12-06-2015 07:54 PM - edited 03-05-2019 02:53 AM
Hello;
I hope someone can provide me with extreme help on getting an internal network up and running; i had one internal network up and running before; but it seems like my second network were lagging and timing out then one day at work i had a power surge when i got home that cause a major shutdown all my equipment which i was unable to save configuration on my router and switch. So at this point im kinda stuck on what else i need to do. I was able to do a test on one of my computers; and at first my dhcp on my router was unable to provide my computer an ip address; so i had to change my computer to a static ip in order to connect to my router; once it was connected to my router i wasn't unable to connect to the internet; so after reviewing my configuration on the switch and router i was unable to pinpoint the problem if it was on the switch or on the router. Hopefully someone can provide some advice on what i need to do or change in order to get my internal network up and running. Listed below is my configuration of my router and switch please help !!!!!!!!!
Router config
ersion 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
clock calendar-valid
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.0.1 10.10.0.49
ip dhcp excluded-address 10.10.0.75 10.10.0.255
!
ip dhcp pool R_POOL
import all
network 10.10.0.0 255.255.255.0
update dns
default-router 10.10.0.1
dns-server 192.168.0.1
domain-name R.com
update arp
!
interface FastEthernet0
description OUT
ip address 192.168.0.80 255.255.255.0
ip access-group 100 out
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
vlan-id dot1q 192
description OUT
pppoe enable
exit-vlan-config
!
interface FastEthernet1
ip address 10.10.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
vlan-id dot1q 10
description IN
pppoe enable
exit-vlan-config
!
interface FastEthernet1.92
description OUT
encapsulation dot1Q 192
ip address dhcp client-id FastEthernet0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
pppoe enable group global
!
interface Vlan192
no ip address
ip verify unicast source reachable-via any
ip mask-reply
ip accounting output-packets
ip nat outside
ip virtual-reassembly
!
interface Vlan10
no ip address
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 (Public IP)
!
ip nat pool pool1 192.168.0.80 192.168.0.255 netmask 0.0.0.0
ip nat inside source list 100 pool pool1
!
access-list 100 remark NAT Rule
access-list 100 permit tcp 0.0.0.0 255.255.255.0 eq domain any
access-list 100 permit tcp 0.0.0.0 255.255.255.0 eq www any
access-list 100 permit tcp 0.0.0.0 255.255.255.0 eq 443 any
access-list 100 permit tcp 0.0.0.0 255.255.255.0 eq 8080 any
access-list 100 permit ip 0.0.0.1 255.255.255.0 any
access-list 100 permit udp 0.0.0.1 255.255.255.0 any
access-list 100 permit tcp 0.0.0.1 255.255.255.0 any
Switch Config
hostname S1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1998
no ip subnet-zero
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/12
description test 192
switchport access vlan 192
switchport trunk native vlan 192
switchport trunk allowed vlan 192
switchport trunk pruning vlan 192
switchport mode trunk
switchport nonegotiate
switchport port-security mac-address sticky
shutdown
speed 100
duplex full
spanning-tree portfast trunk
spanning-tree bpdufilter disable
spanning-tree bpduguard disable
!
interface FastEthernet0/12
description test 10
switchport access vlan 10
switchport trunk native vlan 10
switchport trunk allowed vlan 10
switchport trunk pruning vlan 10
switchport mode trunk
switchport nonegotiate
switchport port-security mac-address sticky
shutdown
speed 100
duplex full
spanning-tree portfast trunk
spanning-tree bpdufilter disable
spanning-tree bpduguard disable
!
interface GigabitEthernet0/1
description Out-to-WAN
switchport access vlan 192
switchport trunk native vlan 192
switchport trunk allowed vlan 192
switchport trunk pruning vlan 192
switchport mode trunk
switchport nonegotiate
switchport port-security mac-address sticky
speed 1000
duplex full
spanning-tree portfast
spanning-tree bpdufilter disable
spanning-tree bpduguard disable
!
interface GigabitEthernet0/2
description TRUNK-to-FE0/1
switchport access vlan 10
switchport trunk native vlan 10
switchport trunk allowed vlan 10
switchport trunk pruning vlan 10
switchport mode trunk
switchport nonegotiate
switchport port-security mac-address sticky
speed 100
duplex full
spanning-tree portfast
spanning-tree bpdufilter disable
spanning-tree bpduguard disable
!
interface Vlan10
description IN
ip address 10.10.0.2 255.255.255.0
ip mask-reply
ip information-reply
ip security dedicated unclassified genser
ip security add
ip security first
no ip route-cache
spanning-tree portfast trunk
!
interface Vlan192
description OUT
ip address dhcp client-id Vlan192
ip mask-reply
ip information-reply
ip accounting output-packets
ip security dedicated unclassified genser
ip security add
ip security first
no ip route-cache
ip tcp adjust-mss 1460
spanning-tree portfast trunk
Solved! Go to Solution.
12-18-2015 02:54 PM
Hello,
I am here. How is your network? is it working well?
12-18-2015 03:07 PM
Hello;
So far it seems be workin fine; i haven't had any issue lately thanks to you; yes it working well; but my next item that i would like to do is mainly secure certain ports on my inside and outside interface that we discussed a week ago.
So i tried and tried and tried different configurations difference scenriaos far as my access-list to allow only certain ports in and out.
What i would like to do on my outside interface is have only port 7,53, 80, 443, and 8080 allowed; where as my inside internal interface i would like to have port 7,21,22,23,25,53,67,80,110,123,143,443,1500,1501, and 8080; yes i know ports by the back of my head and these are the only port i want to be allowed inside my interface so all my computers/servers can talk/share/ping/ftp etc etc to each other.
Any ideas that could help ??
12-18-2015 03:13 PM
Can you open a new post? I have really hard time to find your comment here.
Its title the same as you posted in your previous comment.
12-18-2015 03:22 PM
its called
Cisco Router 1800/Cisco Switch 2960 Access List Help !!!!!!!!!!!!
12-08-2015 07:08 PM
Just lets go over port security.
First shut down any ports which you do not use.
You can add mac of your devices to switch. If any mac-address except the ones you configured come to your switch, switch disable that port.
Do the following step.
1- find your Laptop Mac-address
2- interface g0/10 [ Only for PC and server)
switchport mode access
switchport port-security
switchport port-security mac-address 001b.d41b.a4d8 (your laptop mac address)
switchport port-security maximum 1
Now, if you attach any other PC or laptop, switch shuts port g0/10
Try with one interface at the first.
Masoud
12-08-2015 03:50 PM
Your all client are attached to that switch by ethernet cable? You have only LAN client?
Do you have any other clients like dial up wireless, DSL?
All of your clients have the IP of address of 10.10.x.x?
Masoud
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide