Solved: Re: can not browse internet - Page 2

malai.joseph · ‎05-21-2011

Hi can not browse internet but am able to ping from vlan 3 to vlan 4 and vice versa

vlan 4 is users,vlan 3 is a server farm and has proxy squid 192.168.3.6 all suppose to pass here and set with some rules (this is perfect no problem if has no vlan on it users can broswe and when router has no acess list 100 and 102 )

Now i need to employ access list on router, acess list 100 and 102but users can not browse and ping from router to wan does not recognize

pls help on router and switches see attached

malai.joseph · ‎05-26-2011

Alain

get to global conf

and do

R1921(config)#ip routing

R1921(config)# ip route 0.0.0.0 0.0.0.0 196.43.x.y

R1921(config)#no ip default-gateway

then write

show ip route

still gateway of last resort not set

what might be a problem,what need to be done

joseph

cadet alain · ‎05-26-2011

Is the output still empty?

post sh ip int br output

Regards.

Alain.

Don't forget to rate helpful posts.

malai.joseph · ‎05-26-2011

Alain

R1921(config)#no ip default-gateway

R1921(config)# ip routing

R1921#show ip interface brief
Interface                  IP-Address      OK? Method Status               Prot
ocol
GigabitEthernet0/0         10.10.10.1      YES NVRAM  down                 down

GigabitEthernet0/1         196.43.x.y   YES NVRAM  down                 down

NVI0                       unassigned      YES unset  administratively down down

R1921#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

Yes help what to do,to sort this pls

thx

joseph

Kishore Chennupati · ‎05-26-2011

joseph,

From your output, both the interfaces are down??? That's why you are not able to see anything . Have you chcked if the physical cabling and all is good? Are you using the router console to type the commands?

You need to first have the interfaces up/up . only then you will get connectivity

R1921#show ip interface brief
Interface                  IP-Address      OK? Method Status               Prot
ocol
GigabitEthernet0/0         10.10.10.1      YES NVRAM  down                 down

GigabitEthernet0/1         196.43.x.y   YES NVRAM  down                 down

NVI0                       unassigned      YES unset  administratively down down

R1921#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set
Yes help what to do,to sort this pls
thx
joseph

HTH,

Kishore

Please rate if helps

malai.joseph · ‎05-28-2011

Hi kishore

observe below setting still can not browse

note:WAN ip address 196.43.x.p
subnet mask 196.43.83.128
default gateway 196.43.x.y

R1921(config)#ip routing

R1921(config)#no access-list 100

R1921(config)#no access-list 102
R1921(config)#no default-gateway
R1921(config)# ip route 0.0.0.0 0.0.0.0 196.43.x.y
R1921(config)#ip route 192.168.3.0 255.255.255.0 10.10.10.2
R1921(config)#ip route 192.168.5.0 255.255.255.0 10.10.10.2
R1921#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 196.43.x.y to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 196.43.x.y
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C     10.10.10.0/30 is directly connected, GigabitEthernet0/0
L     10.10.10.1/32 is directly connected, GigabitEthernet0/0
S     192.168.3.0/24 [1/0] via 10.10.10.2
S     192.168.5.0/24 [1/0] via 10.10.10.2
      196.43.83.0/24 is variably subnetted, 2 subnets, 2 masks
C        196.43.83.128/25 is directly connected, GigabitEthernet0/1
L        196.43.x.p/32 is directly connected, GigabitEthernet0/1

R1921#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
GigabitEthernet0/0         10.10.10.1      YES NVRAM up                    up

GigabitEthernet0/1         196.43.x.p   YES NVRAM up                    up

NVI0                       10.10.10.1      YES unset up                    up

ping switch ip address
R1921#ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 1921 ip address
R1921#ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ping vlan6
R1921#ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
ping vlan3
R1921#ping 192.168.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

ping dns
R1921#ping 196.46.104.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 196.46.104.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1921#ping www.yahoo.com

Translating "www.yahoo.com"
% Unrecognized host or address, or protocol not running.

R1921#

thx

Kishore Chennupati · ‎05-29-2011

hi joeph,

As you can see now you can ping to the external world from your router. Next, please do what i mentioned below

R1921(config)# int G0/1
R1921(config)# description Outside interface to network
R1921(config-if)# ip address 196.43.x.p 255.255.255.128
R1921(config-if)#ip access-group 100 in <

R1921(config)# int G0/0
R1921(config)# description Inside interface to network
R1921(config-if)# ip address 10.10.10.1 255.255.255.252
R1921(config-if)# ip policy route-map INT_ACCESS <<<< remove this
R1921(config-if)#ip access-group 102 in <<<< remove this

and then from your switch try to ping say "4.2.2.2" or any public ip address and see what happens. Also try to traceroute as well.

the command is "traceroute 4.2.2.2" from your switch. if it works then that means one of the above is preventing the switch from going to the internet and you can figure which one is causing the issue

HTH

Kishore

malai.joseph · ‎05-31-2011

Thanks Kishore

now i can browse from vlan 4 and from vlan 6,i can ping from router to switch and vice versa , able to ping dns ip 196.46.k.t and reply well ,But am not able to ping www.google.com or any website from router or from switch .kindly check my conf from router and switch and help to make ping function from router to websites,can you suggest the best way to have router also has firewall function,how to do that on my config...thx

//router
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1921
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$mhnT$R2weEBZ4l3mQI7W5Q80xr1
!
no aaa new-model
!
!
!
clock timezone EST 3
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
no ip bootp server
no ip domain lookup
ip name-server 196.46.k.t
ip name-server 196.46.d.t
!
multilink bundle-name authenticated
!
!
!

!
!
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description connection to LAN
ip address 10.10.10.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex full
speed 1000
ntp disable
!
!
interface GigabitEthernet0/1
description connection to INTERNET
ip address 196.43.x.p 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
ntp disable
!
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip flow-export source GigabitEthernet0/1
!
ip nat inside source list NAT interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 196.43.x.y
ip route 192.168.3.0 255.255.255.0 10.10.10.2
ip route 192.168.5.0 255.255.255.0 10.10.10.2
!
ip access-list extended NAT
permit ip 10.0.0.0 0.0.0.3 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
!
!
no cdp run

!
!
!
!
!
control-plane
!
!
banner motd ^CThis is an official computer system and is the property of the ORGANIZATION. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or
^C
!
line con 0
line aux 0
line vty 0 4
password 7 09594C000B0C101B1105426063
login
line vty 5 15
password 7 09594C000B0C101B1105426063
login local
!
scheduler allocate 20000 1000
end

//switch conf

version 12.0
Switch-A> en
Switch-A#hostname Switch-A
Switch-A# conf t
Switch-A(config)#banner motd $This is an official computer system and is the property of the ORGANIZATION. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system may be subject to one or more of the following actions: interception, monitoring, recording, auditing, inspection and disclosing to security personnel and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to these actions. Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By accessing this system you indicate your awareness of and consent to these terms and conditions of use. Discontinue access immediately if you do not agree to the conditions stated in this notice.
$
Switch-A(config)# ip routing

Switch-A(config)# enable secret $$$$$$$
Switch-A(config)#service password-encription
Switch-A(config)#no service tcp-small-servers
Switch-A(config)#no service udp-small-servers
Switch-A(config)#no ip bootp server
Switch-A(config)#no ip finger
Switch-A(config)#no service finger
Switch-A(config)#no service config
Switch-A(config)#no boot host
Switch-A(config)#no boot network
Switch-A(config)#no boot system
Switch-A(config)#no service pad

Switch-A(config)#ip name-server 196.46.k.t
Switch-A(config)#ip name-server 196.46.d.t
Switch-A(config)#no ip domain-lookup
Switch-A(config)#no ip http server
Switch-A(config)#no snmp-server community
Switch-A(config)#no snmp-server enable traps
Switch-A(config)#no snmp-server system-shutdown
Switch-A(config)#no snmp-server
Switch-A(config)#no cdp run

Switch-A(vlan)# vlan 4
Switch-A(vlan)# vlan 6

Switch-A# conf t
Switch-A(config)#no cdp run
Switch-A(config)# interface vlan1
Switch-A(config)# description *** DEFAULT VLAN - Do NOT Use! ***
Switch-A(config-if)# no ip address
Switch-A(config-if)# shutdown

Switch-A(config)# interface vlan4
Switch-A(config-if)#description server's farm
Switch-A(config-if)# ip address 192.168.3.1 255.255.255.0
Switch-A(config-if)#ip access group vlan4
Switch-A(config-if)# no shutdown

Switch-A(config)# interface vlan6
Switch-A(config-if)#description SECURITY
Switch-A(config-if)# ip address 192.168.5.1 255.255.255.0
Switch-A(config-if)#ip access group vlan6
Switch-A(config-if)# no shutdown

Switch-A(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1

Switch-A(config)# interface G0/1
Switch-A(config)#description connection to router
Switch-A(config-if)# no switchport
Switch-A(config-if)# 10.10.10.2 255.255.255.252
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit

Switch-A(config)# interface range G0/6-8
Switch-A(config)#description security
Switch-A(config-if)# switchport mode access
Switch-A(config-if)# switchport access vlan 6
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit

Switch-A(config)# interface range G0/10-24
Switch-A(config)#description SERVER'S FARM
Switch-A(config-if)# switchport mode access
Switch-A(config-if)# switchport access vlan 4
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit
Switch-A(config)#wr

cadet alain · ‎05-26-2011

Can you post sh int gi0/0 and sh int gi0/1 result.

Alain.

Don't forget to rate helpful posts.

malai.joseph · ‎05-28-2011

Hi Alain

observe below setting still can not browse

note:WAN ip address 196.43.x.p
subnet mask 196.43.83.128
default gateway 196.43.x.y

R1921(config)#ip routing

R1921(config)#no access-list 100

R1921(config)#no access-list 102

R1921(config)#no default-gateway
R1921(config)# ip route 0.0.0.0 0.0.0.0 196.43.x.y
R1921(config)#ip route 192.168.3.0 255.255.255.0 10.10.10.2
R1921(config)#ip route 192.168.5.0 255.255.255.0 10.10.10.2
R1921#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2
        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
        ia - IS-IS inter area, * - candidate default, U - per-user static route
        o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 196.43.x.y to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 196.43.x.y
       10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C     10.10.10.0/30 is directly connected, GigabitEthernet0/0
L     10.10.10.1/32 is directly connected, GigabitEthernet0/0
S     192.168.3.0/24 [1/0] via 10.10.10.2
S     192.168.5.0/24 [1/0] via 10.10.10.2
       196.43.83.0/24 is variably subnetted, 2 subnets, 2 masks
C        196.43.83.128/25 is directly connected, GigabitEthernet0/1
L        196.43.x.p/32 is directly connected, GigabitEthernet0/1

R1921#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
GigabitEthernet0/0         10.10.10.1      YES NVRAM up                    up

GigabitEthernet0/1         196.43.x.p   YES NVRAM up                    up

NVI0                       10.10.10.1      YES unset up                    up

ping switch ip address
R1921#ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping 1921 ip address
R1921#ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ping vlan6
R1921#ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
ping vlan3
R1921#ping 192.168.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

ping dns
R1921#ping 196.46.104.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 196.46.104.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1921#ping www.yahoo.com

Translating "www.yahoo.com"
% Unrecognized host or address, or protocol not running.

R1921#

thx

tony.henry_2 · ‎05-29-2011

Malai,

In your 1921, config you've entered the command "No ip Domain-lookup". That prevents the router from using DNS. Generally a good thing in routers as typos will be interpretted as commands to telnet to something and can get a bit annoying as the dns fails to find "shoipR' if forget to hit space or whatever.

Your client pc's should be ok at the moment. are they connecting to the internet?

Tony

malai.joseph · ‎05-29-2011

Tony

YES,In my 1921, config i've entered the command "No ip Domain-lookup" and press enter .but configured with ip name-server

client pc also can not browse

thx

joseph

tony.henry_2 · ‎05-30-2011

Malai,

Looking at your orignal config again, I think you may also have some NAT problems. you haven't defined the inside and outside interface.

Can i suggest that you look at this document to figure out what your doing and then progress from there?

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic5

Of course you've been asked to make a large number of changes in the course of this thread, you might want to do a "sho run" and paste the output here so we can see what the config looks like at the moment.

Tony

malai.joseph · ‎05-31-2011

Thanks Tony

now i can browse from vlan 4 and from vlan 6,i can ping from router to switch and vice versa , able to ping dns ip 196.46.k.t and reply well ,But am not able to ping www.google.com or any website from router or from switch .kindly check my conf from router and switch and help to make ping function from router to websites,can you suggest the best way to have router also has firewall function,how to do that on my config...thx

//router
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1921
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$mhnT$R2weEBZ4l3mQI7W5Q80xr1
!
no aaa new-model
!
!
!
clock timezone EST 3
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
no ip bootp server
no ip domain lookup
ip name-server 196.46.k.t
ip name-server 196.46.d.t
!
multilink bundle-name authenticated
!
!
!

!
!
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description connection to LAN
ip address 10.10.10.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex full
speed 1000
ntp disable
!
!
interface GigabitEthernet0/1
description connection to INTERNET
ip address 196.43.x.p 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
ntp disable
!
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip flow-export source GigabitEthernet0/1
!
ip nat inside source list NAT interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 196.43.x.y
ip route 192.168.3.0 255.255.255.0 10.10.10.2
ip route 192.168.5.0 255.255.255.0 10.10.10.2
!
ip access-list extended NAT
permit ip 10.0.0.0 0.0.0.3 any
permit ip 192.168.3.0 0.0.0.255 any
permit ip 192.168.5.0 0.0.0.255 any
!
!
no cdp run

!
!
!
!
!
control-plane
!
!
banner motd ^CThis is an official computer system and is the property of the ORGANIZATION. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or
^C
!
line con 0
line aux 0
line vty 0 4
password 7 09594C000B0C101B1105426063
login
line vty 5 15
password 7 09594C000B0C101B1105426063
login local
!
scheduler allocate 20000 1000
end

//switch conf

version 12.0
Switch-A> en
Switch-A#hostname Switch-A
Switch-A# conf t
Switch-A(config)#banner motd $This is an official computer system and is the property of the ORGANIZATION. It is for authorized users only. Unauthorized users are prohibited. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system may be subject to one or more of the following actions: interception, monitoring, recording, auditing, inspection and disclosing to security personnel and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to these actions. Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By accessing this system you indicate your awareness of and consent to these terms and conditions of use. Discontinue access immediately if you do not agree to the conditions stated in this notice.
$
Switch-A(config)# ip routing

Switch-A(config)# enable secret $$$$$$$
Switch-A(config)#service password-encription
Switch-A(config)#no service tcp-small-servers
Switch-A(config)#no service udp-small-servers
Switch-A(config)#no ip bootp server
Switch-A(config)#no ip finger
Switch-A(config)#no service finger
Switch-A(config)#no service config
Switch-A(config)#no boot host
Switch-A(config)#no boot network
Switch-A(config)#no boot system
Switch-A(config)#no service pad

Switch-A(config)#ip name-server 196.46.k.t
Switch-A(config)#ip name-server 196.46.d.t
Switch-A(config)#no ip domain-lookup
Switch-A(config)#no ip http server
Switch-A(config)#no snmp-server community
Switch-A(config)#no snmp-server enable traps
Switch-A(config)#no snmp-server system-shutdown
Switch-A(config)#no snmp-server
Switch-A(config)#no cdp run

Switch-A(vlan)# vlan 4
Switch-A(vlan)# vlan 6

Switch-A# conf t
Switch-A(config)#no cdp run
Switch-A(config)# interface vlan1
Switch-A(config)# description *** DEFAULT VLAN - Do NOT Use! ***
Switch-A(config-if)# no ip address
Switch-A(config-if)# shutdown

Switch-A(config)# interface vlan4
Switch-A(config-if)#description server's farm
Switch-A(config-if)# ip address 192.168.3.1 255.255.255.0
Switch-A(config-if)#ip access group vlan4
Switch-A(config-if)# no shutdown

Switch-A(config)# interface vlan6
Switch-A(config-if)#description SECURITY
Switch-A(config-if)# ip address 192.168.5.1 255.255.255.0
Switch-A(config-if)#ip access group vlan6
Switch-A(config-if)# no shutdown

Switch-A(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1

Switch-A(config)# interface G0/1
Switch-A(config)#description connection to router
Switch-A(config-if)# no switchport
Switch-A(config-if)# 10.10.10.2 255.255.255.252
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit

Switch-A(config)# interface range G0/6-8
Switch-A(config)#description security
Switch-A(config-if)# switchport mode access
Switch-A(config-if)# switchport access vlan 6
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit

Switch-A(config)# interface range G0/10-24
Switch-A(config)#description SERVER'S FARM
Switch-A(config-if)# switchport mode access
Switch-A(config-if)# switchport access vlan 4
Switch-A(config-if)# no shutdown
Switch-A(config-if)# exit
Switch-A(config)#wr

tony.henry_2 · ‎06-01-2011

Malai,

I'm a little confused. Are the client PC's able to connect to the internet now? To get your routers/switches to ping the Fully Qualified Domain Name remove the command "no ip domain-lookup" as i explained in a previous post that command is generally considered a good thing, but if you really need it then put it back in by entering "ip domain-lookup" into your router and switch.

To turn on your firewall I'd start by putting in your access-lists again, make sure everything is going first, then start putting your access-lists back in.

Tony

malai.joseph · ‎06-02-2011

Thanks Tony,

did u mean that my access list for doing firewall is perfect?

which line to add/remove/edit pls?

joseph