Show Posts
1
22.7 Legacy Series / Re: Firewall first allow then reject 30s later
« on: December 17, 2022, 02:18:22 pm »
@Fright
Hi, you are absolutely right. I only see traffic goes in one direction in the packet capture. Thank you so much for your help!
I didnt know the switch respond to the request directly when the IP is on a different vlan. Could it be a misconfiguration of the switch?
Do you have any suggestions on how to do the segmentation correctly? Or do I need to have the mgmt IP on the same subnet as the users?
Hi, you are absolutely right. I only see traffic goes in one direction in the packet capture. Thank you so much for your help!
I didnt know the switch respond to the request directly when the IP is on a different vlan. Could it be a misconfiguration of the switch?
Code: [Select]
WS-C2960X-48TS-L#show run
Building configuration...
Current configuration : 5164 bytes
!
! Last configuration change at 18:04:32 UTC Sun Mar 8 2009 by -
! NVRAM config last updated at 18:04:27 UTC Sun Mar 8 2009 by -
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname WS-C2960X-48TS-L
!
boot-start-marker
boot-end-marker
!
enable secret --
!
username --
username --
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
!
aaa session-id common
clock timezone UTC 1 0
switch 4 provision ws-c2960x-48ts-l
!
!
no ip domain-lookup
ip domain-name ad01.se
vtp mode transparent
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 20
name INTERNET
!
vlan 30
name user
!
vlan 40
name cctv
!
vlan 50
name wifi
!
vlan 60
name mgmt
!
vlan 70
name server
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet4/0/1
description pfsense
switchport trunk allowed vlan 1,20,30,40,50,60,70
switchport mode trunk
!
interface GigabitEthernet4/0/2
description larm
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet4/0/3
description nas
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet4/0/4
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet4/0/5
description laptop_tmp
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet4/0/6
switchport mode access
!
interface GigabitEthernet4/0/7
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet4/0/8
switchport mode access
!
interface GigabitEthernet4/0/9
switchport mode access
!
interface GigabitEthernet4/0/10
switchport mode access
!
interface GigabitEthernet4/0/11
switchport mode access
!
interface GigabitEthernet4/0/12
description vlan20
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet4/0/13
description vlan30
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet4/0/14
description vlan40
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet4/0/15
description vlan50
switchport access vlan 50
switchport mode access
!
interface GigabitEthernet4/0/16
description vlan60
switchport access vlan 60
switchport mode access
!
interface GigabitEthernet4/0/17
switchport mode access
!
interface GigabitEthernet4/0/18
switchport mode access
!
interface GigabitEthernet4/0/19
switchport mode access
!
interface GigabitEthernet4/0/20
switchport mode access
!
interface GigabitEthernet4/0/21
switchport mode access
!
interface GigabitEthernet4/0/22
switchport mode access
!
interface GigabitEthernet4/0/23
switchport mode access
!
interface GigabitEthernet4/0/24
switchport mode access
!
interface GigabitEthernet4/0/25
switchport mode access
!
interface GigabitEthernet4/0/26
switchport mode access
!
interface GigabitEthernet4/0/27
switchport mode access
!
interface GigabitEthernet4/0/28
switchport mode access
!
interface GigabitEthernet4/0/29
switchport mode access
!
interface GigabitEthernet4/0/30
switchport mode access
!
interface GigabitEthernet4/0/31
switchport mode access
!
interface GigabitEthernet4/0/32
switchport mode access
!
interface GigabitEthernet4/0/33
switchport mode access
!
interface GigabitEthernet4/0/34
switchport mode access
!
interface GigabitEthernet4/0/35
switchport mode access
!
interface GigabitEthernet4/0/36
switchport mode access
!
interface GigabitEthernet4/0/37
switchport mode access
!
interface GigabitEthernet4/0/38
switchport mode access
!
interface GigabitEthernet4/0/39
switchport mode access
!
interface GigabitEthernet4/0/40
switchport mode access
!
interface GigabitEthernet4/0/41
switchport mode access
!
interface GigabitEthernet4/0/42
switchport mode access
!
interface GigabitEthernet4/0/43
switchport mode access
!
interface GigabitEthernet4/0/44
switchport mode access
!
interface GigabitEthernet4/0/45
switchport mode access
!
interface GigabitEthernet4/0/46
switchport mode access
!
interface GigabitEthernet4/0/47
switchport mode access
!
interface GigabitEthernet4/0/48
switchport access vlan 60
switchport mode access
!
interface GigabitEthernet4/0/49
switchport trunk allowed vlan 1,20,30,40,50,60
switchport mode trunk
!
interface GigabitEthernet4/0/50
!
interface GigabitEthernet4/0/51
!
interface GigabitEthernet4/0/52
!
interface Vlan1
ip address 192.168.20.6 255.255.255.0
!
interface Vlan30
ip address 192.168.30.4 255.255.255.0
!
interface Vlan60
description mgmt
ip address 192.168.60.4 255.255.255.0
!
ip default-gateway 192.168.60.1
ip http server
ip http authentication local
no ip http secure-server
!
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
!
line con 0
exec-timeout 30 0
line vty 0 4
exec-timeout 0 0
privilege level 15
transport input ssh
line vty 5 15
exec-timeout 60 0
transport input ssh
!
ntp logging
ntp server 192.168.60.1
end
Do you have any suggestions on how to do the segmentation correctly? Or do I need to have the mgmt IP on the same subnet as the users?