|
Question : problem to connect to internet or network using cisco switch 2950
|
|
hi
i have problem in our company network (we install it now)
network scheme is (many cisco switch 2950 connect to cisco distribution switch (layer 3 switch) then cisco distribution
switch connect to cisco core switch then core switch connect to router 2900 then router connect to pix 525)
my problem is all 2950 switch is work fine and all PC connect to it can enter to internet execpt one 2950 switch (all PC connect to this switch can not enter to internet and can not ping to managmant VLAN for this switch (VLAN 9 ip address 172.16.30.9) but the PC can ping to other PC in same switch and i can enter to this switch using telnet)
switch 2950 configuration is
Current configuration : 8984 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname S-M-01-24-C2
!
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/2
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/3
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/4
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/5
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/6
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/7
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/8
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/9
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/10
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/11
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/12
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/13
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/14
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/15
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/16
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/17
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/18
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/19
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/20
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/21
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/22
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/23
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/24
switchport access vlan 9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
mls qos cos override
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
ip address 172.16.30.9 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
password floor
login
line vty 0 4
password floor
login
line vty 5 15
login
!
!
end
and distribution switch (layer3 switch) configuration is
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname D3
!
!
no aaa new-model
switch 1 provision ws-c3750g-24t
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport access vlan
switchport mode access
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/5
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/6
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/9
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/10
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/11
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport
!
interface GigabitEthernet1/0/13
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/14
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/15
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/16
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/17
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/18
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/19
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/20
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode access
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan7
ip address 172.16.7.1 255.255.255.0
!
interface Vlan10
ip address 172.16.30.1 255.255.255.0
!
interface Vlan50
ip address 172.16.50.3 255.255.255.0
!
router rip
network 172.16.0.0
!
ip default-gateway 172.16.100.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.100.1
ip http server
!
!
control-plane
!
!
line con 0
password floor
login
line vty 0 4
password floor
login
line vty 5 15
no login
!
!
end
and core switch configuration is
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname Core
!
!
ip subnet-zero
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/1
no switchport
ip address 172.16.100.1 255.255.255.0
!
interface GigabitEthernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/4
description TrunkToD2_Floor7A
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/5
description TrunkToD3_Floor3A
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/6
!
interface GigabitEthe
!
interface GigabitEthernet1/8
!
interface GigabitEthernet1/9
!
interface GigabitEthernet1/10
!
interface GigabitEthernet1/11
!
interface GigabitEthernet1/12
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
!
interface GigabitEthernet2/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEth
description WEB_SERVER
no switchport
ip address 172.16.110.1 255.255.255.0
!
interface GigabitEthernet2/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet2/4
description Exchange_server
no switchport
ip address 172.16.120.1 255.255.255.0
!
interface GigabitEthernet2/5
!
interface GigabitEthernet2/6
!
interface GigabitEthernet2/7
!
interface GigabitEthernet2/8
!
interface GigabitEthernet2/9
!
interface GigabitEthernet2/10
no switchport
ip address 172.16.130.1 255.255.255.0
!
interface GigabitEthernet2/11
!
interface GigabitEthernet2/12
!
interface GigabitEthernet2/13
!
interface GigabitEthernet2/14
!
interface GigabitEthernet2/15
!
interface GigabitEthernet2/16
!
interface GigabitEthernet2/17
!
interface GigabitEthernet2/18
!
interface GigabitEthernet2/19
!
interface GigabitEthernet2/20
!
interface GigabitEthernet2/21
!
interface GigabitEthernet2/22
!
interface GigabitEthernet2/23
!
interface GigabitEthernet2/24
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
no ip address
!
interface Vlan50
ip address 172.16.50.50 255.255.255.0
!
router rip
network 172.16.0.0
!
ip default-gateway 172.16.100.1
ip route 0.0.0.0 0.0.0.0 172.16.100.2
no ip http server
!
!
!
!
!
!
line con 0
password floor
login
stopbits 1
line vty 0 4
password floor
login
!
end
and router configuration is
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MOO_Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip wccp web-cache
!
!
ip cef
!
!
ip domain name yourdomain.com
crypto pki trustpoint TP-self-signed-3428832341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3428832341
revocation-check none
rsakeypair TP-self-signed-3428832341
!
!
crypto pki certificate chain TP-self-signed-3428832341
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33343238 38333233 3431301E 170D3036 30383037 30383336
31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34323838
33323334 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DF09 EF8B3FE6 22DEA7A7 877D2280 0E7134D9 743A938E A6620514 93B4C3DD
3DA79889 020ECB50 0A6B0ADE 13207047 5ACD2233 1F8C3029 DF229779 A7C3CD
B07B13BC C08E8188 536BD216 DF1835BE A8674BD3 EB413B5E C12268B4 68EC49B2
478238A1 6253F483 EFBAF4FE 7DCF1F22 58D6A23C 8838379A E6F59FC9 B98FF3EC
A6B10203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 194D4F4F 5F526F75 7465722E 796F7572 646F6D61 696E2E63
6F6D301F 0603551D 23041830 168014B8 6C766E61 24F524B8 0CDFAA90 4A8EC8EE
50E49230 1D060355 1D0E0416 0414B86C 766E6124 F524B80C DFAA904A 8EC8EE50
E492300D 06092A86 4886F70D 01010405 00038181 00A594B1 92EA4840 65A6C6
00ED1AFC 9E6367F8 EA37E120 00512E02 C12429ED FDDB77AB 133A752C B780E89D
9D251874 B3EAF522 00C4DDB6 106F01C9 FFFB3BE6 7D825173 50CAF20F 5CD0D278
EC75AD2F 58413A69 529E376C E4361D9E 866C2EA6 EA72602F 62D931A6 C8CA9F09
F9FFBAFD 507E7B1E CE94B928 B2523322 DACB51BC 26
quit
username cisco privilege 15 secret 5 $1$WkQL$OxhoBFeR.7oK35DlYpMxS/
username moo privilege 15 secret 5 $1$MAfd$lBLqf2PQGuz8sOEKoPIBw0
!
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 62.68.65.1 255.255.255.192
ip wccp web-cache redirect out
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
ip address 172.16.197.2 255.255.255.0
no ip route-cache cef
no ip route-cache
no ip mroute-cache
load-interval 30
no keepalive
no fair-queue
ignore dcd
no cdp enable
!
interface Content-Engine1/0
ip unnumbered GigabitEthernet0/0
service-module ip address 62.68.65.2 255.255.255.192
service-module ip default-gateway 62.68.65.1
!
ip default-gateway 172.16.197.2
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.197.1
ip route 62.68.65.2 255.255.255.255 Content-Engine1/0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
!
!
!
control-plane
!
line con 0
password floor
login
line aux 0
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output all
line vty 0 4
privilege level 15
password floor
login
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
and pix configuration is
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface gb-ethernet0 1000auto shutdown
interface gb-ethernet1 1000auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif gb-ethernet0 intf2 security4
nameif gb-ethernet1 intf3 s
domain-name Cisco
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list acl_out permit icmp any any
access-list inside_outbound_nat0_acl permit ip any 172.16.2.96 255.255.255.240
access-list OutsideIn permit tcp any host 62.68.65.43 eq www
access-list OutsideIn permit tcp any host 62.68.65.43 eq smtp
access-list OutsideIn permit tcp any host 62.68.65.43 eq ftp
access-list OutsideIn permit tcp any host 62.68.65.43 eq telnet
access-list OutsideIn permit tcp any host 62.68.65.43 eq 3389
access-list OutsideIn permit tcp any host 62.68.65.43 eq 69
access-list OutsideIn permit tcp any host 62.68.65.43 eq ssh
access-list OutsideIn permit tcp any host 62.68.65.50 eq www
access-list OutsideIn permit tcp any host 62.68.65.50 eq smtp
access-list OutsideIn permit tcp any host 62.68.65.50 eq ftp
access-list OutsideIn permit tcp any host 62.68.65.50 eq telnet
access-list OutsideIn permit tcp any host 62.68.65.50 eq 3389
access-list OutsideIn permit tcp any host 62.68.65.50 eq 69
access-list OutsideIn permit tcp any host 62.68.65.50 eq ssh
access-list OutsideIn permit tcp any host 62.68.65.51 eq www
access-list OutsideIn permit tcp any host 62.68.65.51 eq ftp
access-list OutsideIn permit tcp any host 62.68.65.52 eq www
access-list OutsideIn permit tcp any host 62.68.65.52 eq ftp
pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500
mtu intf3 1500
ip address outside 62.68.65.3 255.255.255.192
ip address inside 172.16.100.2 255.255.255.0
no ip address intf2
no ip address intf3
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip addr
no failover ip address inside
no failover ip address intf2
no failover ip address intf3
pdm location 172.16.2.70 255.255.255.255 inside
pdm location 172.16.2.200 255.255.255.255 inside
pdm location 172.16.2.0 255.255.255.0 inside
pdm location 172.16.3.0 255.255.255.0 inside
pdm location 172.16.4.0 255.255.255.0 inside
pdm location 172.16.5.0 255.255.255.0 inside
pdm location 172.16.6.0 255.255.255.0 inside
pdm location 172.16.7.0 255.255.255.0 inside
pdm location 172.16.8.0 255.255.255.0 inside
pdm location 172.16.9.0 255.255.255.0 inside
pdm location 172.16.10.0 255.255.255.0 inside
pdm location 172.16.11.0 255.255.255.0 inside
pdm location 172.16.12.0 255.255.255.0 inside
pdm location 172.16.13.0 255.255.255.0 inside
pdm location 172.16.14.0 255.255.255.0 inside
pdm location 172.16.20.0 255.255.255.0 inside
pdm location 172.16.30.0 255.255.255.0 inside
pdm location 172.16.40.0 255.255.255.0 inside
pdm location 172.16.50.0 255.255.255.0 inside
pdm location 172.16.110.2 255.255.255.255 inside
pdm location 172.16.120.2 255.255.255.255 inside
pdm location 62.68.65.43 255.255.255.255 outside
pdm location 62.68.65.44 255.255.255.255 outside
pdm location 172.16.2.96 255.255.255.240 outside
pdm history enable
arp timeout 14400
global (outside) 1 62.68.65.4-62.68.65.42
global (outside) 1 62.68.65.60
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 172.16.2.0 255.255.255.0 0 0
nat (inside) 1 172.16.3.0 255.255.255.0 0 0
nat (inside) 1 172.16.4.0 255.255.255.0 0 0
nat (inside) 1 172.16.5.0 25
nat (inside) 1 172.16.6.0 255.255.255.0 0 0
nat (inside) 1 172.16.7.0 255.255.255.0 0 0
nat (inside) 1 172.16.8.0 255.255.255.0 0 0
nat (inside) 1 172.16.9.0 255.255.255.0 0 0
nat (inside) 1 172.16.10.0 255.255.255.0 0 0
nat (inside) 1 172.16.11.0 255.255.255.0 0 0
nat (inside) 1 172.16.12.0 255.255.255.0 0 0
nat (inside) 1 172.16.13.0 255.255.255.0 0 0
nat (inside) 1 172.16.14.0 255.255.255.0 0 0
nat (inside) 1 172.16.20.0 255.255.255.0 0 0
nat (inside) 1 172.16.30.0 255.255.255.0 0 0
nat (inside) 1 172.16.40.0
nat (inside) 1 172.16.100.0 255.255.255.0 0 0
static (inside,outside) 62.68.65.43 172.16.110.2 netmask 255.255.255.255 0 0
static (outside,inside) 172.16.110.2 62.68.65.43 netmask 255.255.255.255 0 0
static (inside,outside) 62.68.65.44 172.16.120.2 netmask 255.255.255.255 0 0
static (outside,inside) 172.16.120.2 62.68.65.44 netmask 255.255.255.255 0 0
static (inside,outside) 62.68.65.50 172.16.14.130 netmask 255.255.255.255 0 0
static (inside,outside) 62.68.65.51 172.16.2.7 netmask 255.255.255.255 0 0
static (inside,outside) 62.68.65.52 172.16.2.6 netmask 255.255.255.255 0 0
access-group OutsideIn in interface outside
conduit permit icmp any any
conduit permit tcp host 62.68.65.43 eq www any
conduit permit tcp host 62.68.65.44 eq www any
conduit permit tcp host 62.68.65.44 eq pop3 any
conduit permit tcp host 62.68.65.44 eq imap4 any
conduit permit tcp host 62.68.65.44 eq smtp any
rip inside passive version 1
route outside 0.0.0.0 0.0.0.0 62.68.65.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 172.16.2.70 255.255.255.255
http 172.16.2.200 255.255.255.255 inside
http 172.16.130.2 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-pptp
telnet 172.16.100.0 255.255.255.0 inside
telnet 172.16.50.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn username nasem password *********
dhcpd address 172.16.100.50-172.16.100.225 inside
dhcpd dns 172.16.2.5
dhcpd lease 6000
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:c5cd988ba9cd16ce0bf9a83b9a95afb9
: end
its urgent
|
Answer : problem to connect to internet or network using cisco switch 2950
|
|
agree with asdlkf here.. There is no layer 3 vlan interface for vlan 9
They can all talk to each other on the switch because they are all in vlan 9
You can telnet to the swtich because it is using vlan 10 interface for access.
You need an interface vlan 9 on your distribution switch with appropriate IP address just like the other vlans.
You also can't use the same 172.16.30.0 address space on vlan9 because that subnet is on vlan 10
Else, just put all the host ports of the 3550 into vlan10 and not vlan 9
|
|
|
|
|
