Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help with 2621 config

Status
Not open for further replies.
bberryca

bberryca

IS-IT--Management
Sep 2, 2009
18
CA
Hello,

I am trying to set up a network for my local church, and i am having some issues and i hope someone can help me out.

here is my design,

10.147.209.0/24 for the wireless,
10.147.210.0/24 for the desktops.
10.147.211.0/24 for the servers

I plan on using the 2621 as the router, a 2950-12 for vlaning, and then 2950-24's for the end user connections.

I also have netscreen firewall to front end the entire build.

currently using f0/0 on the 2621 to connect to my 2950-12 subnet 10.147.212.0/24 using 3 subinterfaces, (the 2621 is the dhcp server.. for now)f0/1 is connected to my firewall, subnet 10.147.213.0/24.

on the 2950-12 i am using ports 1 and 2 for subnet 209, ports 3,4,5,6,7,8 for subnet 210, ports 9,10,11 for subnet 211 and port 12 for the uplink to f0/0 on the 2621. I am going to be connecting 2950-12's to the interfaces on the 2950-12, to provide my enduser connectivity.

and now for my issues.

I can't get the 2621 to route packets between f0/0 and f0/1 i can ping (from subnet 210) to the interface ip 10.147.213.1 but i cant it the firewall at 10.147.213.2

also i need to do some traffic shaping ( that i have yet to start) so that subnet 209 and 210 share 5 mbs and subnet 211 gets 10mbs. (I have a 15mbs pipe).

can someone please look at my configs below, i am hoping that someone can figure out why i cannot route between the 2 interfaces on the 2621. also if you wouldnt mind looking over my configs and seeing what i missed that would be great.

Thanks in advance for everything,
Brad

Test_GW1#show run
Building configuration...

Current configuration : 1767 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Test_GW1
!
enable secret 5 $1$jJzD$p1fZksD6JPtTc9xyystJ9.
enable password srf1
!
!
!
!
!
ip subnet-zero
ip name-server 10.147.213.2
ip dhcp excluded-address 10.147.210.0 10.147.210.25
ip dhcp excluded-address 10.147.210.225 10.147.210.255
ip dhcp excluded-address 10.147.209.0 10.147.209.25
ip dhcp excluded-address 10.147.209.225 10.147.209.255
ip dhcp excluded-address 10.147.211.0 10.147.211.25
ip dhcp excluded-address 10.147.211.225 10.147.211.255
!
ip dhcp pool SRFLan
network 10.147.210.0 255.255.255.0
default-router 10.147.210.1
dns-server 10.147.210.1
!
ip dhcp pool SRFWireless
network 10.147.209.0 255.255.255.0
default-router 10.147.209.1
dns-server 10.147.211.25
!
!
!
!
!
!
interface FastEthernet0/0
description link to SRF Networks
ip address 10.147.212.1 255.255.255.0
no ip redirects
duplex auto
speed auto
!
interface FastEthernet0/0.1
description SRFWireless
encapsulation dot1Q 9
ip address 10.147.209.1 255.255.255.0
!
interface FastEthernet0/0.2
description SRFLan
encapsulation dot1Q 10
ip address 10.147.210.1 255.255.255.0
!
interface FastEthernet0/0.3
description SRFSLan
encapsulation dot1Q 11
ip address 10.147.211.1 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet0/1
description Link to Netscreen
ip address 10.147.213.1 255.255.255.0
no ip redirects
duplex auto
speed auto
!
router rip
network 10.0.0.0
!
ip default-gateway 10.147.213.2
ip classless
ip route 0.0.0.0 0.0.0.0 10.147.212.2
ip http server
!
!
line con 0
transport input none
line aux 0
line vty 0 4
password srf1
login
!
no scheduler allocate
end






Test_sw_2#show run
Building configuration...

Current configuration : 2056 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Test_sw_2
!
!
ip subnet-zero
vtp domain SRFVTP
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
vlan 1
tb-vlan1 1002
tb-vlan2 1003
!
vlan 2
!
vlan 9
name SRFWireless
!
vlan 10
name SRFLan
!
vlan 11
name SRFSnet
!
vlan 33,100-105
!
vlan 250
name net_mgmt
!
vlan 1002
tb-vlan1 1
tb-vlan2 1003
!
vlan 1003
tb-vlan1 1
tb-vlan2 1002
parent 1005
!
vlan 1004
bridge 1
stp type ibm
!
vlan 1005
bridge 1
!
interface FastEthernet0/1
switchport access vlan 9
switchport mode access
no ip address
!
interface FastEthernet0/2
switchport access vlan 9
switchport mode access
no ip address
!
interface FastEthernet0/3
description uplink to Test_LanSw1 p 24
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/8
switchport access vlan 10
switchport mode access
no ip address
!
interface FastEthernet0/9
switchport access vlan 11
switchport mode access
no ip address
!
interface FastEthernet0/10
switchport access vlan 11
switchport mode access
no ip address
!
interface FastEthernet0/11
switchport access vlan 11
switchport mode access
no ip address
!
interface FastEthernet0/12
switchport mode trunk
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
ip address 10.147.212.2 255.255.255.0
no ip route-cache
!
ip http server
!
!
line con 0
line vty 0
password srf1
login
line vty 1 4
login
line vty 5 15
login
!
end

 
Sort by date Sort by votes
Yes, I think the 2950 will defualt to ISL as the Trunking protocol, so you should specify "switchport tr en dot1q" on f0/12.

Also, make sure you have added in routes on your firewall pointing subnets 209, 210, 211, 212 to the router.
You can summarise 209, 201, 211 as 208.0/22 if you don't mind 208 being included.
 
Upvote 0 Downvote
1) move the config off of the main f0/0 interface and onto a subinterface
2) the default route is pointing to vlan1 svi on the 2950 switch as opposed to the firewall
3) as vince said, make sure the routes are in the firewall for the return traffic
4) update the IOS to something more recent than 12.1
5) if you want to shape traffic do something like this:
Code: 
access-list 101 permit 10.147.209.0 0.0.0.255 any
access-list 101 permit 10.147.210.0 0.0.0.255 any

class-map shape-209-210
  match access-group 101

policy-map SHAPE_TRAFFIC
  class shape-209-210
    shape average 5000000

int f0/1
 service-policy output SHAPE_TRAFFIC

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Think Unclrico has indicated what needs to be done . All addressing on the trunk link should be under the subinterface . Remove the default gateway command , it doesn't do anything if routing is turned on . The 2950 only supports dot1q so ISL is out of the mix.
 
Upvote 0 Downvote
Thanks Very much, all is working now.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
206
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
153
BIS
BIS
inlsp05
  • Locked
  • Question
2811 ios start with cf
Replies
0
Views
86
inlsp05
inlsp05
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
125
Geraldine Souza
Geraldine Souza
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
103
bfordz
bfordz

Part and Inventory Search

Sponsor

Back
Top