Can a Catalyst 2950 switch be connect to a Cisco 1841 router to distribute internet?

Answered Question
Jul 30th, 2010

I have a small wireless isp. I have been trying to connect a catalyst 2950 switch to a cisco 1841 router which is connected to a t1 line. It is a managed router from my t1 provider. The 1841 has a static ip of 12.xxx.xxx.129  255.255.255.128 and a lan range of 12.xxx.xxx.128 -255. I can't change any of this.  What I am trying to do is connect the 2950 to the 1841 and then connect 4 access points to the 2950. the access points are outside on a 140 ft. tower. I am using 192.168.0.20 ,21 ,22 ,23     255.255.255.0 for the ip range for the access points. The customer equipment is in the 192.168.0.30 -255  255.255.255.0 range. I only have 20 customers so far. I have not been able to configure the 2950 to receive internet from the 1841. What I have done is connect a $49 belkin home router between the two. Cable from fe0/0 on the 1841 goes to the wan port on the belkin, and cable from any switch port on belkin going to any port on 2150. Internet will work then, but during times of heavy traffic the belkin will bog down. I have read all I can on Cisco vlan and intervlan routing, trunk ports, etc., but I'm missing something somewhere. I don't need anything really complicated, just getting internet to 2950. If someone could send me a configuration as how to do this, I would really appreciate it. Thanks, Ed (System Administrator and only unpaid employee at Rural Wireless)

I have this problem too.
0 votes
Correct Answer by Nagaraja Thanthry about 6 years 4 months ago

Hello,

The reason you are not able to get internet on 2950 is because you are using private address space for your customers and you do not have any device that performs NAT operations on your outgoing traffic. What you need is a router (or if you can gain access to your ISP router, that is fine too as the 2950 cannot perform NAT operations) so that you can convert the private address (192.168.x.x range) to one of the public IP's when you go to internet. The belkin device performs exactly the same operation for you. As long as you can get a router (even a 800 series router would work), you can get it going. The other option is for you to talk to your ISP and have them configure NAT for your internal subnets.

Hope this helps.

Regards,

NT

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Nagaraja Thanthry Sat, 07/31/2010 - 01:02

Hello,

The reason you are not able to get internet on 2950 is because you are using private address space for your customers and you do not have any device that performs NAT operations on your outgoing traffic. What you need is a router (or if you can gain access to your ISP router, that is fine too as the 2950 cannot perform NAT operations) so that you can convert the private address (192.168.x.x range) to one of the public IP's when you go to internet. The belkin device performs exactly the same operation for you. As long as you can get a router (even a 800 series router would work), you can get it going. The other option is for you to talk to your ISP and have them configure NAT for your internal subnets.

Hope this helps.

Regards,

NT

ruralwirelessnetwork Sat, 07/31/2010 - 12:46

Hi,

Using the web interface to configure the cisco 2950 there is a place to assign various port functions. They call it smartports. One of these smartports is "router", another is "switch".  Could one port be configured as a router using smart ports and bypass the belkin home router I am currently using? If so, should this router smartport be assigned to a different vlan?  I have tried so many combinations that I am not sure of what to do. Maybe as you say the 2950 won't work at all. Thanks for your help, Ed

Nagaraja Thanthry Sat, 07/31/2010 - 13:05

Hello,

Smart ports configuration is limited to the switch port functionality i.e.

it will tell the switch what kind of device is connected to that port. When

you say that the port type is router, the switch will put a standard

configuration (based on Macro) into that port that will optimize that port

functionality for a router. In order for you to achieve what you are looking

for, you do need a Layer 3 device that can do both routing as well as NAT.

Hope this helps.

Regards,

NT

ruralwirelessnetwork Sat, 07/31/2010 - 13:12

I see now. Do you have any recommendations on what type of switch would work. I see a lot of these unmanaged switches for sale, i.e. linksys, netgear, d-link, etc.Would that be the most cost effective way to go? I would preferr to get a used cisco if possible. I don't have a large budget right now. I have been building this out of pocket as I go. Thanks again.

Nagaraja Thanthry Sat, 07/31/2010 - 13:27

Hello,

While you can pick devices like Linksys/netgear/dlink for this project, I am

not sure if they will support multiple public IP addresses. Also, they may

not be an ideal fit when your traffic increases (during peak time). So, I

would suggest using even an older router (2600 series or 3600 series) which

would work for this project. Some of these devices (1721 router/2621

router/PIX 515) are available for about $250.00.

Hope this helps.

Regards,

NT

ruralwirelessnetwork Sat, 07/31/2010 - 17:56

I'll look around on ebay to see what I can find in that line of routers. I do appreciate your help. I've been working on this for a couple of weeks now and I had just about come to the conclusion that what I was trying to do with the equipment I have was not going to work. Again, many thanks. I'll post to let you know what I find and how it works out. Ed

jean.moncada Sat, 07/31/2010 - 22:18

Your actually better off getting a firewall then a router, in the type of topology you are setting up. It will  provide a level of security to your clients from external networks. A Firewalls will fill the gap that is required in your situation and at the ingress/egress point where you replacing your 2950.

jean.moncada Sat, 07/31/2010 - 22:28

And of course I shouldn't have to mention this but firewalls provide Nat support. Since this is a cisco forum in your case I would recommend the

ASA 5505 it comes with 8 port 10/100 switch with 2 Power over Ethernet (PoE) ports. you can assing one of the 8 ports to the outside and the rest to the inside.

ruralwirelessnetwork Sun, 08/01/2010 - 08:54

Hi,  I looked at some ASA5505 on ebay. I see some have a ten user license, some a fifty user. I'm unsure what this means. My intention is to have about 200 customers when I get all the bugs worked out of this system.I afraid my knowledge of cisco products is rudimentary. A machine with a ten user license, will it handle 200 customers? Thanks

jean.moncada Sun, 08/01/2010 - 09:14

That's just the amount of ssl vpn licenses. That's the amount of users that could establish ssl vpn connections to the asa firewall. the asa can do 10,000 connections and 20,000 connections if you get the security plus license. I recommend purchasing the security plus license with your asa . Btw u don't need to do ssl vpn's. You can be just fine with ipsec vpn's

Nagaraja Thanthry Sun, 08/01/2010 - 10:16

Hello,

The user license specifies the number of users who can access the internet

through the firewall at any given point of time. If you are looking at 200+

users, I would suggest you going for a Security Plus license which will

allow unlimited users.

Hope this helps.

Regards,

NT

jean.moncada Sun, 08/01/2010 - 10:43

Nt is correct. Don't know why but I swear u had asked about ssl user licenses. I guess my mind decided to make that part up. Yes the 10 user license bundle only allows u to connect 10 users at a time and 10 ipsec vpn conections. Its still allows upto 10,000 connections on the fw. Regardless as I mentioned before you should get the sec+ license. Gives unlimited users and supports upto 20,000 connections and allows you to enable more than 2 ports. E.g. U can configure a outside, inside and dmz etc...

Thanks nt for clearing that up !

ruralwirelessnetwork Mon, 08/16/2010 - 23:52

Sorry for such a delayed reply. As an update, I got AT&T, who is my service provider to enable NAT and DHCP server in the 1841 router. I was then able to remove the home belkin router from the system. The systems seems to run a lot smoother now. I'm not sure that this is the best way to go. I don't know how much of a load the router can handle, but it is a solution for now.

Thanks to all for your input, Ed

Actions

This Discussion