Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > http traffic issue.

Reply
Thread Tools

http traffic issue.

 
 
benchmark
Guest
Posts: n/a
 
      01-05-2007
I have a Cisco switch 2950 setup with the configuration listed below:
sw-int>en
Password:
sw-int#sh start
Using 3281 out of 32768 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sw-int
!
enable secret 5 $1$iO2h$eYERx9alsClgYntewlNQK.

enable password 7 133756161E1E060320

!
ip subnet-zero
no ip domain-lookup
no cluster run
!
!
spanning-tree mode pvst
spanning-tree portfast default
no spanning-tree optimize bpdu transmission

spanning-tree extend system-id
no spanning-tree vlan 1
no spanning-tree vlan 2
!
!
interface FastEthernet0/1
description Vlan management
no ip address
duplex full
speed 100
no cdp enable
!
interface FastEthernet0/2
description Firewall Management System

no ip address
no cdp enable
!
interface FastEthernet0/3
no ip address
no cdp enable
!
interface FastEthernet0/4
switchport mode access
no ip address
duplex full
speed 100
no cdp enable
!
interface FastEthernet0/5
no ip address
no cdp enable
!
interface FastEthernet0/6
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/7
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/8
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/9
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/10
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/11
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/12
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/13
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/14
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/15
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/16
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/17
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/18
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/19
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/20
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/21
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/22
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/23
switchport access vlan 2
switchport mode access
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/24
switchport mode access
no ip address
duplex full
speed 100
no cdp enable
spanning-tree portfast
!
interface Vlan1
ip address 131.136.249.129 255.255.255.128

no ip route-cache
!
ip default-gateway 131.136.249.129
no ip http server
!
access-list 1 permit 131.136.249.3
no cdp run
!
line con 0
password 7 107C481D1005102207
line vty 0 4
access-class 1 in
password 7 1425530F191628022F
login
line vty 5 15
access-class 1 in
password 7 1425530F191628022F
login
!
!
monitor session 1 source interface Fa0/1 - 11
monitor session 1 destination interface Fa0/12
end

sw-int#

This switch is behind a Cisco PIX with rules to allow my laptop with a
static ip of 131.136.249.140
with some mask and default gateway as mentioned above to access the
web. I have a fiber optic cable from the fiber optic tray to a media
converter and the ethernet cable from the media converter to the
above-mentioned switch. If I plug the ethernet cable from the media
converter to the back of my laptop, I am able to go the internet
without any problem. However, If I plug the ethernet cable from the
media converter to the Cisco switch 2950 and connect my laptop through
the switch, I am not able to go to the internet and nslookup does not
resolve properly also.
Please have a look at the switch configuration. I will appreciate any
ideas to solve this problem.

Thanks in advance,

Benchmark.

 
Reply With Quote
 
 
 
 
BernieM
Guest
Posts: n/a
 
      01-06-2007

"benchmark" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>I have a Cisco switch 2950 setup with the configuration listed below:
> sw-int>en
> Password:
> sw-int#sh start
> Using 3281 out of 32768 bytes
> !
> version 12.1
> no service pad
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> !
> hostname sw-int
> !
> enable secret 5 $1$iO2h$eYERx9alsClgYntewlNQK.
>
> enable password 7 133756161E1E060320
>
> !
> ip subnet-zero
> no ip domain-lookup
> no cluster run
> !
> !
> spanning-tree mode pvst
> spanning-tree portfast default
> no spanning-tree optimize bpdu transmission
>
> spanning-tree extend system-id
> no spanning-tree vlan 1
> no spanning-tree vlan 2
> !
> !
> interface FastEthernet0/1
> description Vlan management
> no ip address
> duplex full
> speed 100
> no cdp enable
> !
> interface FastEthernet0/2
> description Firewall Management System
>
> no ip address
> no cdp enable
> !
> interface FastEthernet0/3
> no ip address
> no cdp enable
> !
> interface FastEthernet0/4
> switchport mode access
> no ip address
> duplex full
> speed 100
> no cdp enable
> !
> interface FastEthernet0/5
> no ip address
> no cdp enable
> !
> interface FastEthernet0/6
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/7
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/8
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/9
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/10
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/11
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/12
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/13
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/14
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/15
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/16
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/17
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/18
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/19
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/20
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/21
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/22
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/23
> switchport access vlan 2
> switchport mode access
> no ip address
> shutdown
> no cdp enable
> !
> interface FastEthernet0/24
> switchport mode access
> no ip address
> duplex full
> speed 100
> no cdp enable
> spanning-tree portfast
> !
> interface Vlan1
> ip address 131.136.249.129 255.255.255.128
>
> no ip route-cache
> !
> ip default-gateway 131.136.249.129
> no ip http server
> !
> access-list 1 permit 131.136.249.3
> no cdp run
> !
> line con 0
> password 7 107C481D1005102207
> line vty 0 4
> access-class 1 in
> password 7 1425530F191628022F
> login
> line vty 5 15
> access-class 1 in
> password 7 1425530F191628022F
> login
> !
> !
> monitor session 1 source interface Fa0/1 - 11
> monitor session 1 destination interface Fa0/12
> end
>
> sw-int#
>
> This switch is behind a Cisco PIX with rules to allow my laptop with a
> static ip of 131.136.249.140
> with some mask and default gateway as mentioned above to access the
> web. I have a fiber optic cable from the fiber optic tray to a media
> converter and the ethernet cable from the media converter to the
> above-mentioned switch. If I plug the ethernet cable from the media
> converter to the back of my laptop, I am able to go the internet
> without any problem. However, If I plug the ethernet cable from the
> media converter to the Cisco switch 2950 and connect my laptop through
> the switch, I am not able to go to the internet and nslookup does not
> resolve properly also.
> Please have a look at the switch configuration. I will appreciate any
> ideas to solve this problem.
>
> Thanks in advance,
>
> Benchmark.
>


What switchports are you actually using? What is the actual topology
because you say the switch is 'behind' the firewall with rules to allow your
pc through so I assumed the topology was:

isp -- switch -- firewall -- pc

Also the switch default gateway and it's vlan 1 address are the same. Of
course that has nothing to do with the problem as it's a layer-2 switch and
the default gateway is only for traffic from the switch itself (management
interface).

Again, as it's a simple layer-2 switch I would guess the problems actually
the firewall rules ... as you've proven ... you remove the problem.

R!durbIk


 
Reply With Quote
 
 
 
 
benchmark
Guest
Posts: n/a
 
      01-06-2007
Hi BernieM,
Your guess on the topology is right. My laptop is
connected to fa0/4. You also right on the fact that the default gateway
and vlan 1 have the same. I have reported this to the contractor that
originally setup the Cisco 2950 for us to look into that.

Thanks,

Eric.

BernieM wrote:
> "benchmark" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
> >I have a Cisco switch 2950 setup with the configuration listed below:
> > sw-int>en
> > Password:
> > sw-int#sh start
> > Using 3281 out of 32768 bytes
> > !
> > version 12.1
> > no service pad
> > service timestamps debug uptime
> > service timestamps log uptime
> > service password-encryption
> > !
> > hostname sw-int
> > !
> > enable secret 5 $1$iO2h$eYERx9alsClgYntewlNQK.
> >
> > enable password 7 133756161E1E060320
> >
> > !
> > ip subnet-zero
> > no ip domain-lookup
> > no cluster run
> > !
> > !
> > spanning-tree mode pvst
> > spanning-tree portfast default
> > no spanning-tree optimize bpdu transmission
> >
> > spanning-tree extend system-id
> > no spanning-tree vlan 1
> > no spanning-tree vlan 2
> > !
> > !
> > interface FastEthernet0/1
> > description Vlan management
> > no ip address
> > duplex full
> > speed 100
> > no cdp enable
> > !
> > interface FastEthernet0/2
> > description Firewall Management System
> >
> > no ip address
> > no cdp enable
> > !
> > interface FastEthernet0/3
> > no ip address
> > no cdp enable
> > !
> > interface FastEthernet0/4
> > switchport mode access
> > no ip address
> > duplex full
> > speed 100
> > no cdp enable
> > !
> > interface FastEthernet0/5
> > no ip address
> > no cdp enable
> > !
> > interface FastEthernet0/6
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/7
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/8
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/9
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/10
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/11
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/12
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/13
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/14
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/15
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/16
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/17
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/18
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/19
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/20
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/21
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/22
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/23
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/24
> > switchport mode access
> > no ip address
> > duplex full
> > speed 100
> > no cdp enable
> > spanning-tree portfast
> > !
> > interface Vlan1
> > ip address 131.136.249.129 255.255.255.128
> >
> > no ip route-cache
> > !
> > ip default-gateway 131.136.249.129
> > no ip http server
> > !
> > access-list 1 permit 131.136.249.3
> > no cdp run
> > !
> > line con 0
> > password 7 107C481D1005102207
> > line vty 0 4
> > access-class 1 in
> > password 7 1425530F191628022F
> > login
> > line vty 5 15
> > access-class 1 in
> > password 7 1425530F191628022F
> > login
> > !
> > !
> > monitor session 1 source interface Fa0/1 - 11
> > monitor session 1 destination interface Fa0/12
> > end
> >
> > sw-int#
> >
> > This switch is behind a Cisco PIX with rules to allow my laptop with a
> > static ip of 131.136.249.140
> > with some mask and default gateway as mentioned above to access the
> > web. I have a fiber optic cable from the fiber optic tray to a media
> > converter and the ethernet cable from the media converter to the
> > above-mentioned switch. If I plug the ethernet cable from the media
> > converter to the back of my laptop, I am able to go the internet
> > without any problem. However, If I plug the ethernet cable from the
> > media converter to the Cisco switch 2950 and connect my laptop through
> > the switch, I am not able to go to the internet and nslookup does not
> > resolve properly also.
> > Please have a look at the switch configuration. I will appreciate any
> > ideas to solve this problem.
> >
> > Thanks in advance,
> >
> > Benchmark.
> >

>
> What switchports are you actually using? What is the actual topology
> because you say the switch is 'behind' the firewall with rules to allow your
> pc through so I assumed the topology was:
>
> isp -- switch -- firewall -- pc
>
> Also the switch default gateway and it's vlan 1 address are the same. Of
> course that has nothing to do with the problem as it's a layer-2 switch and
> the default gateway is only for traffic from the switch itself (management
> interface).
>
> Again, as it's a simple layer-2 switch I would guess the problems actually
> the firewall rules ... as you've proven ... you remove the problem.
>
> R!durbIk


 
Reply With Quote
 
benchmark
Guest
Posts: n/a
 
      01-06-2007
Hi BernieM,
I am not sure about the topology of the network as it
is managed by a contracting agency. But my knowledge of Cisco PIX
Firewall tells me that the topology should be
isp -- firewall -- switch -- pc.

Thanks,

Eric.


BernieM wrote:
> "benchmark" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
> >I have a Cisco switch 2950 setup with the configuration listed below:
> > sw-int>en
> > Password:
> > sw-int#sh start
> > Using 3281 out of 32768 bytes
> > !
> > version 12.1
> > no service pad
> > service timestamps debug uptime
> > service timestamps log uptime
> > service password-encryption
> > !
> > hostname sw-int
> > !
> > enable secret 5 $1$iO2h$eYERx9alsClgYntewlNQK.
> >
> > enable password 7 133756161E1E060320
> >
> > !
> > ip subnet-zero
> > no ip domain-lookup
> > no cluster run
> > !
> > !
> > spanning-tree mode pvst
> > spanning-tree portfast default
> > no spanning-tree optimize bpdu transmission
> >
> > spanning-tree extend system-id
> > no spanning-tree vlan 1
> > no spanning-tree vlan 2
> > !
> > !
> > interface FastEthernet0/1
> > description Vlan management
> > no ip address
> > duplex full
> > speed 100
> > no cdp enable
> > !
> > interface FastEthernet0/2
> > description Firewall Management System
> >
> > no ip address
> > no cdp enable
> > !
> > interface FastEthernet0/3
> > no ip address
> > no cdp enable
> > !
> > interface FastEthernet0/4
> > switchport mode access
> > no ip address
> > duplex full
> > speed 100
> > no cdp enable
> > !
> > interface FastEthernet0/5
> > no ip address
> > no cdp enable
> > !
> > interface FastEthernet0/6
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/7
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/8
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/9
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/10
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/11
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/12
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/13
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/14
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/15
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/16
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/17
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/18
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/19
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/20
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/21
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/22
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/23
> > switchport access vlan 2
> > switchport mode access
> > no ip address
> > shutdown
> > no cdp enable
> > !
> > interface FastEthernet0/24
> > switchport mode access
> > no ip address
> > duplex full
> > speed 100
> > no cdp enable
> > spanning-tree portfast
> > !
> > interface Vlan1
> > ip address 131.136.249.129 255.255.255.128
> >
> > no ip route-cache
> > !
> > ip default-gateway 131.136.249.129
> > no ip http server
> > !
> > access-list 1 permit 131.136.249.3
> > no cdp run
> > !
> > line con 0
> > password 7 107C481D1005102207
> > line vty 0 4
> > access-class 1 in
> > password 7 1425530F191628022F
> > login
> > line vty 5 15
> > access-class 1 in
> > password 7 1425530F191628022F
> > login
> > !
> > !
> > monitor session 1 source interface Fa0/1 - 11
> > monitor session 1 destination interface Fa0/12
> > end
> >
> > sw-int#
> >
> > This switch is behind a Cisco PIX with rules to allow my laptop with a
> > static ip of 131.136.249.140
> > with some mask and default gateway as mentioned above to access the
> > web. I have a fiber optic cable from the fiber optic tray to a media
> > converter and the ethernet cable from the media converter to the
> > above-mentioned switch. If I plug the ethernet cable from the media
> > converter to the back of my laptop, I am able to go the internet
> > without any problem. However, If I plug the ethernet cable from the
> > media converter to the Cisco switch 2950 and connect my laptop through
> > the switch, I am not able to go to the internet and nslookup does not
> > resolve properly also.
> > Please have a look at the switch configuration. I will appreciate any
> > ideas to solve this problem.
> >
> > Thanks in advance,
> >
> > Benchmark.
> >

>
> What switchports are you actually using? What is the actual topology
> because you say the switch is 'behind' the firewall with rules to allow your
> pc through so I assumed the topology was:
>
> isp -- switch -- firewall -- pc
>
> Also the switch default gateway and it's vlan 1 address are the same. Of
> course that has nothing to do with the problem as it's a layer-2 switch and
> the default gateway is only for traffic from the switch itself (management
> interface).
>
> Again, as it's a simple layer-2 switch I would guess the problems actually
> the firewall rules ... as you've proven ... you remove the problem.
>
> R!durbIk


 
Reply With Quote
 
BernieM
Guest
Posts: n/a
 
      01-06-2007

>> "benchmark" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) oups.com...
>> >I have a Cisco switch 2950 setup with the configuration listed below:
>> > sw-int>en
>> > Password:
>> > sw-int#sh start
>> > Using 3281 out of 32768 bytes
>> > !
>> > version 12.1
>> > no service pad
>> > service timestamps debug uptime
>> > service timestamps log uptime
>> > service password-encryption
>> > !
>> > hostname sw-int
>> > !
>> > enable secret 5 $1$iO2h$eYERx9alsClgYntewlNQK.
>> >
>> > enable password 7 133756161E1E060320
>> >
>> > !
>> > ip subnet-zero
>> > no ip domain-lookup
>> > no cluster run
>> > !
>> > !
>> > spanning-tree mode pvst
>> > spanning-tree portfast default
>> > no spanning-tree optimize bpdu transmission
>> >
>> > spanning-tree extend system-id
>> > no spanning-tree vlan 1
>> > no spanning-tree vlan 2
>> > !
>> > !
>> > interface FastEthernet0/1
>> > description Vlan management
>> > no ip address
>> > duplex full
>> > speed 100
>> > no cdp enable
>> > !
>> > interface FastEthernet0/2
>> > description Firewall Management System
>> >
>> > no ip address
>> > no cdp enable
>> > !
>> > interface FastEthernet0/3
>> > no ip address
>> > no cdp enable
>> > !
>> > interface FastEthernet0/4
>> > switchport mode access
>> > no ip address
>> > duplex full
>> > speed 100
>> > no cdp enable
>> > !
>> > interface FastEthernet0/5
>> > no ip address
>> > no cdp enable
>> > !
>> > interface FastEthernet0/6
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/7
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/8
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/9
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/10
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/11
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/12
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/13
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/14
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/15
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/16
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/17
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/18
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/19
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/20
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/21
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/22
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/23
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/24
>> > switchport mode access
>> > no ip address
>> > duplex full
>> > speed 100
>> > no cdp enable
>> > spanning-tree portfast
>> > !
>> > interface Vlan1
>> > ip address 131.136.249.129 255.255.255.128
>> >
>> > no ip route-cache
>> > !
>> > ip default-gateway 131.136.249.129
>> > no ip http server
>> > !
>> > access-list 1 permit 131.136.249.3
>> > no cdp run
>> > !
>> > line con 0
>> > password 7 107C481D1005102207
>> > line vty 0 4
>> > access-class 1 in
>> > password 7 1425530F191628022F
>> > login
>> > line vty 5 15
>> > access-class 1 in
>> > password 7 1425530F191628022F
>> > login
>> > !
>> > !
>> > monitor session 1 source interface Fa0/1 - 11
>> > monitor session 1 destination interface Fa0/12
>> > end
>> >
>> > sw-int#
>> >
>> > This switch is behind a Cisco PIX with rules to allow my laptop with a
>> > static ip of 131.136.249.140
>> > with some mask and default gateway as mentioned above to access the
>> > web. I have a fiber optic cable from the fiber optic tray to a media
>> > converter and the ethernet cable from the media converter to the
>> > above-mentioned switch. If I plug the ethernet cable from the media
>> > converter to the back of my laptop, I am able to go the internet
>> > without any problem. However, If I plug the ethernet cable from the
>> > media converter to the Cisco switch 2950 and connect my laptop through
>> > the switch, I am not able to go to the internet and nslookup does not
>> > resolve properly also.
>> > Please have a look at the switch configuration. I will appreciate any
>> > ideas to solve this problem.
>> >
>> > Thanks in advance,
>> >
>> > Benchmark.
>> >

>>
>> What switchports are you actually using? What is the actual topology
>> because you say the switch is 'behind' the firewall with rules to allow
>> your
>> pc through so I assumed the topology was:
>>
>> isp -- switch -- firewall -- pc
>>
>> Also the switch default gateway and it's vlan 1 address are the same. Of
>> course that has nothing to do with the problem as it's a layer-2 switch
>> and
>> the default gateway is only for traffic from the switch itself
>> (management
>> interface).
>>
>> Again, as it's a simple layer-2 switch I would guess the problems
>> actually
>> the firewall rules ... as you've proven ... you remove the problem.
>>
>> R!durbIk

>


"benchmark" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi BernieM,
> I am not sure about the topology of the network as it
> is managed by a contracting agency. But my knowledge of Cisco PIX
> Firewall tells me that the topology should be
> isp -- firewall -- switch -- pc.
>
> Thanks,
>
> Eric.


Ok, so when you connect the media converter directly yo your pc it works and
the only change you then make is put the switch in between your pc and the
media converter ... connecting your pc to fa0/4 ... which port is the media
converter being connected to? Do the switch ports link lights come up?

As the switch has ports 1 to 12 in vlan 1 and your connecting to port 4 then
the media converter should be connected to a vlan 1 port as well.

The obvious question is though ... what do the contracting agency being paid
to manage this network say about the problem?

btw ... you should not post entire configs especially with sensitive
information like passwords ... all those "password 7's" decrypt to
"R!durbIk". This is especially true if you don't even manage this network
device. I'm surprised you have access to it.

BernieM


 
Reply With Quote
 
BernieM
Guest
Posts: n/a
 
      01-06-2007
>> "benchmark" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) oups.com...
>> >I have a Cisco switch 2950 setup with the configuration listed below:
>> > sw-int>en
>> > Password:
>> > sw-int#sh start
>> > Using 3281 out of 32768 bytes
>> > !
>> > version 12.1
>> > no service pad
>> > service timestamps debug uptime
>> > service timestamps log uptime
>> > service password-encryption
>> > !
>> > hostname sw-int
>> > !
>> > enable secret 5 $1$iO2h$eYERx9alsClgYntewlNQK.
>> >
>> > enable password 7 133756161E1E060320
>> >
>> > !
>> > ip subnet-zero
>> > no ip domain-lookup
>> > no cluster run
>> > !
>> > !
>> > spanning-tree mode pvst
>> > spanning-tree portfast default
>> > no spanning-tree optimize bpdu transmission
>> >
>> > spanning-tree extend system-id
>> > no spanning-tree vlan 1
>> > no spanning-tree vlan 2
>> > !
>> > !
>> > interface FastEthernet0/1
>> > description Vlan management
>> > no ip address
>> > duplex full
>> > speed 100
>> > no cdp enable
>> > !
>> > interface FastEthernet0/2
>> > description Firewall Management System
>> >
>> > no ip address
>> > no cdp enable
>> > !
>> > interface FastEthernet0/3
>> > no ip address
>> > no cdp enable
>> > !
>> > interface FastEthernet0/4
>> > switchport mode access
>> > no ip address
>> > duplex full
>> > speed 100
>> > no cdp enable
>> > !
>> > interface FastEthernet0/5
>> > no ip address
>> > no cdp enable
>> > !
>> > interface FastEthernet0/6
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/7
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/8
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/9
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/10
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/11
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/12
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/13
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/14
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/15
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/16
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/17
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/18
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/19
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/20
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/21
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/22
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/23
>> > switchport access vlan 2
>> > switchport mode access
>> > no ip address
>> > shutdown
>> > no cdp enable
>> > !
>> > interface FastEthernet0/24
>> > switchport mode access
>> > no ip address
>> > duplex full
>> > speed 100
>> > no cdp enable
>> > spanning-tree portfast
>> > !
>> > interface Vlan1
>> > ip address 131.136.249.129 255.255.255.128
>> >
>> > no ip route-cache
>> > !
>> > ip default-gateway 131.136.249.129
>> > no ip http server
>> > !
>> > access-list 1 permit 131.136.249.3
>> > no cdp run
>> > !
>> > line con 0
>> > password 7 107C481D1005102207
>> > line vty 0 4
>> > access-class 1 in
>> > password 7 1425530F191628022F
>> > login
>> > line vty 5 15
>> > access-class 1 in
>> > password 7 1425530F191628022F
>> > login
>> > !
>> > !
>> > monitor session 1 source interface Fa0/1 - 11
>> > monitor session 1 destination interface Fa0/12
>> > end
>> >
>> > sw-int#
>> >
>> > This switch is behind a Cisco PIX with rules to allow my laptop with a
>> > static ip of 131.136.249.140
>> > with some mask and default gateway as mentioned above to access the
>> > web. I have a fiber optic cable from the fiber optic tray to a media
>> > converter and the ethernet cable from the media converter to the
>> > above-mentioned switch. If I plug the ethernet cable from the media
>> > converter to the back of my laptop, I am able to go the internet
>> > without any problem. However, If I plug the ethernet cable from the
>> > media converter to the Cisco switch 2950 and connect my laptop through
>> > the switch, I am not able to go to the internet and nslookup does not
>> > resolve properly also.
>> > Please have a look at the switch configuration. I will appreciate any
>> > ideas to solve this problem.
>> >
>> > Thanks in advance,
>> >
>> > Benchmark.
>> >

>>
>> What switchports are you actually using? What is the actual topology
>> because you say the switch is 'behind' the firewall with rules to allow
>> your
>> pc through so I assumed the topology was:
>>
>> isp -- switch -- firewall -- pc
>>
>> Also the switch default gateway and it's vlan 1 address are the same. Of
>> course that has nothing to do with the problem as it's a layer-2 switch
>> and
>> the default gateway is only for traffic from the switch itself
>> (management
>> interface).
>>
>> Again, as it's a simple layer-2 switch I would guess the problems
>> actually
>> the firewall rules ... as you've proven ... you remove the problem.
>>
>> R!durbIk

>



"benchmark" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Hi BernieM,
> I am not sure about the topology of the network as it
> is managed by a contracting agency. But my knowledge of Cisco PIX
> Firewall tells me that the topology should be
> isp -- firewall -- switch -- pc.
>
> Thanks,
>
> Eric.
>
>


I also just noticed that only ports 1 to 4 in vlan 1 are capable of coming
up ... the others are administratively shutdown.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HTTP SOAP/HTTP GET/HTTP POST milan_9211 Software 0 01-10-2011 02:10 PM
FTP outward traffic causing "Unidentified IP traffic" error on ISA 2004 server connected to a PIX quentinhudson@hotmail.com Cisco 0 05-31-2006 11:43 AM
How does typical ISP traffic shaping/bandwidth limiting work ? Do ISP's allow bursty traffic per second ? Skybuck Flying Cisco 0 01-19-2006 08:50 PM
traffic-shaping limit ftp traffic Hypno999 Cisco 5 10-08-2005 07:25 AM
Traffic Log-Legitimate Traffic or Data Mining??? Jeff Computer Security 11 08-10-2004 01:08 AM



Advertisments