http traffic issue.

I have a Cisco switch 2950 setup with the configuration listed below: sw-int>en Password: sw-int#sh start Using 3281 out of 32768 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname sw-int ! enable secret 5 $1$iO2h$eYERx9alsClgYntewlNQK.

enable password 7 133756161E1E060320

! ip subnet-zero no ip domain-lookup no cluster run ! ! spanning-tree mode pvst spanning-tree portfast default no spanning-tree optimize bpdu transmission

spanning-tree extend system-id no spanning-tree vlan 1 no spanning-tree vlan 2 ! ! interface FastEthernet0/1 description Vlan management no ip address duplex full speed 100 no cdp enable ! interface FastEthernet0/2 description Firewall Management System

no ip address no cdp enable ! interface FastEthernet0/3 no ip address no cdp enable ! interface FastEthernet0/4 switchport mode access no ip address duplex full speed 100 no cdp enable ! interface FastEthernet0/5 no ip address no cdp enable ! interface FastEthernet0/6 no ip address shutdown no cdp enable ! interface FastEthernet0/7 no ip address shutdown no cdp enable ! interface FastEthernet0/8 no ip address shutdown no cdp enable ! interface FastEthernet0/9 no ip address shutdown no cdp enable ! interface FastEthernet0/10 no ip address shutdown no cdp enable ! interface FastEthernet0/11 no ip address shutdown no cdp enable ! interface FastEthernet0/12 no ip address shutdown no cdp enable ! interface FastEthernet0/13 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/14 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/15 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/16 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/17 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/18 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/19 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/20 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/21 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/22 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/23 switchport access vlan 2 switchport mode access no ip address shutdown no cdp enable ! interface FastEthernet0/24 switchport mode access no ip address duplex full speed 100 no cdp enable spanning-tree portfast ! interface Vlan1 ip address 131.136.249.129 255.255.255.128

no ip route-cache ! ip default-gateway 131.136.249.129 no ip http server ! access-list 1 permit 131.136.249.3 no cdp run ! line con 0 password 7 107C481D1005102207 line vty 0 4 access-class 1 in password 7 1425530F191628022F login line vty 5 15 access-class 1 in password 7 1425530F191628022F login ! ! monitor session 1 source interface Fa0/1 - 11 monitor session 1 destination interface Fa0/12 end

sw-int#

This switch is behind a Cisco PIX with rules to allow my laptop with a static ip of 131.136.249.140 with some mask and default gateway as mentioned above to access the web. I have a fiber optic cable from the fiber optic tray to a media converter and the ethernet cable from the media converter to the above-mentioned switch. If I plug the ethernet cable from the media converter to the back of my laptop, I am able to go the internet without any problem. However, If I plug the ethernet cable from the media converter to the Cisco switch 2950 and connect my laptop through the switch, I am not able to go to the internet and nslookup does not resolve properly also. Please have a look at the switch configuration. I will appreciate any ideas to solve this problem.

Thanks in advance,

Benchmark.

Reply to
benchmark
Loading thread data ...

What switchports are you actually using? What is the actual topology because you say the switch is 'behind' the firewall with rules to allow your pc through so I assumed the topology was:

isp -- switch -- firewall -- pc

Also the switch default gateway and it's vlan 1 address are the same. Of course that has nothing to do with the problem as it's a layer-2 switch and the default gateway is only for traffic from the switch itself (management interface).

Again, as it's a simple layer-2 switch I would guess the problems actually the firewall rules ... as you've proven ... you remove the problem.

R!durbIk

Reply to
BernieM

Hi BernieM, Your guess on the topology is right. My laptop is connected to fa0/4. You also right on the fact that the default gateway and vlan 1 have the same. I have reported this to the contractor that originally setup the Cisco 2950 for us to look into that.

Thanks,

Eric.

BernieM wrote:

Reply to
benchmark

Hi BernieM, I am not sure about the topology of the network as it is managed by a contracting agency. But my knowledge of Cisco PIX Firewall tells me that the topology should be isp -- firewall -- switch -- pc.

Thanks,

Eric.

BernieM wrote:

Reply to
benchmark

Ok, so when you connect the media converter directly yo your pc it works and the only change you then make is put the switch in between your pc and the media converter ... connecting your pc to fa0/4 ... which port is the media converter being connected to? Do the switch ports link lights come up?

As the switch has ports 1 to 12 in vlan 1 and your connecting to port 4 then the media converter should be connected to a vlan 1 port as well.

The obvious question is though ... what do the contracting agency being paid to manage this network say about the problem?

btw ... you should not post entire configs especially with sensitive information like passwords ... all those "password 7's" decrypt to "R!durbIk". This is especially true if you don't even manage this network device. I'm surprised you have access to it.

BernieM

Reply to
BernieM

I also just noticed that only ports 1 to 4 in vlan 1 are capable of coming up ... the others are administratively shutdown.

Reply to
BernieM

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.