05-21-2011 08:41 AM - edited 03-04-2019 12:29 PM
Hi can not browse internet but am able to ping from vlan 3 to vlan 4 and vice versa
vlan 4 is users,vlan 3 is a server farm and has proxy squid 192.168.3.6 all suppose to pass here and set with some rules (this is perfect no problem if has no vlan on it users can broswe and when router has no acess list 100 and 102 )
Now i need to employ access list on router, acess list 100 and 102but users can not browse and ping from router to wan does not recognize
pls help on router and switches see attached
Solved! Go to Solution.
05-26-2011 04:15 AM
Alain
get to global conf
and do
R1921(config)#ip routing
R1921(config)# ip route 0.0.0.0 0.0.0.0 196.43.x.y
R1921(config)#no ip default-gateway
then write
show ip route
still gateway of last resort not set
what might be a problem,what need to be done
joseph
05-26-2011 04:18 AM
Is the output still empty?
post sh ip int br output
Regards.
Alain.
05-26-2011 04:34 AM
Alain
R1921(config)#no ip default-gateway
R1921(config)# ip routing
R1921#show ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
GigabitEthernet0/0 10.10.10.1 YES NVRAM down down
GigabitEthernet0/1 196.43.x.y YES NVRAM down down
NVI0 unassigned YES unset administratively down down
R1921#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
Yes help what to do,to sort this pls
thx
joseph
05-26-2011 04:39 AM
joseph,
From your output, both the interfaces are down??? That's why you are not able to see anything . Have you chcked if the physical cabling and all is good? Are you using the router console to type the commands?
You need to first have the interfaces up/up . only then you will get connectivity
R1921#show ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
GigabitEthernet0/0 10.10.10.1 YES NVRAM down down
GigabitEthernet0/1 196.43.x.y YES NVRAM down down
NVI0 unassigned YES unset administratively down down
R1921#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not setYes help what to do,to sort this pls
thx
joseph
HTH,
Kishore
Please rate if helps
05-28-2011 05:46 AM
Hi kishore
observe below setting still can not browse
note:WAN ip address 196.43.x.p
subnet mask 196.43.83.128
default gateway 196.43.x.y
R1921(config)#ip routing
R1921(config)#no access-list 100
R1921(config)#no access-list 102
R1921(config)#no default-gateway
R1921(config)# ip route 0.0.0.0 0.0.0.0 196.43.x.y
R1921(config)#ip route 192.168.3.0 255.255.255.0 10.10.10.2
R1921(config)#ip route 192.168.5.0 255.255.255.0 10.10.10.2
R1921#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 196.43.x.y to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 196.43.x.y
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.10.0/30 is directly connected, GigabitEthernet0/0
L 10.10.10.1/32 is directly connected, GigabitEthernet0/0
S 192.168.3.0/24 [1/0] via 10.10.10.2
S 192.168.5.0/24 [1/0] via 10.10.10.2
196.43.83.0/24 is variably subnetted, 2 subnets, 2 masks
C 196.43.83.128/25 is directly connected, GigabitEthernet0/1
L 196.43.x.p/32 is directly connected, GigabitEthernet0/1
R1921#show ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
GigabitEthernet0/0 10.10.10.1 YES NVRAM up up
GigabitEthernet0/1 196.43.x.p YES NVRAM up up
NVI0 10.10.10.1 YES unset up up
ping switch ip address
R1921#ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 1921 ip address
R1921#ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ping vlan6
R1921#ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
ping vlan3
R1921#ping 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ping dns
R1921#ping 196.46.104.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 196.46.104.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1921#ping www.yahoo.com
Translating "www.yahoo.com"
% Unrecognized host or address, or protocol not running.
R1921#
thx
05-29-2011 01:51 AM
hi joeph,
As you can see now you can ping to the external world from your router. Next, please do what i mentioned below
R1921(config)# int G0/1
R1921(config)# description Outside interface to network
R1921(config-if)# ip address 196.43.x.p 255.255.255.128
R1921(config-if)#ip access-group 100 in <
R1921(config)# int G0/0
R1921(config)# description Inside interface to network
R1921(config-if)# ip address 10.10.10.1 255.255.255.252
R1921(config-if)# ip policy route-map INT_ACCESS <<<< remove this
R1921(config-if)#ip access-group 102 in <<<< remove this
and then from your switch try to ping say "4.2.2.2" or any public ip address and see what happens. Also try to traceroute as well.
the command is "traceroute 4.2.2.2" from your switch. if it works then that means one of the above is preventing the switch from going to the internet and you can figure which one is causing the issue
HTH
Kishore
05-31-2011 11:12 PM
Thanks Kishore
now i can browse from vlan 4 and from vlan 6,i can ping from router to switch and vice versa , able to ping dns ip 196.46.k.t and reply well ,But am not able to ping www.google.com or any website from router or from switch .kindly check my conf from router and switch and help to make ping function from router to websites,can you suggest the best way to have router also has firewall function,how to do that on my config...thx
//router
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1921
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$mhnT$R2weEBZ4l3mQI7W5Q80xr1
!
no aaa new-model
!
!
!
clock timezone EST 3
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
no ip bootp server
no ip domain lookup
ip name-server 196.46.k.t
ip name-server 196.46.d.t
!
multilink bundle-name authenticated
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description connection to LAN
ip address 10.10.10.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex full
speed 1000
ntp disable
!
!
interface GigabitEthernet0/1
description connection to INTERNET
ip address 196.43.x.p 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
ntp disable
!
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip flow-export source GigabitEthernet0/1
!
ip nat inside source list NAT interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 196.43.x.y
ip route 192.168.3.0 255.255.255.0 10.10.10.2
ip route 192.168.5.0 255.255.255.0 10.10.10.2
!
ip access-list extended NAT
permit ip 10.0.0.0 0.0.0.3 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
!
!
no cdp run
!
!
!
!
!
control-plane
!
!
banner motd ^CThis is an official computer system and is the property of the ORGANIZATION. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or
^C
!
line con 0
line aux 0
line vty 0 4
password 7 09594C000B0C101B1105426063
login
line vty 5 15
password 7 09594C000B0C101B1105426063
login local
!
scheduler allocate 20000 1000
end
//switch conf
version 12.0
Switch-A> en
Switch-A#hostname Switch-A
Switch-A# conf t
Switch-A(config)#banner motd $This is an official computer system and is the property of the ORGANIZATION. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system may be subject to one or more of the following actions: interception, monitoring, recording, auditing, inspection and disclosing to security personnel and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to these actions. Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By accessing this system you indicate your awareness of and consent to these terms and conditions of use. Discontinue access immediately if you do not agree to the conditions stated in this notice.
$
Switch-A(config)# ip routing
Switch-A(config)# enable secret $$$$$$$
Switch-A(config)#service password-encription
Switch-A(config)#no service tcp-small-servers
Switch-A(config)#no service udp-small-servers
Switch-A(config)#no ip bootp server
Switch-A(config)#no ip finger
Switch-A(config)#no service finger
Switch-A(config)#no service config
Switch-A(config)#no boot host
Switch-A(config)#no boot network
Switch-A(config)#no boot system
Switch-A(config)#no service pad
Switch-A(config)#ip name-server 196.46.k.t
Switch-A(config)#ip name-server 196.46.d.t
Switch-A(config)#no ip domain-lookup
Switch-A(config)#no ip http server
Switch-A(config)#no snmp-server community
Switch-A(config)#no snmp-server enable traps
Switch-A(config)#no snmp-server system-shutdown
Switch-A(config)#no snmp-server
Switch-A(config)#no cdp run
Switch-A(vlan)# vlan 4
Switch-A(vlan)# vlan 6
Switch-A# conf t
Switch-A(config)#no cdp run
Switch-A(config)# interface vlan1
Switch-A(config)# description *** DEFAULT VLAN - Do NOT Use! ***
Switch-A(config-if)# no ip address
Switch-A(config-if)# shutdown
Switch-A(config)# interface vlan4
Switch-A(config-if)#description server's farm
Switch-A(config-if)# ip address 192.168.3.1 255.255.255.0
Switch-A(config-if)#ip access group vlan4
Switch-A(config-if)# no shutdown
Switch-A(config)# interface vlan6
Switch-A(config-if)#description SECURITY
Switch-A(config-if)# ip address 192.168.5.1 255.255.255.0
Switch-A(config-if)#ip access group vlan6
Switch-A(config-if)# no shutdown
Switch-A(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1
Switch-A(config)# interface G0/1
Switch-A(config)#description connection to router
Switch-A(config-if)# no switchport
Switch-A(config-if)# 10.10.10.2 255.255.255.252
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit
Switch-A(config)# interface range G0/6-8
Switch-A(config)#description security
Switch-A(config-if)# switchport mode access
Switch-A(config-if)# switchport access vlan 6
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit
Switch-A(config)# interface range G0/10-24
Switch-A(config)#description SERVER'S FARM
Switch-A(config-if)# switchport mode access
Switch-A(config-if)# switchport access vlan 4
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit
Switch-A(config)#wr
05-26-2011 04:40 AM
Can you post sh int gi0/0 and sh int gi0/1 result.
Alain.
05-28-2011 05:47 AM
Hi Alain
observe below setting still can not browse
note:WAN ip address 196.43.x.p
subnet mask 196.43.83.128
default gateway 196.43.x.y
R1921(config)#ip routing
R1921(config)#no access-list 100
R1921(config)#no access-list 102
R1921(config)#no default-gateway
R1921(config)# ip route 0.0.0.0 0.0.0.0 196.43.x.y
R1921(config)#ip route 192.168.3.0 255.255.255.0 10.10.10.2
R1921(config)#ip route 192.168.5.0 255.255.255.0 10.10.10.2
R1921#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 196.43.x.y to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 196.43.x.y
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.10.0/30 is directly connected, GigabitEthernet0/0
L 10.10.10.1/32 is directly connected, GigabitEthernet0/0
S 192.168.3.0/24 [1/0] via 10.10.10.2
S 192.168.5.0/24 [1/0] via 10.10.10.2
196.43.83.0/24 is variably subnetted, 2 subnets, 2 masks
C 196.43.83.128/25 is directly connected, GigabitEthernet0/1
L 196.43.x.p/32 is directly connected, GigabitEthernet0/1
R1921#show ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
GigabitEthernet0/0 10.10.10.1 YES NVRAM up up
GigabitEthernet0/1 196.43.x.p YES NVRAM up up
NVI0 10.10.10.1 YES unset up up
ping switch ip address
R1921#ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 1921 ip address
R1921#ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ping vlan6
R1921#ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
ping vlan3
R1921#ping 192.168.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ping dns
R1921#ping 196.46.104.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 196.46.104.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1921#ping www.yahoo.com
Translating "www.yahoo.com"
% Unrecognized host or address, or protocol not running.
R1921#
thx
05-29-2011 03:09 PM
Malai,
In your 1921, config you've entered the command "No ip Domain-lookup". That prevents the router from using DNS. Generally a good thing in routers as typos will be interpretted as commands to telnet to something and can get a bit annoying as the dns fails to find "shoipR' if forget to hit space or whatever.
Your client pc's should be ok at the moment. are they connecting to the internet?
Tony
05-29-2011 11:09 PM
Tony
YES,In my 1921, config i've entered the command "No ip Domain-lookup" and press enter .but configured with ip name-server
client pc also can not browse
thx
joseph
05-30-2011 05:11 PM
Malai,
Looking at your orignal config again, I think you may also have some NAT problems. you haven't defined the inside and outside interface.
Can i suggest that you look at this document to figure out what your doing and then progress from there?
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic5
Of course you've been asked to make a large number of changes in the course of this thread, you might want to do a "sho run" and paste the output here so we can see what the config looks like at the moment.
Tony
05-31-2011 11:15 PM
Thanks Tony
now i can browse from vlan 4 and from vlan 6,i can ping from router to switch and vice versa , able to ping dns ip 196.46.k.t and reply well ,But am not able to ping www.google.com or any website from router or from switch .kindly check my conf from router and switch and help to make ping function from router to websites,can you suggest the best way to have router also has firewall function,how to do that on my config...thx
//router
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1921
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$mhnT$R2weEBZ4l3mQI7W5Q80xr1
!
no aaa new-model
!
!
!
clock timezone EST 3
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
no ip bootp server
no ip domain lookup
ip name-server 196.46.k.t
ip name-server 196.46.d.t
!
multilink bundle-name authenticated
!
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description connection to LAN
ip address 10.10.10.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex full
speed 1000
ntp disable
!
!
interface GigabitEthernet0/1
description connection to INTERNET
ip address 196.43.x.p 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
ntp disable
!
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip flow-export source GigabitEthernet0/1
!
ip nat inside source list NAT interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 196.43.x.y
ip route 192.168.3.0 255.255.255.0 10.10.10.2
ip route 192.168.5.0 255.255.255.0 10.10.10.2
!
ip access-list extended NAT
permit ip 10.0.0.0 0.0.0.3 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
!
!
no cdp run
!
!
!
!
!
control-plane
!
!
banner motd ^CThis is an official computer system and is the property of the ORGANIZATION. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or
^C
!
line con 0
line aux 0
line vty 0 4
password 7 09594C000B0C101B1105426063
login
line vty 5 15
password 7 09594C000B0C101B1105426063
login local
!
scheduler allocate 20000 1000
end
//switch conf
version 12.0
Switch-A> en
Switch-A#hostname Switch-A
Switch-A# conf t
Switch-A(config)#banner motd $This is an official computer system and is the property of the ORGANIZATION. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system may be subject to one or more of the following actions: interception, monitoring, recording, auditing, inspection and disclosing to security personnel and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to these actions. Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By accessing this system you indicate your awareness of and consent to these terms and conditions of use. Discontinue access immediately if you do not agree to the conditions stated in this notice.
$
Switch-A(config)# ip routing
Switch-A(config)# enable secret $$$$$$$
Switch-A(config)#service password-encription
Switch-A(config)#no service tcp-small-servers
Switch-A(config)#no service udp-small-servers
Switch-A(config)#no ip bootp server
Switch-A(config)#no ip finger
Switch-A(config)#no service finger
Switch-A(config)#no service config
Switch-A(config)#no boot host
Switch-A(config)#no boot network
Switch-A(config)#no boot system
Switch-A(config)#no service pad
Switch-A(config)#ip name-server 196.46.k.t
Switch-A(config)#ip name-server 196.46.d.t
Switch-A(config)#no ip domain-lookup
Switch-A(config)#no ip http server
Switch-A(config)#no snmp-server community
Switch-A(config)#no snmp-server enable traps
Switch-A(config)#no snmp-server system-shutdown
Switch-A(config)#no snmp-server
Switch-A(config)#no cdp run
Switch-A(vlan)# vlan 4
Switch-A(vlan)# vlan 6
Switch-A# conf t
Switch-A(config)#no cdp run
Switch-A(config)# interface vlan1
Switch-A(config)# description *** DEFAULT VLAN - Do NOT Use! ***
Switch-A(config-if)# no ip address
Switch-A(config-if)# shutdown
Switch-A(config)# interface vlan4
Switch-A(config-if)#description server's farm
Switch-A(config-if)# ip address 192.168.3.1 255.255.255.0
Switch-A(config-if)#ip access group vlan4
Switch-A(config-if)# no shutdown
Switch-A(config)# interface vlan6
Switch-A(config-if)#description SECURITY
Switch-A(config-if)# ip address 192.168.5.1 255.255.255.0
Switch-A(config-if)#ip access group vlan6
Switch-A(config-if)# no shutdown
Switch-A(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1
Switch-A(config)# interface G0/1
Switch-A(config)#description connection to router
Switch-A(config-if)# no switchport
Switch-A(config-if)# 10.10.10.2 255.255.255.252
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit
Switch-A(config)# interface range G0/6-8
Switch-A(config)#description security
Switch-A(config-if)# switchport mode access
Switch-A(config-if)# switchport access vlan 6
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit
Switch-A(config)# interface range G0/10-24
Switch-A(config)#description SERVER'S FARM
Switch-A(config-if)# switchport mode access
Switch-A(config-if)# switchport access vlan 4
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit
Switch-A(config)#wr
06-01-2011 02:15 PM
Malai,
I'm a little confused. Are the client PC's able to connect to the internet now? To get your routers/switches to ping the Fully Qualified Domain Name remove the command "no ip domain-lookup" as i explained in a previous post that command is generally considered a good thing, but if you really need it then put it back in by entering "ip domain-lookup" into your router and switch.
To turn on your firewall I'd start by putting in your access-lists again, make sure everything is going first, then start putting your access-lists back in.
Tony
06-02-2011 12:26 AM
Thanks Tony,
did u mean that my access list for doing firewall is perfect?
which line to add/remove/edit pls?
joseph
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide