05-15-2007 05:39 AM - edited 03-05-2019 04:04 PM
I inherited the job of manageing a Cisco Catalyst 2900 Series XL switch. Here is what I wanted to do. We have 15 computers. Of the 15 computers, one is the domain server. I want to get all 15 computers to be able to access the Internet through the switch but using only one public IP which is through the domain server. The other 14 computers will have a private IP address.
1. Does it matter which port I plug the ethernet cable that goes out to the Internet to?
2. How do I configure the port that connects to the Internet to allow all computers to access the Internet?
3. Do I have to configure all 15 ports individually so that it is able to access the Internet? If so, how?
Many thanks in advance.
Solved! Go to Solution.
05-17-2007 07:17 AM
Ok.... I am assuming that you are NOT using VLAN 100 for anything? If so, go back into config mode and paste this in:
interface FastEthernet0/1
duplex full
speed 100
no switchport access vlan 100
!
interface FastEthernet0/2
no switchport access vlan 100
!
interface FastEthernet0/3
no switchport access vlan 100
!
interface FastEthernet0/4
no switchport access vlan 100
!
interface FastEthernet0/5
no switchport access vlan 100
!
interface FastEthernet0/6
no switchport access vlan 100
!
interface FastEthernet0/7
no switchport access vlan 100
!
interface FastEthernet0/8
no switchport access vlan 100
!
interface FastEthernet0/9
no switchport access vlan 100
!
interface FastEthernet0/10
no switchport access vlan 100
!
interface FastEthernet0/11
no switchport access vlan 100
!
interface FastEthernet0/12
no switchport access vlan 100
!
interface FastEthernet0/13
no switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/14
no switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/15
no switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/16
no switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/17
spanning-tree portfast
!
interface FastEthernet0/18
spanning-tree portfast
!
interface FastEthernet0/19
spanning-tree portfast
!
interface FastEthernet0/20
spanning-tree portfast
!
interface FastEthernet0/21
spanning-tree portfast
!
interface FastEthernet0/22
spanning-tree portfast
!
interface FastEthernet0/23
no switchport trunk encapsulation dot1q
no switchport mode multi
spanning-tree portfast
!
interface FastEthernet0/24
spanning-tree portfast
Also, add the ip default-gateway statement, using the next-hop address.
Then try to get access to the internet. You can plug the ethernet cable to the internet in any port - they're all configured the same now.
If it works, save the config.
HTH,
Paul
05-15-2007 10:50 AM
Hi-
You don't need to do anything to your switch. The 2900 is a layer 2 switch meaning that IP addresses don't mean anything to it - it only cares about MAC addresses which don't effect you in this situation.
I'm not sure as to your topology - a diagram would be helpful (i.e. what is your domain server connected to? Is there a firewall in the picture? A router?)
Long story short, the switch doesn't need to be configured at all. As for the rest of your network...
HTH,
Paul
05-16-2007 09:40 AM
Thanks for the response. Our network topology as I understand it is quite simple. In this room we have a switch, the one I'm asking for help. There are 15 computers connected to this switch. From this switch, it goes out to another switch in the building and from this building switch it goes out to the head quarter domain controler and from there I don't know. As far as my concern goes, I only have to manage the switch in our room.
So here's what I did. I plug in the ethernet cable coming from the switch in the building into one of the available ports in our room switch but none of the computers can access the Internet. So then I think there must be something in the switch that I need to allow so all the computers connecting to our switch can see access the Internet. But I don't know how to go about trouble shooting that or configuring that.
05-16-2007 11:03 AM
Hi-
It is doubtful that the switch is actually blocking anything. That would require port security and I doubt that that's the culprit here.
Do you know if this company is using DHCP? Do the pcs have addresses? Can they ping each other? Can they ping the PDC? Does the PDC have internet access?
These are all things that need to be checked.
HTH,
Paul
p.s., post the switch config just in case...
05-16-2007 11:18 AM
Here's the situation. All the 14 computers recieved their IP address from our personal domain controller, not from the head quarter DC. When the ethernet cable is plugged into, say port 18, none of the computers can access the Intenert; however, all computers can ping each other and the whole works except Internet access. Okay, so since it does not work, I put in another NIC into our DC and hook the ethernet cable to that second NIC and configure a Routing and Remote Access on our DC server. This temporary solution allows all our computers to access the Internet. But now, what I wanted to do is instead of the ethernet cable goes to the second NIC of the DC server, it goes into the switch. Currently our DC server receives a static IP from the headquarter DC server.
05-16-2007 11:54 AM
Ok.... You say that they can ping each other and "the whole works" -does this mean that they can ping the DC in the other building or not?
I need to see your switch config. Can you post?
05-16-2007 12:35 PM
Yes, right now all the computers, through the Routing and Remote Access, all the computers can ping each other as well as any computer on other network. But again, I don't want to use the Routing and Remote Access anymore. If I unplug the ethernet cable from the second NIC in our DC server and plug it in port 18, nothing would work. The only thing would work is all the 14 clients plus the DC server would be able to communicate with each other but cannot ping any computer out of the switch or other network.
How do I print out the switch config?
05-16-2007 12:47 PM
Do you know how to connect to the console port of the switch? Here is a link to a guide on how to initially config a 2900 series switch:
If you do not have the password you will have to do password recovery:
HTH,
Paul
05-16-2007 03:06 PM
You may need to configure the default ip gateway on the switch. From config mode the command is " ip default-gateway X.X.X.X " where X is the next hop router
05-17-2007 04:37 AM
I know how to get in and I do have the password. You said you like to see the configuration...and I just needed to do that so I can post the configuration page here.
05-17-2007 06:33 AM
Hi-
Go to enable mode and do a 'sh run' - copy the text (You can capture it if you're using HyperTerm) and post it here.
Btw, the previous poster was correct - you may simply need to put in a default gateway.
Paul
05-17-2007 07:05 AM
Okay, here's the configuration page. Keep in my mind that I have not plug in the ethernet cable that goes out to the Internet in any of the port in the switch. The ethernet cable is still connected in the second NIC of the DC server that runs the routing and remote access service.
sh run
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname myRoomSwitch
!
enable secret 5 $1$3gd1$FJEVk0KfNQV
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
duplex half
speed 10
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/2
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/3
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/4
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/5
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/6
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/7
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/8
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/9
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/10
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/11
duplex full
speed 100
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/13
duplex full
speed 100
switchport access vlan 100
!
interface FastEthernet0/14
switchport access vlan 100
!
interface FastEthernet0/15
switchport access vlan 100
!
interface FastEthernet0/16
duplex full
speed 100
switchport access vlan 100
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
duplex full
speed 100
switchport trunk encapsulation dot1q
switchport mode multi
!
interface FastEthernet0/24
!
interface VLAN1
no ip directed-broadcast
no ip route-cache
!
!
line con 0
password myPassword
login
transport input none
stopbits 1
line vty 0 4
password myPassword
login
line vty 5 15
password myPassword
login
!
end
Questions are, what port I should connect the ethernet cable that goes out to the Internet to? What are my next steps to get the switch to allow all computers to access the Internet once I plugged in the Internet ethernet cable to the switch's port?
Yes, I will consider the previous poster's suggestion too.
05-17-2007 07:17 AM
Ok.... I am assuming that you are NOT using VLAN 100 for anything? If so, go back into config mode and paste this in:
interface FastEthernet0/1
duplex full
speed 100
no switchport access vlan 100
!
interface FastEthernet0/2
no switchport access vlan 100
!
interface FastEthernet0/3
no switchport access vlan 100
!
interface FastEthernet0/4
no switchport access vlan 100
!
interface FastEthernet0/5
no switchport access vlan 100
!
interface FastEthernet0/6
no switchport access vlan 100
!
interface FastEthernet0/7
no switchport access vlan 100
!
interface FastEthernet0/8
no switchport access vlan 100
!
interface FastEthernet0/9
no switchport access vlan 100
!
interface FastEthernet0/10
no switchport access vlan 100
!
interface FastEthernet0/11
no switchport access vlan 100
!
interface FastEthernet0/12
no switchport access vlan 100
!
interface FastEthernet0/13
no switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/14
no switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/15
no switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/16
no switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/17
spanning-tree portfast
!
interface FastEthernet0/18
spanning-tree portfast
!
interface FastEthernet0/19
spanning-tree portfast
!
interface FastEthernet0/20
spanning-tree portfast
!
interface FastEthernet0/21
spanning-tree portfast
!
interface FastEthernet0/22
spanning-tree portfast
!
interface FastEthernet0/23
no switchport trunk encapsulation dot1q
no switchport mode multi
spanning-tree portfast
!
interface FastEthernet0/24
spanning-tree portfast
Also, add the ip default-gateway statement, using the next-hop address.
Then try to get access to the internet. You can plug the ethernet cable to the internet in any port - they're all configured the same now.
If it works, save the config.
HTH,
Paul
05-17-2007 07:27 AM
Okay, before I pasted this in and test the switch, should I disabled the Routing and Remote Access service and plug in the Internet ethernet cable to the switch port?
05-17-2007 08:27 AM
Yes. Go ahead and do that.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: