Cisco WAN :: 2960G Router On Stick And Routed Public Range?
Sep 27, 2012
I understand router on a stick for inter-vlan routing but where I'm having trouble is having one of the vlans be public addresses. One of my clients has a rack in a colo where there is no router, i.e. their /24 public network has .1 of the network assigned to a colo router, then they have a 2960G switch in the rack that all the gear is connected to. Public IP's are assigned to certain devices / servers with .1 as their GW. Problem is, they also have a private range on the same switch with no vlans and things are a little 'cluttered' and there is no control of traffic.
The assets I have are a 2821 router with (2) GigE interfaces and the 2960G switch. A /30 network is going to assigned on the colo gear to use to push the entire /24 down to the cabinet. I'm going to NAT the local 10.100.x addresses on vlan 10 and I want the public traffic on vlan 20. During a recent test, the private traffic worked as expected but the public traffic didn't work. I don't need a complete config, more of a 10,000 ft. view of how this needs to be done so (a) traffic is vlan'd to keep things segmented, (b) I can static inside / outside public addresses from the /24 to reduce the number of public addresses being assigned directly to servers (some of this is unavoidable, but the less the better), and (c) I can NAT the local subnet to either to the /24 or the /30 (not much very much traffic in this way).
EDIT: The switch is a C2960S, not G. I cannot enable lanbase-routing, it is apparently unavailable.
is it possible that a public IP can be automatically routed to another public ip.For example I have two routers A and B. router B has a LanB in 10.0.0.0 network and the public ips are in the x.x.x.0 for internet access. router A is located at a remote location and has a public ip of y.y.y.0 network.
I have used all the ports on my 24 port 2960G and need to extend it with another 2960G. These switches do not have trunk ports so what is the best way to stack them and have all 5 vlans on both switches.Can I just use a port Channel trunk etherchannel ?
Any confirmation that the versions 8.6 and up don't allow publishing to more then one public range if IP addresses?
We have ASA5520 version 8.4 in deployment and there I can NAT to 3 different ranges of public IP-s.
With same configuration on ASA5525-X version 8.6 it will NAT only the range that the outside interface belongs to. Also tried the 9.0 version with the same result.
I have a Cisco ASA 5520 (Ver 8.2(4)) with all four interfaces in use (Public, Private, DMZ, Local offices) and an IPS module, so there are no spare interfaces. I have used all of Public IP's on the current interface for various services (these need one to one mapping, so I can't port map mainly due to SSL certificate issues) and I need to add another Public IP range. The secondary option on ASA interfaces does not exist as on routers/switches and I need to use an additional non contiguous IP address range for additional services advertised on the Public interface that are NAT'd to be servers in my DMZ.
I have seen an example of adding a static arp on the Private interface to allow a secondary gateway to be used for outbound traffic, but I need to allow 14 new IP addresses to be NAT'd from the Public to DMZ and possibly also for outbound NAT'ing (from either Private or DMZ to the Public). I have a L2 switch between the ISP router and the firewall, so using VLAN's is not an option unless the ISP can be persuaded (highly unlikey) to add the seondary IP's as a sub interface with tagging. Anyway if this was actioned then we would have a massive outage on our current IP range during the transistion.
I work at a Public Safety building in Pennsylvania and our employees here share a Wifi connection with a local hospital facility that is in a industrial park behind us. The room we work in is able to access the Public Wifi but only half of the room has a good connection. I went to the local computer store and purchased a Belkin Dual-band wireless Range Extender and got it all set up, now I have the Public Wifi Extention access and it will connect to it but it has no internet access. Now we have no access to the administor or the network from our facility. How do i get internet access thru this range extender? If i connect from the good half of the room to the Public wifi i have a good connection with internet access but as soon as you put it thru the extender no more internet access.
It doesn't seem like I can set up trunking (dot1q) on this device. Isn't it supported on this device? Can I still set up VLANs with the router-on-a-stick concept working internal in the device, i.e no external interfaces/subinterfaces being configured? If so, can I then connect VLANs to other switches? I have:
-876 ISR -Catalyst 2960 -SLM2008
I know the small biz switch supports VLANs and I think trunking as well--obviously the 2960 supports it. Is there a way with these devices to configure one VLAN for servers/net devices and another for regular end-user computers so that they still talk to one another, or do I need a different router in the mix?
As per the title, I just require 3 to 4 VLANS with inter-VLAN communication enabled.
In the past I have used this router with each port of the internal switch set to a different VLAN, with each in turn hooked up to an unmanaged switch. This has work fine for me but I want to dip my toe in the world of .1q VLANS and gain some added flexibility and neatness.
I just had to get rid of a bad DIR-825 that I replaced a trusty old DIR-655 with and now I'm back. Anyhow, I can't seem to make the DDNS setting stick in the router. All of the information is correct, but it doesn't seem to want to login. When I click the enable check box, it tries connecting and then greys out and doesn't connect.
I have not been able to figure out the resolution. The basic premise is to have 3 inside vlan networks controlled by a 1900 series router. Then have that primary LAN router connect to the inside of my ASA5505 Basic, then go out to my ISP Gateway. I have tried hundreds of different static route configurations on my router and asa. I have tried equally as many NAT and PAT configurations, but nothing seems to work. I have even tried using all the commands (specific to my topography of course) on this weblink from cisco: url...
In my preparation for my coming CCNA certification I am experimenting with different network configurations. In my test network I am currently working with a "Router on a stick" setup. A Cisco 2611 router connecting a Cisco 2950 switch. VLANs configured on the switch and subinterfaces + dot1q encapsulation configured on the router. Switch only supports dot1q.Router's Eth0/1 is connected to the Switch Fa0/24 port which is also set to trunk mode. I am using a normal Cat5e twisted pair cable to connect the 2 devices.
VLANs are working since I can connect a workstation to an access port for example fa0/2 (vlan2) and get Internet access.I can also ping any of the subinterfaces of the router from the workstation.With the current setup I am not able to ping the switch from the router, or the other way around, so in other words I can't remote manage the switch from a telnet or SSH session with this setup. What I am missing?Just to be clear I am pinging the switch directly from the router (Router2611#ping 172.16.100.2), so please ignore all static routes and OSPF. [code]
I've been trying to re-purpose my E4200v1 as a Bridge, AP or some other thing that might work with wifi coverage in my home. I am using an Asus as the primary router. and I have Verizon Fios so I have a coax/ethernet router with its wireless switched off so that the Asus is primary. That works, but when I go to reset the E4200v1, I can get it to take a new IP address, but when I attempt to put it into bridge mode, as soon as I hit "save settings" I see the admin screen flash and it goes back to its origninal settings, instead of saving the new settings.
I'm trying to stream music files to my A/V system. After weeks of encountering problems, I discovered that UPnP was disabled (by default) on the router. After enabling UPnP on the router, bingo......it worked. My A/V system has a Yamaha A/V receiver, which is a networking receiver capable of net radio and accessing/playing files on my PC. Net radio works fine. The problem I'm having is that when I shut down the A/V receiver, turn it back on, I can't access the files. I have to disable UPnP, save changes, and then reenable UPnP, save changes. When I do that, all is well and my receiver "sees" my PC and files. Shut down the receiver, turn it back on, back to square one and have to do the do the disable/enable routine again. PC is WinXP, using Windows Media Player 11. Seems the "enable" UPnP desn't "stick", even though it shows enabled on the setup page.
I am trying to configure router on a stick with 2811 and 3750, but I just cannot get it to work - vlans are not getting propagated from 3750 to 2811: 3750:
I am using a company called Zen for adsl, I have 8 IP from XXX.XXX.XXX.248 to - XXX.XXX.XXX.255, Gateway is 254, Address 249-250-251-252-253 I would like to appear at the 4 sockets at back of router, and 252,253 will be used for a server...I understand I should be using Routed IP , but I cannot get it to work, I can ping out to google from the server, but the server is not live to the world. [code]
i have a simple router on a stick config which is providing dhcp to a customer SSID. however i don't want employees to stay on it and eat the band width since its open. the lease is set to an hour, is there anyway that i could set it so that once your lease expired it can't be renewed for 4 about 8 hours? I am using a cisco 2600 router in this setup.
I have a subnet (vlan 104) working great across a WAN. At site 1, Router A (3745) has the L2TPv3 tunnel configured while Router B (7204) has a routed interface on vlan 104.
The only thing router A is doing is the tunnel, so I'd like put the tunnel on Router B and eliminate Router A.
The trouble is, when I move the configs to Router B, the tunnel comes up, but the far side does not receive traffic over the tunnel.
Router B shows sending and receiving packets (per the 'sh l2tun session all' command). The far end router shows sending packets but receiving 0.
Is it a problem to have both the vlan 104's L2TPv3 xconnect interface and the vlan 104's routed inteface on the SAME router?
During an installation, we plugged a Ruckus wireless bridge (powered by a PoE injector) into G0/0 on the 1941. The port status remained down/down. We then tried connecting it to G0/1. Again, the port status remained down/down. We took another wireless bridge, plugged it into G0/0 and the port changed to up/up status within a few seconds. The same happened when connected to G0/1. Both ports are have speed/duplex set to auto/auto.We took the cable from the first wireless bridge and connected it a 3550 switch, the FastEthernet port went up/up. We then took the cable and connected it to a switchport card (HWIC-4ESW) that was installed in the 1941 router. The port came up/up.We connected to wireless bridge back to G0/0 in the 1941 and manually set the speed/duplex to 1000/full. The link light on the router became illuminated after a few seconds but no console message was displayed (nor did any events appear in the log) and a "show int g0/0" showed the port status as down/down. This was could not be duplicated as this only happened one time The wireless bridges sit atop of a water tower and are connected each via a shielded ethernet cable. The cable that we're having trouble with is cat5e STP and about 310feet in length. I should note that we have not yet swapped the PoE injector but it seams to be functioning properly as power is getting to the wireless bridge and its accessible. Also because if the wireless bridge for some reason didn't come back up after a power cycle it would potentially mean climbing the tower to perform a hard reset. We tried another 1941 with same results however we have not tried another router model to rule out a potential platform issue. Can you recommend any troubleshooting steps to determine why the port status of the gig interfaces on the 1941 don't come up?
One of our vendors requires using a public ip address to setup a site-to-site IPSEC vpn. We only have one public ip address and that will be used for the vpn endpoint and for internet access for the local network. I've setup policy NAT from our local network to the outside interface. I'm also using the outside ip address for the crypto map. The tunnel setups successfully and the Tx count increases anytime I try to ping the remote network, but the ping fails and the Rx count does not increase. According to our vendor, we should be able to ping the remote network and connect using port 443. When trying to connect using port 443, I see a SYN timeout in the logs. I'm not sure if the problem is on their end and they're rejecting our traffic, or if something is misconfigured on our end. I'd like to make sure that I have everything configured correctly before I go and point fingers at them.
Local Network - 10.10.9.0/24 Remote Network - 20.20.41.0/24 Remote Peer - 20.20.60.193 .ASA Version 8.2(5) ! hostname ciscoasa
I would replace an old Levelone Router with a Linksys E2500.I have 3 different routed private networks (e.g. 192.168.1.0/24 , 192.168.101.0/24 and 10.0.0.0/24) How can I forward different ports to this 3 different private networks with an E2500.Under "Games&Applications" in the" Portforwarding" menu the first 3 octets of the "to IP-address" are fix and corresponds ever with the LAN ip address of th E2500.
I just received a new Cisco SG300-10 and am configuring it in Layer 3 mode. I am trying to setup multiple routed VLANs going back to a FiOS Actiontec router. My configuration is as follows.
Fios Router: 192.168.1.1 Assigning DHCP 192.168.1.2 through 100. SG300-10 has VLan 1 ip 192.168.1.5 used for Mgmt. VLAN2 is 10.0.2.1 VLAN3 is 10.0.3.1.
I have a static route set on the fios router for both subnets setup as follows.
I have a laptop connected to Gi8 on the Cisco (Vlan 3) and statically assigned 10.0.3.3, with a gateway of 10.0.3.1. DNS set to the fios router (192.168.1.1).
Everything pretty much works EXCEPT, I cannot get out to the internet from either vlan. Traffic routes between vlans/and the default subnet on the fios without issue.
When I ping out, DNS resolves, but will not go past the fios router. Am I missing a setting somewhere?
i need to allow https traffic to a server in the DMZ that will have a routable IP address will just an ACL suffice ?which interface do i apply it to ? wan or dmz ?i dont need a NAT since the DMZ is a routable space?
I have been asked to setup a VPN on a stick setup so that people on the move can use the encryption of our SSL VPN for web browsing etc using Any Connect. This works fine, whats my ip shows the external IP of the office when connected to the VPN and all traffic is pushed down the pipe. The only issue is when connected I have no access to local resources such as IP printers etc. How to do this on 5505?
I want to know if i can format or rerouter a Vodafone mobile broadband model: k3571-z to use as wireless reciever for a cable broadband in my house, no computer details as yet as im still in process of building one.
I have a linksys router connected to four computers and putting out a wireless signal. I also have a PC upstairs I would like to get online, and have a WRT54G V5 wireless router that I want to use like a wireless USB stick. Is this possible without downloading additional firmware beisdes official Linksys firmware?
we (educational institution)are attempting to trace an ip address for a STC USB stick. Actually, we have requested STC GSM provider to trace it. Reason being is, one or more of our teachers have sent an email harassing other staff. We wish to find out if STC has the techincal know how to get this info.
I purchased a Virgin Mobile Online Stick where you do not need a telephone jack, modem, router etc. or anything to go online, It's like, go online from everywhere, like at&t offers it too. Costs like 40-50 bucks a month.But I cannot go online. i insalled the stick and when open the icon, it connects and says ready, but I cannot reach ANY site at all.I saw in the network section that there is a little red x infront of the locale area connection and it always says, connect a cable. But this should not be the cae since you do not need any kind of cables with this stick.A friend of mine and I had the same stick from at&t and it worked perfect. We just double clicked the at&t icon on the desktop, clicked connect and everythng was great and we used it to 100% in the car missing or doing wrong?PS: PC runs on Vista AND, when calling Virgin, they just tell you, that's not there problem because it shows that it is connected, which is true, but still cant reach ANY website
Has anyone implemented a working Nat on a Stick?I am looking for 3750 configurations for Nat on a stick.Our users need to access the camera monitoring from home as well as in work.We will like to setup the monitoring software with public address (and port) of the cameras, as the users use the same configuration at home and work.DNS will not work for us as the monitoring settings only accept IP.
