cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8124
Views
0
Helpful
8
Replies

Connect a WAN port to the switch

Tiago Reis
Level 1
Level 1

Hello,

I'm having a problem that maybe someone can help me.

I need to connect a cisco 881 (wan port) to a firewall but between both devices I have a switch.

Resuming: Cisco881 (WAN port) -> switch -> firewall.

On my wan por I have:

interface FastEthernet4
ip address 10.12.5.1 255.255.255.0
ip helper-address 10.12.2.1
duplex auto
speed auto
!

But now I cannot ping the pcs connected to the switch, they are also in network 10.12.5...

What can I do to put this working...?

Any help?

Thks

8 Replies 8

cadet alain
VIP Alumni
VIP Alumni

Hi,

where are located these PCs? where is the dhcp server? Are these pc getting ip address via dhcp?

Can you post running of router and switch.

Regards.

Alain.

Don't forget to rate helpful posts.

mrdogantr
Level 1
Level 1

Hi,

     i think your switch dont know your local nw, change default gw on the switch or use nat for switch's ip.

hth

Muammer

Thanks for your fast reply.

The pcs are connected to the switchs, and are getting ip address through DHCP server that is also a pc connected to that switchs.

The switch doesn't have configuration, is a trendet that have just one vlan, you cannot configure it.

When I had the switch directly connected to the firewall it works fine.

But now I need to create a vpn so I put the Cisco (wan port) connected to the switch (I think that I not explain very well at the beginning, the cisco is not between both devices).

The fastethernet ports (0 to 3) are used in a different network, worknig fine (vlan 7)

ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FCZ1451C4GH
!
!
!
!
!
interface FastEthernet0
switchport access vlan 7
!
interface FastEthernet1
switchport access vlan 7
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 10.12.5.1 255.255.255.0
ip helper-address 10.12.2.1
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan7
ip address 10.12.7.1 255.255.255.0
!
ip default-gateway 10.12.5.254
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip default-network 10.12.5.0
ip route 10.12.5.0 255.255.255.0 FastEthernet4
!
!
!
control-plane
!
!
scheduler max-task-time 5000
end

spremkumar
Level 9
Level 9

Hi Tiago

do you have the pcs behind the firewall? do you have all the devices under same vlan if you are connected all of them on the switch?

regds

All the pcs are in the same segment, at this case we can forget the firewall, the problem is

that from cisco I cannot ping the pcs that are in the same switch than the cisco wan port.

There are any problem of connect a wan port to a switch?

Everything seems fine with the port:

Cisco# sh interfaces fastEthernet 4
FastEthernet4 is up, line protocol is up
  Hardware is PQII_PRO_UEC, address is e05f.b915.801a (bia e05f.b915.801a)
  Internet address is 10.12.5.1/24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:10, output 00:00:10, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     379 packets input, 40545 bytes
     Received 162 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     198 packets output, 36538 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Friends,

I found the solution, it was something very weird, it was the first time that I found this problem.

In my troubleshooting procedure, I try to configure the loopback on that interface and...

***************************************************************************************************************************************

Cisco(config-if)#loopback
Loopback is a traffic-affecting operation
Cisco(config-if)#no loopback
Cisco(config-if)#exit
Cisco(config)#do ping
*Jan 25 14:07:30.675: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to up
*Jan 25 14:07:31.675: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up
Cisco(config)#do ping 10.12.5.25

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.12.5.25, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
Cisco(config)#
*Jan 25 14:07:37.963: ICMP: echo reply rcvd, src 10.12.5.25, dst 10.12.5.1, topology BASE, dscp 0 topoid 0
*Jan 25 14:07:37.963: ICMP: echo reply rcvd, src 10.12.5.25, dst 10.12.5.1, topology BASE, dscp 0 topoid 0
*Jan 25 14:07:37.963: ICMP: echo reply rcvd, src 10.12.5.25, dst 10.12.5.1, topology BASE, dscp 0 topoid 0
*Jan 25 14:07:37.963: ICMP: echo reply rcvd, src 10.12.5.25, dst 10.12.5.1, topology BASE, dscp 0 topoid 0
Cisco(config)#do ping 10.12.5.25

***************************************************************************************************************************************

Very very strange...

Thanks for your help

Hi,

Why did you want to use the loopback feature on the interface?

You wanted to use a loopback interface, I suppose which is not the same

loopback (interface)

To diagnose equipment malfunctions between the interface and device, use the loopback command in interface configuration mode. To disable the test, use the no form of this command.

taken from here http://www.cisco.com/en/US/docs/ios/12_2/interface/command/reference/irfinter.html#wp1018171

Regards.

Alain.

Don't forget to rate helpful posts.

I didn't want to use the loopback feature, it seems that the loopback feature was already active on that interface. But it's strange because the sh inter fast 4 don't shows loopback configured.

For lucky I remember to test the interface with the loopback, and when I did the "no loopback" command it works...

Review Cisco Networking for a $25 gift card