OK, I feel like a complete prat, but I've been here for close to 15 hours now, and I can't see straight.
Here's the deal:
I have a L2 switch, a router, and a firewall.
L2 Switch --> Router --> Firewall --> Internet
This is stone knives and bearskins, and I am very rusty. The situation is that my office is moving, but some people have to be able to use the old office's connectivity for a few more days. I am substituting a Layer 2 switch and a router for the existing Layer 3 switch.
On the L2 switch, I have several VLANs configured, which I won't go into detail on here. Here is the relevant configuration:
int fa 0/48
descr Link to Router
switchport mode trunk
switchport trunk allowed vlan all
int vlan 132
ip addr 10.1.32.2
ip default-gateway 10.1.32.9
On the Router:
int fa 0/1
descr Link to Switch
no ip addr
int fa 0/0
descr Link to Firewall
ip addr 10.1.32.9 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.1.32.1
On the Firewall:
int eth 0/0
ip address <censored> 255.255.255.224
int eth 0/1
ip address 10.1.32.1 255.255.255.0
route outside 0.0.0.0 0.0.0.0 <censored>
route inside 10.1.32.0 255.255.224.0 10.1.32.2
route inside 10.1.64.0 255.255.224.0 10.1.32.2
route inside 10.10.100.0 255.255.255.0 10.1.32.2
Router can ping firewall.
Router cannot ping switch.
Firewall can ping router.
Firewall cannot ping switch.
Switch cannot ping either router or firewall.
I have to get the switch to be able to ping the router, and vice-versa, because the router is acting as the switch's default gateway. The move happens Sunday, and some people have to be able to work Monday from the old office. (Don't blame me for the water in the basement that prevented the ISP from bringing the circuits in!!!) I'm about to fall asleep on my keyboard... Any help anyone can provide would be most sincerely appreciated!!!!!!!!
You mention a layer 3 switch however your config is setup as the switch being a host switch (basically l2 device) and the router not performing any routing functions for your "several" vlans you mention so at present its doing nothing - Also you didnt mention if the fw is setup to perform this instead
And finally although not stated I assume the fw is performing nat translation for the LAN and is also connecting to your service provider?
Usually I would setup this topology of yours something like below:
1) On the switch: assign a management IP address and default- gateway ( pointing to the router) and all layer 2 vlans created
2) On the router: the interface between the router and the firewall assign an ip address and a static route pointing towards the firewalls next hop
On the interface connecting to the switch set it up with subinterfaces pertaining to all the relevant L2 vlans created on the switch.
Int x/x No shut
Int x/x.135 Description vlan 135 Encapsulation dot1q 135 IP address 10.1.32.1 255 255.255.0
Int x/x.136 Description vlan 136 Encapsulation dot1q 136 IP address 10.1.36.1 255 255.255.0
4) On the firewall : The outside interface (security level 0) assign an ip address in the range of the isp
On the interface connecting to your router (security level 100) assign an IP address within the same ip range of the router fw facing interface
Apply: static routes pointing back into your LAN network via the router as the next next hop Nat translation for you LAN hosts Default route pointing out towards your ISP next hop
Sent from Cisco Technical Support iPad App
Please don't forget to rate any posts that have been helpful.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.