I have the following UDP broadcast forwarding success and issue...
From the inside private network src: 10.1.1.99 dest 10.1.1.255 port 6001 broadcast UDP with ip-helper in vlan 100 of 10.0.1.210 & ip forward 6001, results in outside private network unicast udp output from G0/0/1 src: 10.0.1.33 dest: 10.0.1.99 port 6001 (this is intended). I also have src: 10.194.234.1 dest 10.0.1.210 port 5207 packets on this network. These packets are not wanted on this outside network.
From the inside private network src:10.1.1.87 dest 10.1.1.255 port 5207 broadcast UDP with ip-helper in vlan100 of 10.194.234.99 & ip forward of 5207, results in outside private network unicast udp output from G0/0/1 src: 10.194.134.1 dest of 10.194.234.99 port 5207 (works as intended). I also have src: 10.0.1.99 dest 10.194.234.99 port 6001 packets on this network. These packets are not wanted on this outside network.
I'm looking for a way to selectively filter via access-list or some method the unwanted packets from each outside private network. I have attempted several iterations of extended access-list on the VLAN source, but it is unclear to me since it is a multillayer switch if this is the appropriate location for the access-list. I have also attempted standard access-lists on the G0/0/0 and G0/0/1 ports, as well. This had no change either. I'm looking for any and all suggestions. They are most welcome and appreciated!
No comments:
Post a Comment