0 0.0.0.255 eq 3775
permit tcp any 192.168.20.0 0.0.0.255 eq 3776
permit tcp any 192.168.20.0 0.0.0.255 eq 3777
permit tcp any 192.168.20.0 0.0.0.255 eq 3778
permit tcp any 192.168.20.0 0.0.0.255 eq 3779
permit tcp any 192.168.20.0 0.0.0.255 eq 139
permit tcp any 192.168.20.0 0.0.0.255 eq 389
permit tcp any 192.168.20.0 0.0.0.255 eq www
permit tcp any 192.168.20.0 0.0.0.255 eq 13000
permit tcp any 192.168.20.0 0.0.0.255 eq 14000
permit tcp any 192.168.20.0 0.0.0.255 eq 5405
permit tcp any 192.168.20.0 0.0.0.255 eq pop3
permit tcp any 192.168.20.0 0.0.0.255 eq smtp
permit udp any 192.168.20.0 0.0.0.255 eq domain
!
access-list 1 permit 192.168.90.0 0.0.0.255
access-list 2 permit 192.168.40.0 0.0.0.255
access-list 100 remark ACTIVE DIRECTORY AUTHENTICATION
access-list 100 permit tcp any 192.168.30.0 0.0.0.255 eq 88
access-list 101 remark DNS
access-list 101 permit udp any 192.168.20.0 0.0.0.255 eq domain
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0
im trying to use net support manager to manage clients remotely
from 30 range i can connect to clients on 80
but from 50 range i cant connect to clients on 80, can connect to 30, 20
i want to 50 range to have full access to entire network
i havent applied any access-list yet, bot for some reason im unable to connect to 80 range, from 50
Router Configuration
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
speed auto
!
interface FastEthernet0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0.40
encapsulation dot1Q 40
ip address 192.168.40.1 255.255.255.0
!
interface FastEthernet0.50
encapsulation dot1Q 50
ip address 192.168.50.1 255.255.255.0
!
interface FastEthernet0.60
encapsulation dot1Q 60
ip address 192.168.60.1 255.255.255.0
!
interface FastEthernet0.70
encapsulation dot1Q 70
ip address 192.168.70.1 255.255.255.0
!
interface FastEthernet0.80
encapsulation dot1Q 80
ip address 192.168.80.1 255.255.255.0
!
interface FastEthernet0.90
encapsulation dot1Q 90
ip address 192.168.90.1 255.255.255.0
ip access-group 2 out
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.2
no ip http server
!
ip access-list extended DMZ_TRAFFIC_IN
permit tcp any 192.168.20.0 0.0.0.255 eq 445
permit tcp any 192.168.20.0 0.0.0.255 eq 3772
permit tcp any 192.168.20.0 0.0.0.255 eq 3773
permit tcp any 192.168.20.0 0.0.0.255 eq 3774
permit tcp any 192.168.20.0 0.0.0.255 eq 3775
permit tcp any 192.168.20.0 0.0.0.255 eq 3776
permit tcp any 192.168.20.0 0.0.0.255 eq 3777
permit tcp any 192.168.20.0 0.0.0.255 eq 3778
permit tcp any 192.168.20.0 0.0.0.255 eq 3779
permit tcp any 192.168.20.0 0.0.0.255 eq 139
permit tcp any 192.168.20.0 0.0.0.255 eq 389
permit tcp any 192.168.20.0 0.0.0.255 eq www
permit tcp any 192.168.20.0 0.0.0.255 eq 13000
permit tcp any 192.168.20.0 0.0.0.255 eq 14000
permit tcp any 192.168.20.0 0.0.0.255 eq 5405
permit tcp any 192.168.20.0 0.0.0.255 eq pop3
permit tcp any 192.168.20.0 0.0.0.255 eq smtp
permit udp any 192.168.20.0 0.0.0.255 eq domain
!
access-list 1 permit 192.168.90.0 0.0.0.255
access-list 2 permit 192.168.40.0 0.0.0.255
access-list 100 remark ACTIVE DIRECTORY AUTHENTICATION
access-list 100 permit tcp any 192.168.30.0 0.0.0.255 eq 88
access-list 101 remark DNS
access-list 101 permit udp any 192.168.20.0 0.0.0.255 eq domain
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0
Looking at this I'd guess it is connected to a switch. Can you provide the configuration of the switch(s) and their routing tables?
ASKER
User Access Verification
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport access vlan 10
!
interface FastEthernet0/3
switchport access vlan 20
!
interface FastEthernet0/4
switchport access vlan 20
!
interface FastEthernet0/5
switchport access vlan 20
!
interface FastEthernet0/6
switchport access vlan 20
!
interface FastEthernet0/7
switchport access vlan 30
!
interface FastEthernet0/8
switchport access vlan 30
!
interface FastEthernet0/9
switchport access vlan 30
!
interface FastEthernet0/10
switchport access vlan 30
!
interface FastEthernet0/11
switchport access vlan 30
!
interface FastEthernet0/12
switchport access vlan 30
!
interface FastEthernet0/13
switchport access vlan 30
!
interface FastEthernet0/14
switchport access vlan 30
!
interface FastEthernet0/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/16
switchport access vlan 40
!
interface FastEthernet0/17
switchport access vlan 40
!
interface FastEthernet0/18
switchport access vlan 40
!
interface FastEthernet0/19
switchport access vlan 40
!
interface FastEthernet0/20
switchport access vlan 40
!
interface FastEthernet0/21
switchport access vlan 40
!
interface FastEthernet0/22
switchport access vlan 40
!
interface FastEthernet0/23
switchport access vlan 40
!
interface FastEthernet0/24
switchport access vlan 40
!
interface FastEthernet0/25
switchport access vlan 40
!
interface FastEthernet0/26
switchport access vlan 50
!
interface FastEthernet0/27
switchport access vlan 50
!
interface FastEthernet0/28
switchport access vlan 50
!
interface FastEthernet0/29
switchport access vlan 50
!
interface FastEthernet0/30
switchport access vlan 50
!
interface FastEthernet0/31
switchport access vlan 60
!
interface FastEthernet0/32
switchport access vlan 60
!
interface FastEthernet0/33
switchport access vlan 60
!
interface FastEthernet0/34
switchport access vlan 60
!
interface FastEthernet0/35
switchport access vlan 60
!
interface FastEthernet0/36
switchport access vlan 70
!
interface FastEthernet0/37
switchport access vlan 80
!
interface FastEthernet0/38
switchport access vlan 80
!
interface FastEthernet0/39
switchport access vlan 80
!
interface FastEthernet0/40
switchport access vlan 80
!
interface FastEthernet0/41
switchport access vlan 80
!
interface FastEthernet0/42
switchport access vlan 80
!
interface FastEthernet0/43
switchport access vlan 80
!
interface FastEthernet0/44
switchport access vlan 80
!
interface FastEthernet0/45
switchport access vlan 80
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
switchport access vlan 90
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface VLAN1
ip address 192.168.1.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN10
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN90
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 192.168.1.1
!
line con 0
logging synchronous
transport input none
stopbits 1
line vty 0 4
--More--
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.10.2 to network 0.0.0.0
C 192.168.90.0/24 is directly connected, FastEthernet0.90
C 192.168.30.0/24 is directly connected, FastEthernet0.30
C 192.168.60.0/24 is directly connected, FastEthernet0.60
C 192.168.10.0/24 is directly connected, FastEthernet0.10
C 192.168.40.0/24 is directly connected, FastEthernet0.40
C 192.168.80.0/24 is directly connected, FastEthernet0.80
C 192.168.20.0/24 is directly connected, FastEthernet0.20
C 192.168.50.0/24 is directly connected, FastEthernet0.50
C 192.168.1.0/24 is directly connected, FastEthernet0
C 192.168.70.0/24 is directly connected, FastEthernet0.70
S* 0.0.0.0/0 [1/0] via 192.168.10.2
Router#
how many default routes i can add?
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.10.2 to network 0.0.0.0
C 192.168.90.0/24 is directly connected, FastEthernet0.90
C 192.168.30.0/24 is directly connected, FastEthernet0.30
C 192.168.60.0/24 is directly connected, FastEthernet0.60
C 192.168.10.0/24 is directly connected, FastEthernet0.10
C 192.168.40.0/24 is directly connected, FastEthernet0.40
C 192.168.80.0/24 is directly connected, FastEthernet0.80
C 192.168.20.0/24 is directly connected, FastEthernet0.20
C 192.168.50.0/24 is directly connected, FastEthernet0.50
C 192.168.1.0/24 is directly connected, FastEthernet0
C 192.168.70.0/24 is directly connected, FastEthernet0.70
S* 0.0.0.0/0 [1/0] via 192.168.10.2
Router#
how many default routes i can add?
I mean the routing table for the switch lol
ASKER
its a layer 2 switch
sh ip route doesnt work
sh ip route doesnt work