have the following problem:
While configuring a VPN Router 1750:
CES#show version
Software Version: V07_05.300
MAC Address: 00-1C-EB-XX-XX-XX
BIOS Version: PO11
I configured 2 subinterfaces, on a vlan tagged environment:
CES#show interface Fastethernet 0/1
FastEthernet Interface 0/1 Configuration
Filter : permit all
IP Address : 10.156.248.10
Mac pause : Disabled
MTU : 1500
Public/Private : Private
Status : Enabled
802.1Q : Enabled
802.1Q Interface VLAN ID: 2
FastEthernet Interface 0/1 Configuration
Description : Telephony VLAN
Filter : permit all
IP Address : 172.16.200.1
Status : Enabled
Subinterface : 2
802.1Q Interface VLAN ID: 4
FastEthernet Interface 0/1 Configuration
Description : WIFI Lan
Filter : permit all
IP Address : 192.168.100.1
Status : Enabled
Subinterface : 1
802.1Q Interface VLAN ID: 3
The NVR1750 succesfully provides internet access to any of the vlans configured, which have they proper DHCP Server per vlan configured.
Now, i just found out, the NVR1750 is fwd packages between vlans, and i can’t stop that. I disabled pretty much any routing protocol, but Natting (since traffic needs to go out to the internet). I pretty much ran out of ideas, here. I need to stop inter-vlan traffic somehow. I got the following entries in the routing table:
CES#show ip route
Protocol IP Address Mask Cost Next Hop Interface
————————————————————————
STATIC 0.0.0.0 255.255.255.255 [10] xxx.xxx.xxx.185 xxx.xxx.xxx.187
DIRECT_N 10.156.248.0 255.255.255.0 [0] 10.156.248.10 10.156.248.10
DIRECT_H 10.156.248.10 255.255.255.255 [0] 127.0.0.1 127.0.0.1
MGMT 10.156.248.51 255.255.255.255 [0] 127.0.0.1 127.0.0.1
DIRECT_N 172.16.0.0 255.255.0.0 [0] 172.16.200.1 172.16.200.1
DIRECT_H 172.16.200.1 255.255.255.255 [0] 127.0.0.1 127.0.0.1
DIRECT_N xxx.xxx.xxx.184 255.255.255.248 [0] xxx.xxx.xxx.187 xxx.xxx.xxx.187
DIRECT_H xxx.xxx.xxx.187 255.255.255.255 [0] 127.0.0.1 127.0.0.1
DIRECT_N 192.168.100.0 255.255.255.0 [0] 192.168.100.1 192.168.100.1
DIRECT_H 192.168.100.1 255.255.255.255 [0] 127.0.0.1 127.0.0.1
As you see, i have some DIRECT_N(etwork) and DIRECT_H(ost) entries that i can’t get rid of it.
Also, I’m trying to set the interface filter, but the vpn router is acting very strange (either that, or i dont understand mucho about how this filters works).
I have 2 sub-interfaces:
Int: 10.156.251.0/24
SubInt1: 192.168.100.0/24
Subint2: 172.16.200.0/16
I placed a filter restriction on the main interface to block icmp traffic going to the ip 192.168.100.50/32, and all the icmp trafic, from the 10.156.251.0 network (going anywhere, even the internet) was blocked. Same results when i set the filter either incoming or outgoing. Am I assuming the use of the interface filters wrong??
Anyone has an idea of how to solve this?
Thanks!
While configuring a VPN Router 1750:
CES#show version
Software Version: V07_05.300
MAC Address: 00-1C-EB-XX-XX-XX
BIOS Version: PO11
I configured 2 subinterfaces, on a vlan tagged environment:
CES#show interface Fastethernet 0/1
FastEthernet Interface 0/1 Configuration
Filter : permit all
IP Address : 10.156.248.10
Mac pause : Disabled
MTU : 1500
Public/Private : Private
Status : Enabled
802.1Q : Enabled
802.1Q Interface VLAN ID: 2
FastEthernet Interface 0/1 Configuration
Description : Telephony VLAN
Filter : permit all
IP Address : 172.16.200.1
Status : Enabled
Subinterface : 2
802.1Q Interface VLAN ID: 4
FastEthernet Interface 0/1 Configuration
Description : WIFI Lan
Filter : permit all
IP Address : 192.168.100.1
Status : Enabled
Subinterface : 1
802.1Q Interface VLAN ID: 3
The NVR1750 succesfully provides internet access to any of the vlans configured, which have they proper DHCP Server per vlan configured.
Now, i just found out, the NVR1750 is fwd packages between vlans, and i can’t stop that. I disabled pretty much any routing protocol, but Natting (since traffic needs to go out to the internet). I pretty much ran out of ideas, here. I need to stop inter-vlan traffic somehow. I got the following entries in the routing table:
CES#show ip route
Protocol IP Address Mask Cost Next Hop Interface
————————————————————————
STATIC 0.0.0.0 255.255.255.255 [10] xxx.xxx.xxx.185 xxx.xxx.xxx.187
DIRECT_N 10.156.248.0 255.255.255.0 [0] 10.156.248.10 10.156.248.10
DIRECT_H 10.156.248.10 255.255.255.255 [0] 127.0.0.1 127.0.0.1
MGMT 10.156.248.51 255.255.255.255 [0] 127.0.0.1 127.0.0.1
DIRECT_N 172.16.0.0 255.255.0.0 [0] 172.16.200.1 172.16.200.1
DIRECT_H 172.16.200.1 255.255.255.255 [0] 127.0.0.1 127.0.0.1
DIRECT_N xxx.xxx.xxx.184 255.255.255.248 [0] xxx.xxx.xxx.187 xxx.xxx.xxx.187
DIRECT_H xxx.xxx.xxx.187 255.255.255.255 [0] 127.0.0.1 127.0.0.1
DIRECT_N 192.168.100.0 255.255.255.0 [0] 192.168.100.1 192.168.100.1
DIRECT_H 192.168.100.1 255.255.255.255 [0] 127.0.0.1 127.0.0.1
As you see, i have some DIRECT_N(etwork) and DIRECT_H(ost) entries that i can’t get rid of it.
Also, I’m trying to set the interface filter, but the vpn router is acting very strange (either that, or i dont understand mucho about how this filters works).
I have 2 sub-interfaces:
Int: 10.156.251.0/24
SubInt1: 192.168.100.0/24
Subint2: 172.16.200.0/16
I placed a filter restriction on the main interface to block icmp traffic going to the ip 192.168.100.50/32, and all the icmp trafic, from the 10.156.251.0 network (going anywhere, even the internet) was blocked. Same results when i set the filter either incoming or outgoing. Am I assuming the use of the interface filters wrong??
Anyone has an idea of how to solve this?
Thanks!