I'm going to do my best on asking my wuestion..... This is more for clarrification purposes..... the problem does not exist.... Can anyone explain to me why this happened....
I have multiple VLANS on my network (about 15 or so) Anyway.... I have two 3750 switches and many many 3500, 2900 switches.....both are connected to either or 3750 switches...
Anyway..... I came across an issue where a 192.x.x.x network came onto my network and it was distributing bogus addresses threw out the network.....Saying that... I found the box that was doing this but in the future I wanted to BLOCK 192 from ever getting on my network... So what I did was created an ACL which was set to my VLAN1 (Default) On the default VLAN I have faculty/Staff on this netowrk... nothing else..... anyway... I created the ACL (extended ACL) with entryies of DENYING 127.0.x.x , 192.168.x.x
The actual entry in this list was as follows:
ip access-list extended DEFAULT-LIST
10 deny ip 127.0.0.0 0.255.255.255 any
20 deny ip 192.168.0.0 0.0.255.255 any
30 deny ip 172.16.0.0 0.15.255.255 any
100 deny ip any any log
I then set this list to the following network:
interface Vlan1
no ip address
description DEFAULT NETWORK
ip access-group VLAN1-LIST in
I did this onto BOTH 3750 switches.....
Just so you know one 3750 is my DMARK, the other is set for just one building but has tons of users in.....
So I set this to both switches... the one with in the large user building is working great..... but the DMARK switch it turned EVERYONE off practically EVERYTHING went down...... I tourn it off everything is back online, but I don't understand as to WHY this happened.... can any one clarify what happened and why? I This is more for my own sanity to know what happened...... In theory I thought it would NOT do any damage what so ever... Currently I have those NAT addresses OFF in the large user building with no problems what so ever......
Just so you know.... BOTH switches are on a seperate VLAN for communication purposes (VLAN50)
I hope you understand what I am asking... if not please message me... I'm dying to know why this happened.
thanks
-Brett
I have multiple VLANS on my network (about 15 or so) Anyway.... I have two 3750 switches and many many 3500, 2900 switches.....both are connected to either or 3750 switches...
Anyway..... I came across an issue where a 192.x.x.x network came onto my network and it was distributing bogus addresses threw out the network.....Saying that... I found the box that was doing this but in the future I wanted to BLOCK 192 from ever getting on my network... So what I did was created an ACL which was set to my VLAN1 (Default) On the default VLAN I have faculty/Staff on this netowrk... nothing else..... anyway... I created the ACL (extended ACL) with entryies of DENYING 127.0.x.x , 192.168.x.x
The actual entry in this list was as follows:
ip access-list extended DEFAULT-LIST
10 deny ip 127.0.0.0 0.255.255.255 any
20 deny ip 192.168.0.0 0.0.255.255 any
30 deny ip 172.16.0.0 0.15.255.255 any
100 deny ip any any log
I then set this list to the following network:
interface Vlan1
no ip address
description DEFAULT NETWORK
ip access-group VLAN1-LIST in
I did this onto BOTH 3750 switches.....
Just so you know one 3750 is my DMARK, the other is set for just one building but has tons of users in.....
So I set this to both switches... the one with in the large user building is working great..... but the DMARK switch it turned EVERYONE off practically EVERYTHING went down...... I tourn it off everything is back online, but I don't understand as to WHY this happened.... can any one clarify what happened and why? I This is more for my own sanity to know what happened...... In theory I thought it would NOT do any damage what so ever... Currently I have those NAT addresses OFF in the large user building with no problems what so ever......
Just so you know.... BOTH switches are on a seperate VLAN for communication purposes (VLAN50)
I hope you understand what I am asking... if not please message me... I'm dying to know why this happened.
thanks
-Brett
