Hi Everyone,
We have a Core Layer 3 'hub' switch (to 'spoke' Edge switches) with several /24 VLANs, a ADDC / DHCP Server 10.17.8.3
We have recently increased the subnet range:
From: 10.17.8.0 - 10.17.16.0
To: 10.17.8.0 to 10.17.18.0
We have the following ACL:
ip access-list extended "Deny Crosstalk"
permit ip 0.0.0.0 255.255.255.255 10.17.8.0 0.0.0.255
deny ip 0.0.0.0 255.255.255.255 10.17.0.0 0.0.255.255 log
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
The VLAN below
vlan 60
name "Floor 2"
untagged B4
ip address 10.17.18.1 255.255.255.0
ip helper-address 10.17.8.3
ip access-group "Deny Crosstalk" in
exit
On the Edge switch we can ping 'downlinked' Edge switches but not the Core switch 10.17.18.1 interface
However if we remove ip access-group "Deny Crosstalk" in from VLAN 60 we can ping the Core switch 10.17.18.1 interface
If we then connect a laptop to the Edge switch it obtains an IP Address and we can ping remote resources but after 3-5 seconds we get:
General Failure.
PING transmit failed. General Failure.
It may have something to do with the subnet mask 0.0.0.255 below.
permit ip 0.0.0.0 255.255.255.255 10.17.8.0 0.0.0.255
If anyone could shed some light on the above that would be greatly appreciated.
Thanks.