- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2011 08:41 AM - edited 03-04-2019 12:29 PM
Hi can not browse internet but am able to ping from vlan 3 to vlan 4 and vice versa
vlan 4 is users,vlan 3 is a server farm and has proxy squid 192.168.3.6 all suppose to pass here and set with some rules (this is perfect no problem if has no vlan on it users can broswe and when router has no acess list 100 and 102 )
Now i need to employ access list on router, acess list 100 and 102but users can not browse and ping from router to wan does not recognize
pls help on router and switches see attached
Solved! Go to Solution.
- Labels:
-
Other Routing
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 04:05 AM
hi alain,
if im not mistaken if ip routing is disabled then the output you see would be some thing like this
sh ip route
Default gateway is not set
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 04:40 AM
Can you post sh int gi0/0 and sh int gi0/1 result.
Alain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2011 01:51 AM
hi joeph,
As you can see now you can ping to the external world from your router. Next, please do what i mentioned below
R1921(config)# int G0/1
R1921(config)# description Outside interface to network
R1921(config-if)# ip address 196.43.x.p 255.255.255.128
R1921(config-if)#ip access-group 100 in <
R1921(config)# int G0/0
R1921(config)# description Inside interface to network
R1921(config-if)# ip address 10.10.10.1 255.255.255.252
R1921(config-if)# ip policy route-map INT_ACCESS <<<< remove this
R1921(config-if)#ip access-group 102 in <<<< remove this
and then from your switch try to ping say "4.2.2.2" or any public ip address and see what happens. Also try to traceroute as well.
the command is "traceroute 4.2.2.2" from your switch. if it works then that means one of the above is preventing the switch from going to the internet and you can figure which one is causing the issue
HTH
Kishore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-01-2011 02:15 PM
Malai,
I'm a little confused. Are the client PC's able to connect to the internet now? To get your routers/switches to ping the Fully Qualified Domain Name remove the command "no ip domain-lookup" as i explained in a previous post that command is generally considered a good thing, but if you really need it then put it back in by entering "ip domain-lookup" into your router and switch.
To turn on your firewall I'd start by putting in your access-lists again, make sure everything is going first, then start putting your access-lists back in.
Tony
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2011 10:48 PM
Malai,
Just had a quick look through. I think part of the problem may be in the 1921. in that it doesn't seem to have a route back to 192.168.3.0/24 or 192.168.5.0.24. What does a sho Ip route output look like on that router?
HTH
Tony
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2011 01:22 AM
R1921(config)# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
Tony tell me what need to be done ,have a look at my conf and let me know what to do (set Gateway of last resort is not set )and
How to route back to 192.168.3.0/24 or 192.168.5.0.24 pls
ths
malai
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2011 11:17 AM
Looks like you have no routes at all.
You can eithe manually enter the routes like
ip route a.b.c.d 255.255.255.0 x.y.z.h 255.255.255.0
or you can use any routing protocol
like Rip v2 or Eigrp
For example, if you have 192.168.3.0/24 conneted with router; You enter
router eigrp 1
network 192.168.3.0 255.255.255.0
You need to do this on all routers and enter the directly connected networks.
This will automatically send routes to all routers in your network.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2011 11:38 PM
Thanks Sharma,
Kindly refer to my original post and check conf of router and switch
And give the way forward to implement this,and not ip route a.b.c.d 255.255.255.0 x.y.z.h 255.255.255.0
find my ip address and other basic staff for conf on router and switch and give the way
am new to cisco staff ,pls show what to do on router and switch pls
joseph
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2011 02:55 PM
Malai,
Before we run off and put routing protocols on the router. Looking at the output it would seem none of the interfaces are up. try pinging from the 1921 to the 3560 and vice versa.
You might want to have a think about the route-map INT_ACCESS It seems to be matching your servers and then setting the default route back to the proxy. Is this what you wanted it to do? Why is that?
my steps would be.
shut the internet connection.
Define requirements.
establish connectivity between your client machines and the 10.10.10.1 (ping)
apply access lists required,
open internet connection.
hth
Tony
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 12:26 AM
Tony
route-map INT_ACCESS It seems to be matching your servers,very true,ip address 192.168.3.6 is proxy server and all need to browse by passing to this...
what i need is from my ruter conf and switch conf to be able to browse and route back to users
//
my steps would be.
shut the internet connection.
Define requirements.
establish connectivity between your client machines and the 10.10.10.1 (ping)
apply access lists required,
open internet connection.
//the above is well valued if use specific particulars/implementation to be done
am new user pls give the way forward.what need to be done on router and what need to be done on switch
Joseph
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 02:16 AM
joseph,
Your switch config is ok. No problem with that. However, your router config needs some changes. Type the below commands and see if it helps.
ip route 192.168.3.0 255.255.255.0 10.10.10.2
ip route 192.168.5.0 255.255.255.0 10.10.10.2
You can remove this command from your router "ip default-gateway 196.43.x.y". It's not required. Also, remove the access groups 100 and 102 from the interfaces to see if you can get access to the external world.
Regards
Kishore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 04:11 AM
Hi kishore,
just get to global conf and do ..ip routing
and no ip default-gateway
do......... ip route 0.0.0.0 0.0.0.0 196.43.x.y
and when show ip route still show ,gateway of last resort not set ..pls let me know what next to do
joseph
thx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 02:22 PM
Malai,
It's quite clear you've got a layer two problem. solving this will be the first step, you still have some routing issues that haven't been solved as yet.
Lets try and get your 3560-1921 interface going first.
is the cable ok? What makes you think it is? the router hasn't brought the interface up which is why it doesn't appear as connected in your "Show Ip routes" output.
How far apart are the two devices? Are the link lights on? Have you got anything that can test the cable? If everything appears ok there then you need to look at the actual interfaces and think about swapping those around.
I agree with kishmore in this post
"
joseph,
Your switch config is ok. No problem with that. However, your router config needs some changes. Type the below commands and see if it helps.
ip route 192.168.3.0 255.255.255.0 10.10.10.2
ip route 192.168.5.0 255.255.255.0 10.10.10.2
You can remove this command from your router "ip default-gateway 196.43.x.y". It's not required. Also, remove the access groups 100 and 102 from the interfaces to see if you can get access to the external world.
Regards
Kishore"
As this will in all likely hood solve the routing issues.
HTH
Tony
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 02:27 AM
hi,
malai.joseph wrote:
R1921(config)# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
This is not right. Your gateway of last resort is not set which means that the router doesnt know where to forward the default packets to.
can you check what ip address you are using in your " ip route 0.0.0.0 0.0.0.0 ???"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 03:53 AM
Hi,
the output of sh ip route is empty so maybe ip routing is disabled. can you enter global config command ip routing and then redo a sh ip route.
Regards.
Alain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 04:05 AM
hi alain,
if im not mistaken if ip routing is disabled then the output you see would be some thing like this
sh ip route
Default gateway is not set
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 04:16 AM
Yep , you're right.
Can he provide a sh ip int br output
Regards.
Alain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2011 04:39 AM
Kishore
what are the way forward pls
what need to be done on router
Joseph
