cooperchien
MIS
Here is my network diagram.
I have configured interface 13 to access vlan 88. However, only vlan 88 computers can see this pix firewall. Computers in vlan 87 and vlan 1 can see the computers in vlan 88 but not 10.8.88.9!
What do I need to do to let computers in vlan 87 to see 10.8.88.9?
Please help.
Here is my running config.
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3550_Switch
!
enable secret 5 $1$Mu8i$lbZuG34XzO1pWdV9l6sT90
!
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport mode access
no ip address
!
interface FastEthernet0/2
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/3
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/4
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/5
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/6
switchport access vlan 11
switchport mode access
no ip address
!
interface FastEthernet0/7
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/8
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/9
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/10
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/11
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/12
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/13
switchport access vlan 88
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/14
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/15
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/16
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/17
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/18
switchport mode access
no ip address
!
interface FastEthernet0/19
switchport mode access
no ip address
!
interface FastEthernet0/20
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/21
switchport access vlan 87
switchport mode access
no ip address
duplex full
speed 100
!
interface FastEthernet0/22
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/23
switchport access vlan 88
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/24
switchport mode dynamic desirable
no ip address
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
no ip address
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
no ip address
!
interface Vlan1
ip address 10.0.100.5 255.255.0.0
!
interface Vlan12
ip address 66.209.104.51 255.255.255.248
ip policy route-map vlan12
shutdown
!
interface Vlan87
ip address 10.8.87.1 255.255.255.0
!
interface Vlan88
ip address 10.8.88.1 255.255.255.0
ip policy route-map vlan88
!
ip default-gateway 10.0.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip http server
!
!
access-list 100 deny ip 66.209.104.48 0.0.0.7 66.209.104.48 0.0.0.7
access-list 100 deny ip 66.209.104.48 0.0.0.7 10.0.0.0 0.0.255.255
access-list 100 permit ip any any
access-list 187 deny ip 10.8.87.0 0.0.0.255 10.8.87.0 0.0.0.255
access-list 187 deny ip 10.8.87.0 0.0.0.255 10.8.88.0 0.0.0.255
access-list 187 deny ip 10.8.87.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 187 permit ip any any
access-list 188 deny ip 10.8.88.0 0.0.0.255 10.8.88.0 0.0.0.255
access-list 188 deny ip 10.8.88.0 0.0.0.255 10.8.87.0 0.0.0.255
access-list 188 deny ip 10.8.88.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 188 permit ip any any
no cdp run
route-map vlan88 permit 10
match ip address 188
set ip next-hop 10.8.88.9
!
route-map vlan12 permit 10
match ip address 100
set ip next-hop 66.209.104.49
!
route-map vlan87 permit 10
match ip address 187
set ip next-hop 10.8.88.9
!
!
monitor session 1 source interface Fa0/1
monitor session 1 destination interface Fa0/7 ingress vlan 1
end
I have configured interface 13 to access vlan 88. However, only vlan 88 computers can see this pix firewall. Computers in vlan 87 and vlan 1 can see the computers in vlan 88 but not 10.8.88.9!
What do I need to do to let computers in vlan 87 to see 10.8.88.9?
Please help.
Here is my running config.
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3550_Switch
!
enable secret 5 $1$Mu8i$lbZuG34XzO1pWdV9l6sT90
!
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport mode access
no ip address
!
interface FastEthernet0/2
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/3
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/4
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/5
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/6
switchport access vlan 11
switchport mode access
no ip address
!
interface FastEthernet0/7
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/8
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/9
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/10
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/11
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/12
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/13
switchport access vlan 88
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/14
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/15
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/16
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/17
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/18
switchport mode access
no ip address
!
interface FastEthernet0/19
switchport mode access
no ip address
!
interface FastEthernet0/20
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/21
switchport access vlan 87
switchport mode access
no ip address
duplex full
speed 100
!
interface FastEthernet0/22
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/23
switchport access vlan 88
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/24
switchport mode dynamic desirable
no ip address
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
no ip address
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
no ip address
!
interface Vlan1
ip address 10.0.100.5 255.255.0.0
!
interface Vlan12
ip address 66.209.104.51 255.255.255.248
ip policy route-map vlan12
shutdown
!
interface Vlan87
ip address 10.8.87.1 255.255.255.0
!
interface Vlan88
ip address 10.8.88.1 255.255.255.0
ip policy route-map vlan88
!
ip default-gateway 10.0.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip http server
!
!
access-list 100 deny ip 66.209.104.48 0.0.0.7 66.209.104.48 0.0.0.7
access-list 100 deny ip 66.209.104.48 0.0.0.7 10.0.0.0 0.0.255.255
access-list 100 permit ip any any
access-list 187 deny ip 10.8.87.0 0.0.0.255 10.8.87.0 0.0.0.255
access-list 187 deny ip 10.8.87.0 0.0.0.255 10.8.88.0 0.0.0.255
access-list 187 deny ip 10.8.87.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 187 permit ip any any
access-list 188 deny ip 10.8.88.0 0.0.0.255 10.8.88.0 0.0.0.255
access-list 188 deny ip 10.8.88.0 0.0.0.255 10.8.87.0 0.0.0.255
access-list 188 deny ip 10.8.88.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 188 permit ip any any
no cdp run
route-map vlan88 permit 10
match ip address 188
set ip next-hop 10.8.88.9
!
route-map vlan12 permit 10
match ip address 100
set ip next-hop 66.209.104.49
!
route-map vlan87 permit 10
match ip address 187
set ip next-hop 10.8.88.9
!
!
monitor session 1 source interface Fa0/1
monitor session 1 destination interface Fa0/7 ingress vlan 1
end