cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4697
Views
105
Helpful
50
Replies

Cisco Router 1800/Cisco Switch 2960

j_j624001
Beginner
Beginner

Hello;

I hope someone can provide me with extreme help on getting an internal network up and running; i had one internal network up and running before; but it seems like my second network were lagging and timing out then one day at work i had a power surge when i got home that cause a major shutdown all my equipment which i was unable to save configuration on my router and switch. So at this point im kinda stuck on what else i need to do. I was able to do a test on one of my computers; and at first my dhcp on my router was unable to provide my computer an ip address; so i had to change my computer to a static ip in order to connect to my router; once it was connected to my router i wasn't unable to connect to the internet; so after reviewing my configuration on the switch and router i was unable to pinpoint the problem if it was on the switch or on the router. Hopefully someone can provide some advice on what i need to do or change in order to get my internal network up and running. Listed below is my configuration of my router and switch please help !!!!!!!!!

Router config

ersion 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

clock calendar-valid

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.0.1 10.10.0.49

ip dhcp excluded-address 10.10.0.75 10.10.0.255

!

ip dhcp pool R_POOL

import all

network 10.10.0.0 255.255.255.0

update dns

default-router 10.10.0.1

dns-server 192.168.0.1

domain-name R.com

update arp

!

interface FastEthernet0

description OUT

ip address 192.168.0.80 255.255.255.0

ip access-group 100 out

ip nat outside

ip virtual-reassembly

speed auto

full-duplex

vlan-id dot1q 192

description OUT

pppoe enable

exit-vlan-config

!

interface FastEthernet1

ip address 10.10.0.1 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

speed 100

full-duplex

vlan-id dot1q 10

description IN

pppoe enable

exit-vlan-config

!

interface FastEthernet1.92

description OUT

encapsulation dot1Q 192

ip address dhcp client-id FastEthernet0

ip nat inside

ip virtual-reassembly

no snmp trap link-status

pppoe enable group global

!

interface Vlan192

no ip address

ip verify unicast source reachable-via any

ip mask-reply

ip accounting output-packets

ip nat outside

ip virtual-reassembly

!

interface Vlan10

no ip address

ip nat inside

ip virtual-reassembly

!

ip route 0.0.0.0 0.0.0.0 (Public IP)

!

ip nat pool pool1 192.168.0.80 192.168.0.255 netmask 0.0.0.0

ip nat inside source list 100 pool pool1

!

access-list 100 remark NAT Rule

access-list 100 permit tcp 0.0.0.0 255.255.255.0 eq domain any

access-list 100 permit tcp 0.0.0.0 255.255.255.0 eq www any

access-list 100 permit tcp 0.0.0.0 255.255.255.0 eq 443 any

access-list 100 permit tcp 0.0.0.0 255.255.255.0 eq 8080 any

access-list 100 permit ip 0.0.0.1 255.255.255.0 any

access-list 100 permit udp 0.0.0.1 255.255.255.0 any

access-list 100 permit tcp 0.0.0.1 255.255.255.0 any

Switch Config

hostname S1

!

boot-start-marker

boot-end-marker

!

no aaa new-model

system mtu routing 1998

no ip subnet-zero

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/12

description test 192

switchport access vlan 192

switchport trunk native vlan 192

switchport trunk allowed vlan 192

switchport trunk pruning vlan 192

switchport mode trunk

switchport nonegotiate

switchport port-security mac-address sticky

shutdown

speed 100

duplex full

spanning-tree portfast trunk

spanning-tree bpdufilter disable

spanning-tree bpduguard disable

!

interface FastEthernet0/12

description test 10

switchport access vlan 10

switchport trunk native vlan 10

switchport trunk allowed vlan 10

switchport trunk pruning vlan 10

switchport mode trunk

switchport nonegotiate

switchport port-security mac-address sticky

shutdown

speed 100

duplex full

spanning-tree portfast trunk

spanning-tree bpdufilter disable

spanning-tree bpduguard disable

!

interface GigabitEthernet0/1

description Out-to-WAN

switchport access vlan 192

switchport trunk native vlan 192

switchport trunk allowed vlan 192

switchport trunk pruning vlan 192

switchport mode trunk

switchport nonegotiate

switchport port-security mac-address sticky

speed 1000

duplex full

spanning-tree portfast

spanning-tree bpdufilter disable

spanning-tree bpduguard disable

!

interface GigabitEthernet0/2

description TRUNK-to-FE0/1

switchport access vlan 10

switchport trunk native vlan 10

switchport trunk allowed vlan 10

switchport trunk pruning vlan 10

switchport mode trunk

switchport nonegotiate

switchport port-security mac-address sticky

speed 100

duplex full

spanning-tree portfast

spanning-tree bpdufilter disable

spanning-tree bpduguard disable

!

interface Vlan10

description IN

ip address 10.10.0.2 255.255.255.0

ip mask-reply

ip information-reply

ip security dedicated unclassified genser

ip security add

ip security first

no ip route-cache

spanning-tree portfast trunk

!

interface Vlan192

description OUT

ip address dhcp client-id Vlan192

ip mask-reply

ip information-reply

ip accounting output-packets

ip security dedicated unclassified genser

ip security add

ip security first

no ip route-cache

ip tcp adjust-mss 1460

spanning-tree portfast trunk

50 Replies 50

Hello,

I am here. How is your network? is it working well?

Hello;

So far it seems be workin fine; i haven't had any issue lately thanks to you; yes it working well; but my next item that i would like to do is mainly secure certain ports on my inside and outside interface that we discussed a week ago.

So i tried and tried and tried different configurations  difference scenriaos far as my access-list to allow only certain ports  in and out.

What i would like to do on my outside interface is have only port 7,53, 80, 443, and 8080 allowed; where as my inside internal interface i would like to have port 7,21,22,23,25,53,67,80,110,123,143,443,1500,1501, and 8080; yes i know ports by the back of my head and these are the only port i want to be allowed inside my interface so all my computers/servers can talk/share/ping/ftp etc etc to each other.

Any ideas that could help ??

Can you open a new post? I have really hard time to find your comment here.

Its title the same as you posted in your previous comment.

its called

Cisco Router 1800/Cisco Switch 2960 Access List Help !!!!!!!!!!!!

Just lets go over port security.

First shut down any ports which you do not use.

You can add mac of your devices to switch. If any mac-address except the ones you configured come to your switch, switch disable that port.

Do the following step.

1- find your Laptop Mac-address

2- interface g0/10   [ Only for PC and server)
switchport mode access
 switchport port-security
switchport port-security mac-address 001b.d41b.a4d8  (your laptop mac address)
switchport port-security maximum 1

Now, if you attach any other PC or laptop, switch shuts port g0/10

Try with one interface at the first.

Masoud

Your all client are attached to that switch by ethernet cable? You have only LAN client?

Do you have any other clients like dial up wireless, DSL?

All of your clients have the IP of address of 10.10.x.x?

Masoud

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers