# Issue with Cyberoam 100ing VLAN configuration



## tamalr (Mar 2, 2016)

Hi All,

I hv a cyberoam 100 ing in gateway mode and I want to pass all of my LAN network through cyberoam port E. My LAN network is segregated by different VLANS and I want all the VLANS to pass through the port E. Now I have a HP 3550 L3, and the current config is as follows for your reference;

I am also attaching the Cyberoam config which I had done but still I am unable to access all the LAN networks from cyberoam, PLEASE HELP!!

; J9310A Configuration Editor; Created on release #K.15.06.0017
; Ver #02:10.0d:1f

hostname "#######" 
ip access-list extended "MULTICAST-ACL" 
10 permit ip 172.16.16.0 0.0.0.255 172.16.14.0 0.0.0.255 
20 permit ip 172.16.16.0 0.0.0.255 172.16.15.0 0.0.0.255 
exit 
ip access-list extended "IMS-ACL" 
10 deny ip 172.16.17.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.17.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.17.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.17.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "SERVER-ACL" 
10 deny ip 172.16.18.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.18.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 permit ip 172.16.18.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "MANNET-ACL" 
10 deny ip 172.16.24.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny icmp 172.16.24.0 0.0.0.255 172.16.10.0 0.0.0.255 0 
30 deny ip 172.16.24.0 0.0.0.255 172.16.10.0 0.0.0.255 
40 permit ip 172.16.24.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "HR-ACL" 
10 deny ip 172.16.10.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.10.0 0.0.0.255 172.16.16.0 0.0.0.255 
30 permit ip 172.16.10.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "ADMIN-ACL" 
10 deny ip 172.16.11.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.11.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.11.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.11.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "TA-ACL" 
10 deny ip 172.16.13.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.13.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.13.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.13.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "ACC-ACL" 
10 deny ip 172.16.12.0 0.0.0.255 172.16.10.0 0.0.0.255 
20 deny ip 172.16.12.0 0.0.0.255 172.16.16.0 0.0.0.255 
30 permit ip 172.16.12.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "DEV-ACL" 
10 deny ip 172.16.14.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.14.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.14.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.14.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "TEST-ACL" 
10 deny ip 172.16.15.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.15.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.15.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.15.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "SED-BSI-ACL" 
10 deny ip 172.16.19.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.19.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.19.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.19.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "SED-EDI-ACL" 
10 deny ip 172.16.20.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.20.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.20.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.20.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "MGMT-ACL" 
10 deny ip 172.16.21.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.21.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.21.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.21.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "COM-ACL" 
10 deny ip 172.16.22.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.22.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.22.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.22.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "DESIGN-ACL" 
10 deny ip 172.16.26.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.26.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.26.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.26.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "WIFI-TIER2-ACL" 
10 deny ip 172.16.51.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.51.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.51.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.51.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "WIFI-TIER1-ACL" 
10 deny ip 172.16.50.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.50.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.50.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.50.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
ip access-list extended "SMB-ACL" 
10 deny ip 172.16.25.0 0.0.0.255 172.16.12.0 0.0.0.255 
20 deny ip 172.16.25.0 0.0.0.255 172.16.10.0 0.0.0.255 
30 deny ip 172.16.25.0 0.0.0.255 172.16.16.0 0.0.0.255 
40 permit ip 172.16.25.0 0.0.0.255 0.0.0.0 255.255.255.255 
exit 
module 1 type J93xxA 
ip routing 
vlan 1 
name "DEFAULT_VLAN" 
untagged 1-9,15-16,18-20,22-23 
ip address dhcp-bootp 
no untagged 10-14,17,21,24 
exit 
vlan 26 
name "DESIGN" 
ip address 172.16.26.1 255.255.255.0 
tagged 1-10 
ip access-group "DESIGN-ACL" in
exit 
vlan 10 
name "HR" 
ip address 172.16.10.1 255.255.255.0 
tagged 1-10 
ip access-group "HR-ACL" in
exit 
vlan 11 
name "ADMIN" 
ip address 172.16.11.1 255.255.255.0 
tagged 1-10 
ip access-group "ADMIN-ACL" in
exit 
vlan 12 
name "ACCOUNTS" 
ip address 172.16.12.1 255.255.255.0 
tagged 1-10 
ip access-group "ACC-ACL" in
exit 
vlan 13 
name "TA" 
ip address 172.16.13.1 255.255.255.0 
tagged 1-10 
ip access-group "TA-ACL" in
exit 
vlan 14 
name "DEV" 
ip address 172.16.14.1 255.255.255.0 
tagged 1-10 
ip igmp 
ip access-group "DEV-ACL" in
exit 
vlan 15 
name "TEST" 
untagged 13,17 
ip address 172.16.15.1 255.255.255.0 
tagged 1-10 
ip igmp 
ip access-group "TEST-ACL" in
exit 
vlan 16 
name "MULTICAST" 
untagged 21 
ip address 172.16.16.1 255.255.255.0 
tagged 1-10 
ip igmp 
ip access-group "MULTICAST-ACL" in
exit 
vlan 17 
name "IMS" 
ip address 172.16.17.1 255.255.255.0 
tagged 1-10 
exit 
vlan 18 
name "SERVER" 
untagged 11-12 
ip address 172.16.18.1 255.255.255.0 
tagged 1-10 
exit 
vlan 19 
name "SED-BSI" 
untagged 14 
ip address 172.16.19.1 255.255.255.0 
tagged 1-10 
ip access-group "SED-BSI-ACL" in
exit 
vlan 20 
name "SED-EDI" 
ip address 172.16.20.1 255.255.255.0 
tagged 1-10 
ip access-group "SED-EDI-ACL" in
exit 
vlan 21 
name "MGMT" 
ip address 172.16.21.1 255.255.255.0 
tagged 1-10 
ip access-group "MGMT-ACL" in
exit 
vlan 22 
name "COM" 
ip address 172.16.22.1 255.255.255.0 
tagged 1-10 
ip access-group "COM-ACL" in
exit 
vlan 23 
name "MFD" 
ip address 172.16.23.1 255.255.255.0 
tagged 1-10 
exit 
vlan 24 
name "MANNET" 
ip address 172.16.24.1 255.255.255.0 
tagged 1-12 
ip access-group "MANNET-ACL" in
exit 
vlan 25 
name "SMB" 
ip address 172.16.25.1 255.255.255.0 
tagged 1-10 
ip access-group "SMB-ACL" in
exit 
vlan 50 
name "WIFI-TIER1" 
ip address 172.16.50.1 255.255.255.0 
tagged 1-12 
ip access-group "WIFI-TIER1-ACL" in
exit 
vlan 51 
name "WIFI-TIER2" 
ip address 172.16.51.1 255.255.255.0 
tagged 1-12 
ip access-group "WIFI-TIER2-ACL" in
exit 
vlan 100 
name "VLAN100" 
untagged 24 
ip address 172.16.100.2 255.255.255.0 
tagged 1-10 
exit 
ip route 0.0.0.0 0.0.0.0 172.16.100.1
interface 1
flow-control
exit
interface 2
flow-control
exit
interface 3
flow-control
exit
interface 4
flow-control
exit
interface 5
flow-control
exit
interface 6
flow-control
exit
interface 7
flow-control
exit
interface 8
flow-control
exit
interface 9
flow-control
exit
interface 10
flow-control
exit
snmp-server community "public" unrestricted


CYBEROAM NETWORK CONFIG:


PortE
Physical
Connected, 1000 Mbps - Full Duplex
172.16.100.1/255.255.0.0
Static
LAN
00:02:B6:43:4D:B0
1460
1500
Auto-negotiated
PortE.10
VLAN
-
172.16.10.2/255.255.255.0
Static
LAN
00:02:B6:43:4D:B0
-
-
-
PortE.14
VLAN
-
172.16.14.2/255.255.255.0
Static
LAN
00:02:B6:43:4D:B0
-
-
-
PortE.15
VLAN
-
172.16.15.2/255.255.255.0
Static
LAN
00:02:B6:43:4D:B0
-
-
-
PortE.19
VLAN
-
172.16.19.2/255.255.255.0
Static
LAN
00:02:B6:43:4D:B0
-
-
-
PortE.24
VLAN
-
172.16.24.2/255.255.255.0
Static
LAN
00:02:B6:43:4D:B0
-
-
-
PortE.50
VLAN
-
172.16.50.2/255.255.255.0
Static
LAN
00:02:B6:43:4D:B0
-
-
-


----------



## MitchConner (May 8, 2015)

Your ACLs aren't correct, you'll need to correct those before retesting.


----------

