Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Access Lists

Avatar of outlaw17
outlaw17 asked on
Switches / Hubs
2 Comments1 Solution320 ViewsLast Modified:
hi,

For the below config, i intended to for subnet 192.168.1.0/24 to have access to all subnets while other subnets have access to internet and not each other. The config is working, i can ping from for example 192.168.1.25 to 192.168.3.20(wireless AP) but i can't access it. when i turn on the wireless lan on the laptop i get an ip of the range 192.168.3.xx, and it is when i get access to 192.168.3.20 (wireless AP). Could you please tell me what's missing and how to troubleshoot that kind of access lists???



no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
ip dhcp excluded-address 192.168.1.1 192.168.1.20
ip dhcp excluded-address 192.168.1.40 192.168.1.41
ip dhcp excluded-address 192.168.5.1 192.168.5.20
ip dhcp excluded-address 192.168.2.1 192.168.2.30
ip dhcp excluded-address 192.168.3.1 192.168.3.20
!
ip dhcp pool LOCALLAN
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server xx.xxx.xxx.xx xx.xxx.xxx.xx
!
ip dhcp pool student
   network 192.168.5.0 255.255.255.0
   default-router 192.168.5.1
   dns-server xx.xxx.xxx.xx xx.xxx.xxx.xx
!
ip dhcp pool PUBLIC
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server xx.xxx.xxx.xx xx.xxx.xxx.xx
!
interface Vlan10
 description --- DATA NATIVE VLAN
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan20
 description --- Student VLAN
 ip address 192.168.5.1 255.255.255.0
 ip access-group 101 in
!
interface Vlan40
 description --- PUBLIC VLAN
 ip address 192.168.3.1 255.255.255.0
 ip access-group 102 in
!        
interface Vlan55
 description To Firewall vlan
 ip address 192.168.253.253 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.253.254
ip http server
!
access-list 101 permit icmp 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255 echo-reply
access-list 101 deny   ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny   ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip any any
access-list 102 permit icmp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 echo-reply
access-list 102 deny   ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 102 deny   ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 permit ip any any
ASKER CERTIFIED SOLUTION
Avatar of Mick Finley
Mick FinleyFlag of United States of America imageNetwork Engineer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 2 Comments.
See Answers