Answer the question
In order to leave comments, you need to log in
D
D
demon1589g2019-04-01 13:13:38
demon1589g, 2019-04-01 13:13:38
Cisco how to access external site?
I set up vlans, the internal site opens (ya.ru), but the external one doesn’t (cisco.com)
Tell me where I messed up (I probably didn’t register something in the router or switch)
The essence of the question is that I need to configure it on the switch or a router so that the cisco.com website opens from any vlan 
link to the project https://yadi.sk/d/HZTn2L6jwmVwHg
switch
spoiler
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
!
!
!
!
no ip cef
ip routing
!
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 2-10
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 2-6,8-10
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/3
switchport access vlan 11
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet1/0/4
switchport access vlan 4
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
mac-address 0090.2b8b.0901
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan3
mac-address 0090.2b8b.0902
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan4
mac-address 0090.2b8b.0903
ip address 192.168.4.1 255.255.255.0
!
interface Vlan5
mac-address 0090.2b8b.0904
ip address 192.168.5.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan6
mac-address 0090.2b8b.0905
ip address 192.168.6.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan7
mac-address 0090.2b8b.0906
ip address 192.168.7.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan8
mac-address 0090.2b8b.0907
ip address 192.168.8.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan9
mac-address 0090.2b8b.0908
ip address 192.168.9.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan10
mac-address 0090.2b8b.0909
ip address 192.168.10.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan11
mac-address 0090.2b8b.090a
ip address 192.168.1.2 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
!
end
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
!
!
!
!
no ip cef
ip routing
!
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 2-10
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 2-6,8-10
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/3
switchport access vlan 11
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet1/0/4
switchport access vlan 4
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
mac-address 0090.2b8b.0901
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan3
mac-address 0090.2b8b.0902
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan4
mac-address 0090.2b8b.0903
ip address 192.168.4.1 255.255.255.0
!
interface Vlan5
mac-address 0090.2b8b.0904
ip address 192.168.5.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan6
mac-address 0090.2b8b.0905
ip address 192.168.6.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan7
mac-address 0090.2b8b.0906
ip address 192.168.7.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan8
mac-address 0090.2b8b.0907
ip address 192.168.8.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan9
mac-address 0090.2b8b.0908
ip address 192.168.9.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan10
mac-address 0090.2b8b.0909
ip address 192.168.10.1 255.255.255.0
ip helper-address 192.168.4.2
!
interface Vlan11
mac-address 0090.2b8b.090a
ip address 192.168.1.2 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
!
end
router
spoiler
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial2/0
ip address 145.35.36.53 255.255.0.0
ip nat outside
!
interface Serial3/0
no ip address
clock rate 2000000
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
router rip
!
ip nat pool NAT-POOLp 145.35.36.53 145.35.36.53 netmask 255.255.0.0
ip nat inside source list 1 pool NAT-POOLp
ip classless
ip route 0.0.0.0 0.0.0.0 145.35.90.83
!
ip flow-export version 9
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial2/0
ip address 145.35.36.53 255.255.0.0
ip nat outside
!
interface Serial3/0
no ip address
clock rate 2000000
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
router rip
!
ip nat pool NAT-POOLp 145.35.36.53 145.35.36.53 netmask 255.255.0.0
ip nat inside source list 1 pool NAT-POOLp
ip classless
ip route 0.0.0.0 0.0.0.0 145.35.90.83
!
ip flow-export version 9
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
2 answer(s)
@demon1589g
@serjikz
S
Strabbo, 2019-04-02 @demon1589g
I noticed that between the router and the switch, the port is in the trunk, although you do not have sub-interfaces on the router, in this case you need to transfer port access from the side of the switch (gig1 / 0/3). The access list responsible for nat contains only the 192.168.1.0/24 network, it should contain all networks that should have access to the Internet. Next comes the configuration of the nat itself ip nat inside source list 1 pool NAT-POOLp here, without overload, only 1 IP will work for you. Then there are the DNS server settings, where you have ya.ru. But all computers like it are used as dns, it must resolve all names, and only ya.ru is registered in it. it is necessary to add there still cisco.com with the corresponding ip to the address. Try to fix all this, if it doesn't work tomorrow, we'll think about it.
PS It's too late, my head doesn't cook well, maybe I missed something
S
Sergey ZSA, 2017-01-15 @serjikz
https://jsfiddle.net/7f5q44dg/kenwheeler.github.io/slick
_
just a little google and everything would be found.
Similar questions
A
T
F
D
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question