@HenryNo1
ich fasse mal meinen ist-stand zusammen:
- 2 cisco 26xx
- beide physisch ueber switche im ethernet verbunden
*router1*
IOS C2600 Software (C2600-I-M), Version 12.1(3), RELEASE SOFTWARE (fc1)
interface Ethernet0/0
ip address 172.20.20.111 255.255.0.0 secondary
ip address 192.168.111.1 255.255.255.0
ip access-group 102 in
ip access-group 101 out
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.20.20.1
no ip http server
!
access-list 101 deny udp any eq bootps any
access-list 101 deny udp any eq bootpc any
access-list 101 deny udp any any eq bootps
access-list 101 deny udp any any eq bootpc
access-list 101 permit ip any any
access-list 102 deny udp any eq bootps any
access-list 102 deny udp any eq bootpc any
access-list 102 deny udp any any eq bootps
access-list 102 deny udp any any eq bootpc
access-list 102 permit ip any any
sh ip access-lists
Extended IP access list 101
deny udp any eq bootps any
deny udp any eq bootpc any
deny udp any any eq bootps
deny udp any any eq bootpc
permit ip any any (8270267 matches)
Extended IP access list 102
deny udp any eq bootps any (2727 matches)
deny udp any eq bootpc any (3216 matches)
deny udp any any eq bootps
deny udp any any eq bootpc
permit ip any any (17603850 matches)
*router2*
IOS C2600 Software (C2600-I-M), Version 12.1(3), RELEASE SOFTWARE (fc1)
interface Ethernet0/0
ip address 172.20.20.1 255.255.0.0
ip access-group 102 in
ip access-group 101 out
!
ip default-gateway 172.20.0.78
ip classless
ip route 0.0.0.0 0.0.0.0 172.20.0.78 permanent
ip route 172.20.0.0 255.255.0.0 Ethernet0/0
ip route 172.20.20.1 255.255.255.255 Ethernet0/0
ip route 192.168.111.0 255.255.255.0 172.20.20.111
no ip http server
!
access-list 101 deny udp any eq bootps any
access-list 101 deny udp any eq bootpc any
access-list 101 deny udp any any eq bootps
access-list 101 deny udp any any eq bootpc
access-list 101 permit ip any any
access-list 102 deny udp any eq bootps any
access-list 102 deny udp any eq bootpc any
access-list 102 deny udp any any eq bootps
access-list 102 deny udp any any eq bootpc
access-list 102 permit ip any any
sh ip access-lists
Extended IP access list 101
deny udp any eq bootps any
deny udp any eq bootpc any
deny udp any any eq bootps
deny udp any any eq bootpc
permit ip any any (3485320 matches)
Extended IP access list 102
deny udp any eq bootps any (2774 matches)
deny udp any eq bootpc any (3272 matches)
deny udp any any eq bootps
deny udp any any eq bootpc
permit ip any any (7643959 matches)
das ist der stand der dinge ...nach den matches koennte ich
einige ACL-zeilen wieder loeschen, aber so lange die cpu noch
ueber die ACLs "lacht" ...lasse ich sie erstmal
mein problem ist immer noch, dass diese ip-netze DHCP-technisch
getrennt sein sollen, aber immer noch (trotz ACLs) die dhcp-ip´s
wild gegenseitig vergeben werden
!!! ich danke fuer die muehe !!!
-=NeMeSiS=-