10-23-2012 03:38 AM - edited 03-07-2019 09:37 AM
Hye All,
I have a Cisco 1841 router connected to a Cisco 2960 switch.
Users behind the router can't access the internet but when someone
is directly connected to the switch with his PC and uses the IP Address
found on the WAN port of the router, he's able to go on to the internet.
Cisco SW Port Config
interface FastEthernet0/20
switchport access vlan 50
switchport mode access
speed 100
duplex full
Cisco RTR WAN Port Config
int fa 0/0
ip addr 10.20.30.2 255.255.255.252
ip nat outside
ip vitual-reassembly
speed auto
full duplex
traffic-shape rate 1500000 36000 36000 1000
All help will be welcome thanks.
10-23-2012 03:42 AM
Hello Damdjo,
Can you please post the entire configuratio of the router? The current configuration snippet is too small to diagnose the issue.
Also, do I understand you correctly that the network looks like this?
Users ---> Router ---> Switch ---> Internet
Best regards,
Peter
10-23-2012 04:07 AM
no aaa new-model
!
ip dhcp excluded-address 20.20.1.100 20.20.1.254
!
ip dhcp pool LAN
network 20.20.1.0 255.255.255.0
default-router 20.20.1.254
dns-server 20.1.0.201
lease 3
!
!
!
interface Tunnel0
ip address 30.3.62.154 255.255.255.248
ip ospf network point-to-point
ip ospf cost 100
tunnel source FastEthernet0/0
tunnel destination 60.161.15.19
tunnel mode ipip
!
interface FastEthernet0/0
ip address 42.93.226.2 255.255.255.252
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
traffic-shape rate 150000 3600 3600 1000
!
interface FastEthernet0/1
ip address 20.20.1.254 255.255.255.0
ip virtual-reassembly
ip ospf network broadcast
ip nat inside
ip access_group dz_in in
speed 10
full-duplex
!
router ospf 10
log-adjacency-changes
passive-interface FastEthernet0/0
network 20.10.42.12 0.0.0.7 area 5
network 20.20.1.0 0.0.0.255 area 5
!
ip classless
ip route 0.0.0.0 0.0.0.0 42.93.226.1
!
no ip http server
no ip http secure-server
ip nat inside source list nat_in interface FastEthernet0/0 overload
!
10-23-2012 04:08 AM
Hye Peter,
Yes, the network is described as such.
10-23-2012 03:47 AM
Hi,
Work around purpose, you can remove switchport access vlan 50 or the vlan by which internet can be accessed via cisco 2960.
As per your post your network would like some thing like this.
Internet--->Cisco2960--->Router 1841---->cisco/non cisco switch-------->users
Please post the full config of the devices removing sensitive areas(ex passwords and your actual wan ip)
Please rate helpful posts
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide