Re: Bad Switch - No Config - No Console Port

gocaps25 · ‎09-19-2020

Okay so I have an old SG 200P. It was installed years ago and there are is no knowledge of credentials and no known config file. Here is what I have:

1. SG 200P that will power on and LED lights on ports when things are plugged in BUT no SYSTEM LED.

2. The SG 200P has NO console port.

3. No config file or admin access.

4. I replaced the switch with another one but have no idea what the old config file included. Im sadly, not a trained network person but know enough to be dangerous.. but I am technical and can follow instructions.

5. I have a comcast router - cisco asa 5505x firewall - three ports in use - Port 2 is the INSIDE (192.168...), port 3 is the DMZ (10.10...). Each of these connections from the firewall are going to the switch ( port 24 for INSIDE) and (port 23 for DMZ).

6. Connected to the switch is also a WIRELESS CONTROLLER with FOUR AP's. All APs are blasting both the PUBLIC signal and the PRIVATE signal.

7. Our computers are a mix of PCs and MAC connected to either through ethernet to the private network OR through WIFI to the private network.

8. The only issue I am having is that some of the computers are connecting to the public network and some have stayed on the private. I am only having this issue with the computers accessing the network via ethernet connection.

9. I am sure it is something Im missing from the config file on the switch.. I just dont know enough to troubleshoot.

So here are my questions: 1) is there a way to recover the config file from the broken switch. It will power on.. and I would even pull the appropriate hardware to find a way just to recover that data...

2) Can anyone help me setup the correct settings on the switch in order to correctly make the computers connect to the private network and not the public one. I think I have the main points down.. just need a little help with the details..

balaji.bandi · ‎09-19-2020

If the devices are broken no access, it's hard to recover the config (personally you lost the config)

Coming back to your current setup -

make a small network diagram roughly with pen paper and share here the picture.

you have given information that - you have an internet router and ASA - Switch is acting like a layer 2 or Layer 3 before we don't know.

To the safe side, make sure you backup ASA config out of the box keeping your hard experience now.

the same config remove confidential data share here, so we try to see if we can fix your issue just configure Switch and clients can access the Internet ? (is this what you looking i guess for now) ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

gocaps25 · ‎09-19-2020

Yes.

gocaps25 · ‎09-19-2020

1.Okay.. so I understand no chance of recovering the config file on the switch. It was here before my time.. and just got lost in the shuffle.

2. I do have credentials for the rest of the devices thanks to a console cable and the wireless controllers restore password function. That was a life saver.

3. Right now the firewall is handing out Ip addresses..

interface GigabitEthernet1/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/2
nameif inside
security-level 100
ip address 192.168.XX.XX 255.255.255.XXX
!
interface GigabitEthernet1/3
nameif dmz
security-level 50
ip address 10.10.XX.XX 255.255.255.XXX
!
interface GigabitEthernet1/4
nameif outside
security-level 0
ip address 162.17.XX.XX 255.255.255.XXX
!

ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 8.8.8.8 inside
domain-name MMMMMMMMMM
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network inside-network
host 192.168.1.0

logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400

!
object network obj_any
nat (any,outside) dynamic interface
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 162.17.77.230 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable 2456
http 192.168.1XX.XX 255.255.255.0 inside

management-access inside

dhcpd auto_config outside
!
dhcpd address 192.168.X.XX-192.168.X.XXX inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd enable inside
!
dhcpd address 10.10.XX.XX-10.10.XX.XX dmz
dhcpd dns 8.8.8.8 interface dmz
dhcpd enable dmz
!

!

To summerize... we have basically two SSID's. One public and one private. Im trying to just set it up the way it is supposed to be where you can hop on the public IP address and get an 10.10 OR you can use a password and connect to private and it gets you on our network with the printers... etc.. .

We have 4 APs that all blast both the PUBLIC and the PRIVATE... and we have ethernet for staff that is also the same private network.

I have this firewall setup.. then the switch I have two VLANS.. vlan 1 is the default that includes all the ports EXCEPT for 23 which is VLAN 3 and that is PUBLIC. The port on the switch is assigned to VLAN 3.

Then if you go to the wireless controller I have two WLANS... the Private one is assigned to the management interface/interface group which is private and the public-interface is supposed to be the interface for the PUBLIC wifi..

If I change the interface on the PUBLIC wlan to public-interface, the internet goes away... both ethernet and public.. BUT.. .if I change the PUBLIC wlan to management ( like the PRIVATE wifi) then it recognizes the ethernet connection again and I get PUBLIC and PRIVATE WIFi, but if I connect to PUBLIC, I GET A 192.. NOT a 10.10...