We recently replaced our old core with a new 7650, everything seemed to be going correctly up until a couple days ago. When we started noticing that servers from VLAN 7 cannot communicate with other devices in other VLANs.
We have a couple of test servers in VLAN7 and nothing can get into them such as port 80,443, 22, 3389. We have an ACL on our VE for that interface that has all the correct entries which should pass traffic. The strange part is, these servers that aren’t available from other VLANs are fully available if you would use an outside connection and use their NAT address, then you can work with them. I’ve tried calling and using Ruckus Support but they have been less than helpful, saying “That’s weird, the ACL was removed from your VE, and the traffic still isn’t passing”.
I've verified that the ACL is correct, (sequence # permit any ip host X.X.X.X), I've tried removing the ACL from the VE, adding more entries into the ACL, the ACL debugging mode (which when used, showed that the sequence number for my server isn't even getting hits, so the traffic isn't getting that far into the ACL), the only permit deny is sequence number 50000, all our other ACL entries range from 100-900. This allows the final entry to be permit deny so that nothing gets blocked until the end.
I’ve done Everything I can think of, I’ve traced my Mac addresses from the core to their final destination ports before going into the servers and I can see them the entire way, which means layer2 connectivity is there. No default gateways change, and we don’t have any layer3 devices, it’s a flat layer2 network. If you ping these devices in VLAN7 they respond, you can trace route to them and if you use remote management and test from inside of VLAN7 everything works and acts normally. Besides the one ACL there are no others.
No comments:
Post a Comment