Network Topology
Server ----- Router ------ Client
Problem Description
server 10.XXX.XXX.XXX to camera 10.X.X.X can not reach
Access-list updated, But it not helped to solve problem
Process Analysis
checking route-list first, we found the route is correct.
gateway is on router, and camera and server's gateway is on router.
so we consider, there may be some packet-filter deny the packet.
finaly we found this: due to rule 10 is more priority than rule 19, so the packet will be deny first.
#
acl advanced 3008
description for WLAN
rule 2 permit ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0
rule 3 permit ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0
rule 4 permit ip source 10.X.X.X 0.0.0.255 destination 79.X.X.X 0 logging
rule 5 permit ip source 10.X.X.X 0 destination 10.X.X.X 0 logging
rule 6 permit ip source 10.X.X.X 0 destination 10.X.X.X 0 logging
rule 7 permit ip source 10.X.X.X 0 destination 10.X.X.X 0 logging
rule 8 permit ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0 logging
rule 10 deny ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0.0.0.255 logging
rule 11 deny ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0.0.0.255 logging
rule 12 deny ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0.0.0.255 logging
rule 13 deny ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0.0.0.255 logging
rule 14 deny ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0.0.0.255 logging
rule 15 deny ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0.0.0.255 logging
rule 16 deny ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0.0.0.255 logging
rule 17 permit ip source 10.X.X.X 0.0.0.255 destination 10.X.X.X 0.0.0.3
rule 18 permit ip source 10.X.X.X 0.0.0.255
rule 19 permit ip source 10.X.X.X 0 destination 10.X.X.X 0
rule 20 permit ip source 10.X.X.X 0 destination 10.X.X.X 0
rule 100 deny ip
#
Solution
Modify the rule to make rule sequences more reasonable.
For example exchange the position of rule 10 and rule 19.