Config for PIX 515E:-

Boon Keat Gan · ‎12-19-2011

Hi,

I am creating a public segment for Guest wireless and Video Conferencing equipment would allow external client using it.

As you can see from the diagram below, the connection from Cisco Router 881 to internet and PIX 515E to Cisco 881 are working fine. I can surf internet by direct plug in to the Router or PIX.

The issues encountered are that I was unable to surf to internet by plug in the Computer to Cisco Switch 2960.

The Cisco Switch 2960 are set to VLAN 90 and assigned to the remaining 24 ports. As we need to plug in Wireless AP to this switch the VLAN setting is a must.

If I change the port to trunk, it was able to surf the internet. So, it must be something to do with the VLAN and routing.

Appreciate if anyone can advise or tell me what is wrong with the setup. Thank you.

Config for CIsco 881:-

interface FastEthernet0

description Public LAN Segment

switchport access vlan 95

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address 203.125.1.2 255.255.255.252

duplex full

speed 100

traffic-shape rate 20480000 1280000 1280000 1000

!

interface Vlan1

no ip address

!

interface Vlan95

ip address 203.125.2.2 255.255.255.240

!

ip route 0.0.0.0 0.0.0.0 203.125.1.1

!

access-list 101 permit ip any any

!

Config for PIX 515E:-

interface Ethernet0

nameif Internet

security-level 0

ip address 203.125.2.1 255.255.255.240

!

interface Ethernet1

nameif Internal

security-level 90

ip address 192.168.1.254 255.255.255.0

!

access-list 101 extended permit ip any any

global (Internet) 1 interface

nat (Internal) 1 192.168.1.0 255.255.255.0

access-group 101 in interface Internal

route Internet 0.0.0.0 0.0.0.0 203.125.28.174 1

!

Cisco 2960 Config:-

!

interface FastEthernet0/1

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/2

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/3

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/4

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/5

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/6

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/7

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/8

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/9

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/10

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/11

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/12

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/13

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/14

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/15

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/16

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/17

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/18

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/19

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/20

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/21

switchport access vlan 90

switchport mode trunk

!

interface FastEthernet0/22

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/23

switchport access vlan 90

spanning-tree portfast

!

interface FastEthernet0/24

switchport access vlan 90

spanning-tree portfast

!

interface GigabitEthernet0/1

switchport mode trunk

!

interface GigabitEthernet0/2

switchport mode trunk

!

interface Vlan1

no ip address

shutdown

!

interface Vlan90

ip address 192.168.1.253 255.255.255.0

!

ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 192.168.1.254

Latchum Naidu · ‎12-19-2011

Hi Boon,

See the below thred will help you.
https://supportforums.cisco.com/message/3267751#3267751

Please rate the helpfull posts.
Regards,
Naidu.

Boon Keat Gan · ‎12-20-2011

Thanks for the useful information.

I have resolve my problem.

It is due to vlan.dat file. Delete it away and everything resolve. Thanks!

Setting up Public Internet Segment - Issues with VLAN

Config for CIsco 881:-

Config for PIX 515E:-

Cisco 2960 Config:-