Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
847
Views
0
Helpful
8
Replies

Optimum Modem with Cisco 2960x

sunriz110
Level 1
Level 1

‎03-24-2021 12:41 PM

Hi All

I just got one Cisco 2960x switch & 2 Fortinet 80E firewalls from my work for learning purpose. I want to setup HA using two Fortinet 80E's. I can figure out HA part but where i am stuck right now is connecting Optimum TM1602 ISP modem to Cisco 2960. Here is my current working setup at home.

Optimum Modem-->Connected to one Fortinet 80E (port1) --> Two routers (A & B) connected to Fortinet 80E Firewall (Port 11,12)

both routers working fine and no issues.

 

Now i want to bring in Cisco 2960, i want to configure it to one Fortinet 80E firewall first and then will configure with second one.

Here is the end configuration that i want.

Optimum Modem--->Cisco 2960 switch-->Fortinet 80E Firewall--> Both Routers

 

steps taken so far but non of the router gets internet, nor my PC get internet if connected via NIC to Switch (Ethernet cable)

1. Factory reset Cisco 2960

2. enabled VLAN 1

3. unplugged Modem cable from Firewall Port1 & connected it to switch port24.

4. Connected a cable from Switch Port 1 to Firewall Port1

 

Since Cisco 2960 is factory reset and working is dumb switch i though it will pass internet from Modem to any other device , in this example Firewall 80E, connected to any port of the switch but it seems it is not happening. Even if i plug in any router to the switch available ports router does not get any internet.

 

Any suggestions please ?

Thanks in advance.

Labels:
0 Helpful
8 Replies 8

sunriz110
Level 1
Level 1

‎03-24-2021 12:47 PM

On a side note, this Optimum Cable Modem Arris TM1602 is owned by optimum. I do not have full control on this so i cannot make any advance changes to it.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎03-24-2021 01:34 PM 

Optimum Modem-->Connected to one Fortinet 80E (port1) --> Two routers (A & B) connected to Fortinet 80E Firewall (Port 11,12)

how is your second Fortinet connected to the modem ? have you tried to fail over to FW1 to FW2 is this works?

 

how is your internet network connected ? for now any dumb switch?(your Lan side).

 

below setup works but you need to create 2 VLAN inside and outside.

 

Optimum Modem--->Cisco 2960 switch-->Fortinet 80E Firewall--> Both Routers

 

Example : 

 

Switch act as Layer 2 Only

 

VLAN 10  - connected ISP Modem example port 24

VLAN 10 - Connect your FW1 outside interface port 23

VLAN 10 - Connect your FW2 outside interface port 22

 

VLAN 20 - Connect your FW1 inside interface port 21  - this where you Lan segment

VLAN 20 - Connect your FW2 inside interface port 20  - this where you Lan segment

 

in this way, it should work as expected.

 

make a small diagram for your reference it is easy to build and understand.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

sunriz110
Level 1
Level 1
In response to balaji.bandi

‎03-24-2021 01:56 PM

thanks for your reply.

As i mentioned in my post, i am not using second firewall yet. I am going step by step. In my current configuration

(ISP Modem-->FW1-->Routers A & B) are connected and working fine. First in my current configuration i just want to add Cisco 2960 switch after Modem so it will be (ISP Modem-->Cisco Switch-->FW1-->Router A & B) & that's where i am stuck

 

Once this work successfully then i will proceed with (ISP Modem-->Cisco Switch-->FW1 & 2---> Router A & B). Adding diagram as well to further clarify.

What you suggested is configure it via VLAN's. Can't Cisco 2960 work as a dumb switch and just pass the internet from Modem to Firewall ?

 

Preview file
59 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to sunriz110

‎03-24-2021 02:15 PM

As per the original setup, the FW is a Routed port (Means Laye3), not Layer 2, so we are not sure how the ISP Modem work here when you connect to switch.

 

What you suggested is configure it via VLAN's. Can't Cisco 2960 work as a dumb switch and just pass the internet from Modem to Firewall ?

it should work, if that was working we are not having a conversation here, so we need to see what Logs says on the Switch port when you connect ISP Modem to Switch and FW, 

 

here i do the steps : ( just based on experience, may not work but need to try)

 

1. when you connect the modem to switch, is the switch port come up, what you see logs ?

2. when you connect to FW to switch, is the port come up, what you see the logs ?

3. is the FW getting IP DHCP from ISP or static ? if static, from FW can you able to ping ISP ?

 

try - 

config the switch port -  

 

interface Gi 0/24    -- change the port number where you connecting to ISP modem
switchport access vlan 1
switchport mode access
spanning-tree portfast

 

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

sunriz110
Level 1
Level 1
In response to balaji.bandi

‎03-25-2021 01:20 PM

Thanks for your reply. Tried that already befo

interface GigabitEthernet1/0/24
description "ISP Links"
switchport access vlan 2
switchport mode access
spanning-tree portfast edge

 

interface GigabitEthernet1/0/1
description "ISP Links"
switchport access vlan 2
switchport mode access

spanning-tree portfast edge


I am pretty sure it is ISP modem because it assigns 1 public IP to 1 device only so when i plug in the switch it cannot assign public DHCP to it. Switch itself is working fine as i have tested it through router and FW. Will check with ISP if they can do something.
But thank you so much for your input.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to sunriz110

‎03-25-2021 02:13 PM

yes good to contact ISP and explain what you intend to do, so they can guide you best.

 

as per description, ISP expects a device with DHCP request with MAC address, 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Georg Pauwen
VIP
VIP

‎03-26-2021 02:01 AM

Hello,

 

I haven't followed the entire thread, so maybe I am missing something that has already been discussed, but typically, the ISP modems dish out private space IP addresses to anything connected to them. If you put the switch (with all default settings) between the ISP modem and the Fortinet, and set the Fortinet interface to DHCP, does that interface get an IP address from the modem ?

0 Helpful

sunriz110
Level 1
Level 1
In response to Georg Pauwen

‎03-26-2021 06:56 AM

Hi George
thanks for your reply.
No, fortigate does not get IP when connected to switch.
Fortigate interface (currently connected to Modem) is already on DHCP & it
get IP without any issue. Cisco 2960 is on factory default settings and
VLAN1 is up so when i connect modem to switch and fortigate to switch ,
fortigate does not get any IP. Even if i plug in router instead of
fortigate, even router don't get no IP.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card