cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5079
Views
0
Helpful
14
Replies

Can a Catalyst 2950 switch be connect to a Cisco 1841 router to distribute internet?

I have a small wireless isp. I have been trying to connect a catalyst 2950 switch to a cisco 1841 router which is connected to a t1 line. It is a managed router from my t1 provider. The 1841 has a static ip of 12.xxx.xxx.129  255.255.255.128 and a lan range of 12.xxx.xxx.128 -255. I can't change any of this.  What I am trying to do is connect the 2950 to the 1841 and then connect 4 access points to the 2950. the access points are outside on a 140 ft. tower. I am using 192.168.0.20 ,21 ,22 ,23     255.255.255.0 for the ip range for the access points. The customer equipment is in the 192.168.0.30 -255  255.255.255.0 range. I only have 20 customers so far. I have not been able to configure the 2950 to receive internet from the 1841. What I have done is connect a $49 belkin home router between the two. Cable from fe0/0 on the 1841 goes to the wan port on the belkin, and cable from any switch port on belkin going to any port on 2150. Internet will work then, but during times of heavy traffic the belkin will bog down. I have read all I can on Cisco vlan and intervlan routing, trunk ports, etc., but I'm missing something somewhere. I don't need anything really complicated, just getting internet to 2950. If someone could send me a configuration as how to do this, I would really appreciate it. Thanks, Ed (System Administrator and only unpaid employee at Rural Wireless)

1 Accepted Solution

Accepted Solutions

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

The reason you are not able to get internet on 2950 is because you are using private address space for your customers and you do not have any device that performs NAT operations on your outgoing traffic. What you need is a router (or if you can gain access to your ISP router, that is fine too as the 2950 cannot perform NAT operations) so that you can convert the private address (192.168.x.x range) to one of the public IP's when you go to internet. The belkin device performs exactly the same operation for you. As long as you can get a router (even a 800 series router would work), you can get it going. The other option is for you to talk to your ISP and have them configure NAT for your internal subnets.

Hope this helps.

Regards,

NT

View solution in original post

14 Replies 14

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

The reason you are not able to get internet on 2950 is because you are using private address space for your customers and you do not have any device that performs NAT operations on your outgoing traffic. What you need is a router (or if you can gain access to your ISP router, that is fine too as the 2950 cannot perform NAT operations) so that you can convert the private address (192.168.x.x range) to one of the public IP's when you go to internet. The belkin device performs exactly the same operation for you. As long as you can get a router (even a 800 series router would work), you can get it going. The other option is for you to talk to your ISP and have them configure NAT for your internal subnets.

Hope this helps.

Regards,

NT

Hi,

Using the web interface to configure the cisco 2950 there is a place to assign various port functions. They call it smartports. One of these smartports is "router", another is "switch".  Could one port be configured as a router using smart ports and bypass the belkin home router I am currently using? If so, should this router smartport be assigned to a different vlan?  I have tried so many combinations that I am not sure of what to do. Maybe as you say the 2950 won't work at all. Thanks for your help, Ed

Hello,

Smart ports configuration is limited to the switch port functionality i.e.

it will tell the switch what kind of device is connected to that port. When

you say that the port type is router, the switch will put a standard

configuration (based on Macro) into that port that will optimize that port

functionality for a router. In order for you to achieve what you are looking

for, you do need a Layer 3 device that can do both routing as well as NAT.

Hope this helps.

Regards,

NT

I see now. Do you have any recommendations on what type of switch would work. I see a lot of these unmanaged switches for sale, i.e. linksys, netgear, d-link, etc.Would that be the most cost effective way to go? I would preferr to get a used cisco if possible. I don't have a large budget right now. I have been building this out of pocket as I go. Thanks again.

Hello,

While you can pick devices like Linksys/netgear/dlink for this project, I am

not sure if they will support multiple public IP addresses. Also, they may

not be an ideal fit when your traffic increases (during peak time). So, I

would suggest using even an older router (2600 series or 3600 series) which

would work for this project. Some of these devices (1721 router/2621

router/PIX 515) are available for about $250.00.

Hope this helps.

Regards,

NT

I'll look around on ebay to see what I can find in that line of routers. I do appreciate your help. I've been working on this for a couple of weeks now and I had just about come to the conclusion that what I was trying to do with the equipment I have was not going to work. Again, many thanks. I'll post to let you know what I find and how it works out. Ed

Hello Ed,

No problems. All the best.

Regards,

NT

Your actually better off getting a firewall then a router, in the type of topology you are setting up. It will  provide a level of security to your clients from external networks. A Firewalls will fill the gap that is required in your situation and at the ingress/egress point where you replacing your 2950.

And of course I shouldn't have to mention this but firewalls provide Nat support. Since this is a cisco forum in your case I would recommend the

ASA 5505 it comes with 8 port 10/100 switch with 2 Power over Ethernet (PoE) ports. you can assing one of the 8 ports to the outside and the rest to the inside.

Hi,  I looked at some ASA5505 on ebay. I see some have a ten user license, some a fifty user. I'm unsure what this means. My intention is to have about 200 customers when I get all the bugs worked out of this system.I afraid my knowledge of cisco products is rudimentary. A machine with a ten user license, will it handle 200 customers? Thanks

That's just the amount of ssl vpn licenses. That's the amount of users that could establish ssl vpn connections to the asa firewall. the asa can do 10,000 connections and 20,000 connections if you get the security plus license. I recommend purchasing the security plus license with your asa . Btw u don't need to do ssl vpn's. You can be just fine with ipsec vpn's

Hello,

The user license specifies the number of users who can access the internet

through the firewall at any given point of time. If you are looking at 200+

users, I would suggest you going for a Security Plus license which will

allow unlimited users.

Hope this helps.

Regards,

NT

Nt is correct. Don't know why but I swear u had asked about ssl user licenses. I guess my mind decided to make that part up. Yes the 10 user license bundle only allows u to connect 10 users at a time and 10 ipsec vpn conections. Its still allows upto 10,000 connections on the fw. Regardless as I mentioned before you should get the sec+ license. Gives unlimited users and supports upto 20,000 connections and allows you to enable more than 2 ports. E.g. U can configure a outside, inside and dmz etc...

Thanks nt for clearing that up !

Sorry for such a delayed reply. As an update, I got AT&T, who is my service provider to enable NAT and DHCP server in the 1841 router. I was then able to remove the home belkin router from the system. The systems seems to run a lot smoother now. I'm not sure that this is the best way to go. I don't know how much of a load the router can handle, but it is a solution for now.

Thanks to all for your input, Ed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: