cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1758
Views
0
Helpful
28
Replies
Highlighted
Beginner

NAS 4.8 communication problem (help plz) in troubleshooting stuck!

"CAS + CAM + TEST XP box is all on SAME L3 SWITCH just in different VLANS "

1> I have a simple setup of inband vg mode for a small set of users .

2> CAM IP is : vlan 41 = 192.168.41.1 , CAS IP : vlan 42 = 192.168.42.1  ( both are pingable from switch and also from each other boxes )

3> SSL Cert is fine and shows CAS connected in CAM.

4> I have a user vlan 29 , which i did vlan map to  429 in CAM. and also defined  a managed subnet (with free ip from dhcp scope, excluded) 192.168.29.253

Following is my port config on the L3 switch :

CAM port config on switch :
===================
interface GigabitEthernet4/16
description Connected to CAM NIC 1 ETH 0
switchport
switchport access vlan 41
switchport mode access
no ip address
spanning-tree portfast
end

CAS port config on switch(trusted eth0):
==============================
interface GigabitEthernet4/18
description CAS trusted Interface ETH 0 NIC 1
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 10-39,42
switchport mode access
no ip address
end

CAS port config on switch(untrusted eth1):
==============================

interface GigabitEthernet4/20
description CAS Untrusted Interface ETH 1 NIC 2
switchport
switchport access vlan 2
switchport trunk encapsulation dot1q
switchport trunk native vlan 998
switchport trunk allowed vlan 410-439
no ip address
end

Now ......... I was before using XP laptop on vlan 29 and it was working fine ,the moment i put it up on vlan 429 , it stops woerking and not taking IP even.  I wanted to ATLEAST download the AGENT on PC and then proceed on requirements of user ???? EVEN FROM CAS/NAS i did the following command and see the output : ( PLEASE SUGGEST me how to troubleshoot and proceed on this )


[root@cas ~]# more /perfigo/build
VERSION=4.8.0
NAME=Clean Access Server
DATE=2010/07/21
AUTHOR=avinkuma
BUILD_TAG=NAC-4_8_0-RC9
BUILD_INFO=Experimental
BUILT_ON=nacbuild
REBUILD_COUNT=0
[root@cas ~]#

[root@cas ~]# cd /proc/click/intern_arpq/
[root@cas intern_arpq]# more table
[root@cas intern_arpq]#

[root@cas ~]# cd /proc/click/real_routing_table/
[root@cas real_routing_table]# more table
192.168.42.1/32         -               0 0
192.168.42.254/32       -               1 0
192.168.42.0/24         -               2 0
0.0.0.0/0               192.168.42.254  1 0
192.168.10.0/24         192.168.10.254  1 8
192.168.11.0/24         192.168.11.254  1 8
192.168.12.0/24         192.168.12.254  1 8
192.168.13.0/24         192.168.13.254  1 8
192.168.14.0/24         192.168.14.254  1 8
192.168.15.0/24         192.168.15.254  1 8
192.168.16.0/24         192.168.16.254  1 8
192.168.17.0/24         192.168.17.254  1 8
192.168.18.0/24         192.168.18.254  1 8
192.168.19.0/24         192.168.19.254  1 8
192.168.20.0/24         192.168.20.254  1 8
192.168.21.0/24         192.168.21.254  1 8
192.168.22.0/24         192.168.22.254  1 8
192.168.23.0/24         192.168.23.254  1 8
192.168.24.0/24         192.168.24.254  1 8
192.168.25.0/24         192.168.25.254  1 8
192.168.26.0/24         192.168.26.254  1 8
192.168.27.0/24         192.168.27.254  1 8
192.168.28.0/24         192.168.28.254  1 8

I THINK SOME ISSUE is about UNTRUSTED ETH1 in LEARNING ? how to check it further and troubleshoot more ????

my XP desktop is fine and it works fine on vlan 29 , but in auth vlan 429 ( there is no SVI for it ) IT IS NOT WORKING ????

please help..................desperate !

28 REPLIES 28
Highlighted
Cisco Employee

Hi,

Checking you switchport config i see some mistakes...

Both CAS interfaces must be "switchport mode trunk" as you have more than one vlan there, so it can't be mode access...

The switchport config should be something like this:

CAS port config on switch(trusted eth0):
==============================
interface GigabitEthernet4/18
description CAS trusted Interface ETH 0 NIC 1
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 10-39,42
switchport mode trunk
no ip address
end

CAS port config on switch(untrusted eth1):
==============================

interface GigabitEthernet4/20
description CAS Untrusted Interface ETH 1 NIC 2
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 998
switchport trunk allowed vlan 410-439

switchport mode trunk
no ip address
end

Please make sure the VLAN mapping 429 - 29 is configured properly.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Highlighted

Well, i have removed the switchport mode access from trusted side, sorry for the error . there but  still i have the follwing on CAS CLI .

[root@cas ~]# cd /proc/click/intern_arpq/

[root@cas intern_arpq]# more table

[root@cas intern_arpq]#

<<<<<<<<<<<<<<<<<< THE  CAS is not learning about ARP for 429 >>>>>>>>>>>>>>>>>

WELL, Here i must mention 1 more thing the DHCP is not in AD , it is on the same switch .

ip dhcp pool VLAN29

network 192168.29.0 255.255.255.0

default-router 192.168.29.254  <-------------- inter vlan 29 ip address!

dns

ip dhcp-exclude address 192.168.29.253 <--------------- used in MANAGED SUBNET in CAM for vlan 429

Plz experts suggest me the resolution ? It should be basic stuff missing here, the the eth1 untrsuted was SHUTDOWN whole time until i started the test. I am using new NAC 4.8

WAITING...

Highlighted

Hi,

You need to remove the switchport mode access from the untrusted port as well.

Unless the DHCP starts working, the NAC agent will not download.

Secondly, clear the CAM table on the switch, since it would have already learned the MAC address for the test PC when you used it on vlan 29.

Now, to troubleshoot further, you need to trace the flow of the dhcp request.

On the switch, span the untrusted NAS port to some port which has another PC on vlan 29 running wireshark.

This way you can see if DHCP request is going to the NAS or not.

Hope this helps.

-Shrikant

Highlighted

Nice tip. I will try this out .

Plus this is my 2nd deployment but i didnt face this issue before.

The only difference here is , in my previous delpoyment the AD was having DHCP , here the switch is having DHCP for clients.

Does it make any difference?

Highlighted

Hi,

Well, what is needed is that the user gets IP address from the correct subnet.

If cannot create any SVI for the untrusted vlan, otherwise the dhcp exchange does not flow through the CAS.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Highlighted

I have following 3 important queries.:

1> I have more than 20 vlans and 10 of them are for data ,which needs to be used for NAC Users, remaining 10 vlans are not thru NAC but configured with SVI on the same switch ? "DO I HAVE TO PROVIDE EXCEPTION TO IT ON NAS/CAS eth1 with switchport vlan except or switchport vlan remove vlan , .........or do i have to add ALL other vlans which are not thru NAC to be added to REAL VLAN trusted list on CAS/NAS Eth0.

2> DHCP is working fine if i use normal vlan for user, but once i map it thru its mapped vlan 29 (real vlan) <---> 429 (mapped vlan) , the user is not coming online and not getting IP/MASK details ? "WHAT could be the causes of it and what could be solution to it ...this is my 2nd concern " , please advice !

3> My test machines are windows 7 and windows xp machines, and this is my 2nd deployment i didnt face this problem, do i have to check something about it on the client side ? if so please advice !


"CAS and CAM are showing connected and i do not see any problem in MANAGED SUBNET ,VLAN MAP" , my deployment is L2 VG Mode "

regards

K.

Highlighted

Hi K.,

1. You need to allow only those 10 VLANs that need to be authenticated by CAS through the CAS untrusted (eth1) interface.

There should be 10 mappings, 1 for each VLAN, on the CAS. None of these 10 VLANs should have an SVI on the switch.

2. If DHCP is not working, then this should be the primary problem. You need to troubleshoot as to why it is not working.

The flow of the DHCP request should be: PC -> Switch ->eth1 CAS eth0 -> Switch

The DHCP reply, should return along the same path via CAS.

To troubleshoot this, I would suggest, spanning the switch's ports which are connected to eth0 and eth1 to a PC on vlan 29, and see if the DHCP request is going through the CAS or not. If it isn't then there is some configuration issue with respect to vlans on the switch.

3. I dont think there would be anything to check on the client side as yet. Though Windows 7 support started with NAC 4.7 only, if i am not mistaken.

However, you could run captures on the Client too, and see if it get any reply to the DHCP requests it sends out?

Hope this helps.

-Shrikant

Highlighted

Well, i would look into the matter more and update the discussion thread by tuesday . I am missing some point here, but wehat i dont know....

DHCP is on the same switch and no on the AD server 2003.

I am running CAS/CAM 4.8 ...

Highlighted

Hi K.,

Could you please attach the config of the switch, and also label the ports connected to the PC, CAS and CAM?

I will try to figure out if something is wrong in the config.

-Shrikant

Highlighted

Here you go Srikant :

The following config is from actual test switch ( 6500 ) .

Ports are labeled . I am working with only 4 ports here .

4/16  = CAM

4/18 =  TRUSTED ETH0 CAS

4/20 = UNTRUSTED ETH1 CAS

4/23 = TEST PC XP MACHINE  ( works fine if i put it on vlan 29 for dhcp , and stops working if i put it in vlan 429 )

[ i have created vlan 429 and no svi interface for it , only svi is for vlan 29 ]

Could you please help in solving my problem , OF WHY TRAFFIC is not passing thru ETH1 NIC2 OF CAS ...

i am using 4.8 CAS CAM.

NOTED:  CAS ETH1 was shutdown whole time with "ifconfig eth1 down" command and CAS and CAM are both CONNECTED thru SSL ]

------------------------------------------------------------------

ADMIN-CSW01#SH RUN

Building configuration...

Current configuration : 51582 bytes

!

! Last configuration change at 08:57:35 gmt Tue Apr 12 2011 by DraculA

! NVRAM config last updated at 08:57:38 gmt Tue Apr 12 2011 by DraculA

!

upgrade fpd auto

version 12.2

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service internal

service counters max age 5

!

hostname ADMIN-CSW01

!

boot system flash sup-bootdisk:

no logging console

enable secret 5 $1$Hc4y$xpxYtVioPTdOn/LXGct900

!

username DraculA secret 5 $1$1rbK$sq/HsjcXDlStIlkrVTxy61

no aaa new-model

clock timezone gmt 4

ip subnet-zero

!

!

ip dhcp excluded-address 192.168.10.254 192.168.10.255

ip dhcp excluded-address 192.168.11.254 192.168.11.255

ip dhcp excluded-address 192.168.12.254 192.168.12.255

ip dhcp excluded-address 192.168.13.254 192.168.13.255

ip dhcp excluded-address 192.168.14.254 192.168.14.255

ip dhcp excluded-address 192.168.15.254 192.168.15.255

ip dhcp excluded-address 192.168.16.254 192.168.16.255

ip dhcp excluded-address 192.168.17.254 192.168.17.255

ip dhcp excluded-address 192.168.18.254 192.168.18.255

ip dhcp excluded-address 192.168.19.254 192.168.19.255

ip dhcp excluded-address 192.168.20.254 192.168.20.255

ip dhcp excluded-address 192.168.21.254 192.168.21.255

ip dhcp excluded-address 192.168.22.254 192.168.22.255

ip dhcp excluded-address 192.168.23.254 192.168.23.255

ip dhcp excluded-address 192.168.24.254 192.168.24.255

ip dhcp excluded-address 192.168.25.254 192.168.25.255

ip dhcp excluded-address 192.168.26.254 192.168.26.255

ip dhcp excluded-address 192.168.27.254 192.168.27.255

ip dhcp excluded-address 192.168.28.254 192.168.28.255

ip dhcp excluded-address 192.168.29.254 192.168.29.255

ip dhcp excluded-address 192.168.30.254 192.168.30.255

ip dhcp excluded-address 192.168.31.254 192.168.31.255

ip dhcp excluded-address 192.168.32.254 192.168.32.255

ip dhcp excluded-address 192.168.33.254 192.168.33.255

ip dhcp excluded-address 192.168.34.254 192.168.34.255

ip dhcp excluded-address 192.168.35.254 192.168.35.255

ip dhcp excluded-address 192.168.10.50

ip dhcp excluded-address 192.168.11.50

ip dhcp excluded-address 192.168.12.50

ip dhcp excluded-address 192.168.13.50

ip dhcp excluded-address 192.168.15.50

ip dhcp excluded-address 192.168.16.50

ip dhcp excluded-address 192.168.17.50

ip dhcp excluded-address 192.168.18.50

ip dhcp excluded-address 192.168.19.50

ip dhcp excluded-address 192.168.20.50

ip dhcp excluded-address 192.168.21.50

ip dhcp excluded-address 192.168.22.50

ip dhcp excluded-address 192.168.23.50

ip dhcp excluded-address 192.168.24.50

ip dhcp excluded-address 192.168.25.50

ip dhcp excluded-address 192.168.26.50

ip dhcp excluded-address 192.168.27.50

ip dhcp excluded-address 192.168.28.50

ip dhcp excluded-address 192.168.29.50

ip dhcp excluded-address 192.168.30.50

ip dhcp excluded-address 192.168.31.50

ip dhcp excluded-address 192.168.32.50

ip dhcp excluded-address 192.168.33.50

ip dhcp excluded-address 192.168.34.50

ip dhcp excluded-address 192.168.35.50

ip dhcp excluded-address 192.168.10.1 192.168.10.20

ip dhcp excluded-address 192.168.11.1 192.168.11.20

ip dhcp excluded-address 192.168.12.1 192.168.12.20

ip dhcp excluded-address 192.168.13.1 192.168.13.20

ip dhcp excluded-address 192.168.14.1 192.168.14.20

ip dhcp excluded-address 192.168.15.1 192.168.15.20

ip dhcp excluded-address 192.168.16.1 192.168.16.20

ip dhcp excluded-address 192.168.17.1 192.168.17.20

ip dhcp excluded-address 192.168.18.1 192.168.18.20

ip dhcp excluded-address 192.168.19.1 192.168.19.20

ip dhcp excluded-address 192.168.20.1 192.168.20.20

ip dhcp excluded-address 192.168.21.1 192.168.21.20

ip dhcp excluded-address 192.168.22.1 192.168.22.20

ip dhcp excluded-address 192.168.23.1 192.168.23.20

ip dhcp excluded-address 192.168.24.1 192.168.24.20

ip dhcp excluded-address 192.168.25.1 192.168.25.20

ip dhcp excluded-address 192.168.26.1 192.168.26.20

ip dhcp excluded-address 192.168.27.1 192.168.27.20

ip dhcp excluded-address 192.168.28.1 192.168.28.20

ip dhcp excluded-address 192.168.29.1 192.168.29.20

ip dhcp excluded-address 192.168.30.1 192.168.30.20

ip dhcp excluded-address 192.168.31.1 192.168.31.20

ip dhcp excluded-address 192.168.32.1 192.168.32.20

ip dhcp excluded-address 192.168.33.1 192.168.33.20

ip dhcp excluded-address 192.168.34.1 192.168.34.20

ip dhcp excluded-address 192.168.35.1 192.168.35.20

ip dhcp excluded-address 192.168.50.254 192.168.50.255

ip dhcp excluded-address 192.168.51.254 192.168.51.255

ip dhcp excluded-address 192.168.52.254 192.168.52.255

ip dhcp excluded-address 192.168.53.254 192.168.53.255

ip dhcp excluded-address 192.168.54.254 192.168.54.255

ip dhcp excluded-address 192.168.55.254 192.168.55.255

ip dhcp excluded-address 192.168.56.254 192.168.56.255

ip dhcp excluded-address 192.168.57.254 192.168.57.255

ip dhcp excluded-address 192.168.58.254 192.168.58.255

ip dhcp excluded-address 192.168.59.254 192.168.59.255

ip dhcp excluded-address 192.168.60.254 192.168.60.255

ip dhcp excluded-address 192.168.61.254 192.168.61.255

ip dhcp excluded-address 192.168.62.254 192.168.62.255

ip dhcp excluded-address 192.168.63.254 192.168.63.255

ip dhcp excluded-address 192.168.64.254 192.168.64.255

ip dhcp excluded-address 192.168.65.254 192.168.65.255

ip dhcp excluded-address 192.168.66.254 192.168.66.255

ip dhcp excluded-address 192.168.67.254 192.168.67.255

ip dhcp excluded-address 192.168.68.254 192.168.68.255

ip dhcp excluded-address 192.168.69.254 192.168.69.255

ip dhcp excluded-address 192.168.70.254 192.168.70.255

ip dhcp excluded-address 192.168.71.254 192.168.71.255

ip dhcp excluded-address 192.168.72.254 192.168.72.255

ip dhcp excluded-address 192.168.73.254 192.168.73.255

ip dhcp excluded-address 192.168.74.254 192.168.74.255

ip dhcp excluded-address 192.168.75.254 192.168.75.255

ip dhcp excluded-address 192.168.36.254 192.168.36.255

ip dhcp excluded-address 192.168.37.254 192.168.37.255

ip dhcp excluded-address 192.168.38.254 192.168.38.255

ip dhcp excluded-address 192.168.39.254 192.168.39.255

ip dhcp excluded-address 192.168.76.254 192.168.76.255

ip dhcp excluded-address 192.168.77.254 192.168.77.255

ip dhcp excluded-address 192.168.78.254 192.168.78.255

ip dhcp excluded-address 192.168.79.254 192.168.79.255

ip dhcp excluded-address 192.168.36.1 192.168.36.20

ip dhcp excluded-address 192.168.37.1 192.168.37.20

ip dhcp excluded-address 192.168.38.1 192.168.38.20

ip dhcp excluded-address 192.168.39.1 192.168.39.20

ip dhcp excluded-address 192.168.36.50

ip dhcp excluded-address 192.168.37.50

ip dhcp excluded-address 192.168.38.50

ip dhcp excluded-address 192.168.39.50

ip dhcp excluded-address 192.168.10.253

ip dhcp excluded-address 192.168.11.253

ip dhcp excluded-address 192.168.12.253

ip dhcp excluded-address 192.168.13.253

ip dhcp excluded-address 192.168.14.253

ip dhcp excluded-address 192.168.15.253

ip dhcp excluded-address 192.168.16.253

ip dhcp excluded-address 192.168.17.253

ip dhcp excluded-address 192.168.18.253

ip dhcp excluded-address 192.168.19.253

ip dhcp excluded-address 192.168.20.253

ip dhcp excluded-address 192.168.21.253

ip dhcp excluded-address 192.168.22.253

ip dhcp excluded-address 192.168.23.253

ip dhcp excluded-address 192.168.24.253

ip dhcp excluded-address 192.168.25.253

ip dhcp excluded-address 192.168.26.253

ip dhcp excluded-address 192.168.27.253

ip dhcp excluded-address 192.168.28.253

ip dhcp excluded-address 192.168.29.253

ip dhcp excluded-address 192.168.30.253

ip dhcp excluded-address 192.168.31.253

ip dhcp excluded-address 192.168.32.253

ip dhcp excluded-address 192.168.33.253

ip dhcp excluded-address 192.168.34.253

ip dhcp excluded-address 192.168.35.253

ip dhcp excluded-address 192.168.36.253

ip dhcp excluded-address 192.168.37.253

ip dhcp excluded-address 192.168.39.253

ip dhcp excluded-address 192.168.38.253

!

ip dhcp pool VLAN10

   network 192.168.10.0 255.255.255.0

   default-router 192.168.10.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN11

   network 192.168.11.0 255.255.255.0

   default-router 192.168.11.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN12

   network 192.168.12.0 255.255.255.0

   default-router 192.168.12.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN13

   network 192.168.13.0 255.255.255.0

   dns-server 172.168.2.5 172.168.2.6

   default-router 192.168.13.254

   domain-name aol.com

   lease 0 12

!

ip dhcp pool VLAN15

   network 192.168.15.0 255.255.255.0

   default-router 192.168.15.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN16

   network 192.168.16.0 255.255.255.0

   default-router 192.168.16.254

   domain-name aol.com

   option 150 ip 192.168.102.1

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN17

   network 192.168.17.0 255.255.255.0

   default-router 192.168.17.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN18

   network 192.168.18.0 255.255.255.0

   default-router 192.168.18.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN19

   network 192.168.19.0 255.255.255.0

   default-router 192.168.19.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN20

   network 192.168.20.0 255.255.255.0

   default-router 192.168.20.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN21

   network 192.168.21.0 255.255.255.0

   default-router 192.168.21.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN22

   network 192.168.22.0 255.255.255.0

   default-router 192.168.22.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN23

   network 192.168.23.0 255.255.255.0

   default-router 192.168.23.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN24

   network 192.168.24.0 255.255.255.0

   default-router 192.168.24.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN25

   network 192.168.25.0 255.255.255.0

   default-router 192.168.25.254

   domain-name aol.com

   option 150 ip 192.168.102.1

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN26

   network 192.168.26.0 255.255.255.0

   default-router 192.168.26.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN27

   network 192.168.27.0 255.255.255.0

   default-router 192.168.27.254

   domain-name aol.com

   option 150 ip 192.168.102.1

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN28

   network 192.168.28.0 255.255.255.0

   default-router 192.168.28.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!        

ip dhcp pool VLAN29

   network 192.168.29.0 255.255.255.0

   default-router 192.168.29.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   netbios-name-server 172.168.2.5

   lease 0 12

!

ip dhcp pool VLAN30

   network 192.168.30.0 255.255.255.0

   default-router 192.168.30.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN31

   network 192.168.31.0 255.255.255.0

   default-router 192.168.31.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN32

   network 192.168.32.0 255.255.255.0

   default-router 192.168.32.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN33

   network 192.168.33.0 255.255.255.0

   default-router 192.168.33.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN34

   network 192.168.34.0 255.255.255.0

   default-router 192.168.34.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN14

   network 192.168.14.0 255.255.255.0

   default-router 192.168.14.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN35

   network 192.168.35.0 255.255.255.0

   default-router 192.168.35.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN50

   network 192.168.50.0 255.255.255.0

   default-router 192.168.50.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN56

   network 192.168.56.0 255.255.255.0

   default-router 192.168.56.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN57

   network 192.168.57.0 255.255.255.0

   default-router 192.168.57.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN58

   network 192.168.58.0 255.255.255.0

   default-router 192.168.58.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN59

   network 192.168.59.0 255.255.255.0

   default-router 192.168.59.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN60

   network 192.168.60.0 255.255.255.0

   default-router 192.168.60.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN61

   network 192.168.61.0 255.255.255.0

   default-router 192.168.61.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN62

   network 192.168.62.0 255.255.255.0

   default-router 192.168.62.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN63

   network 192.168.63.0 255.255.255.0

   default-router 192.168.63.254

  domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN64

   network 192.168.64.0 255.255.255.0

   default-router 192.168.64.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN65

   network 192.168.65.0 255.255.255.0

   default-router 192.168.65.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN66

   network 192.168.66.0 255.255.255.0

   default-router 192.168.66.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN67

   network 192.168.67.0 255.255.255.0

   default-router 192.168.67.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN68

   network 192.168.68.0 255.255.255.0

   default-router 192.168.68.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN70

   network 192.168.70.0 255.255.255.0

   default-router 192.168.70.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN71

   network 192.168.71.0 255.255.255.0

   default-router 192.168.71.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN72

   network 192.168.72.0 255.255.255.0

   default-router 192.168.72.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN73

   network 192.168.73.0 255.255.255.0

   default-router 192.168.73.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool VLAN74

   network 192.168.74.0 255.255.255.0

   default-router 192.168.74.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!        

ip dhcp pool VLAN75

   network 192.168.75.0 255.255.255.0

   default-router 192.168.75.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool valn36

   network 192.168.36.0 255.255.255.0

   default-router 192.168.36.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   netbios-name-server 172.168.2.5

   lease 0 12

!

ip dhcp pool vlan37

   network 192.168.37.0 255.255.255.0

   default-router 192.168.37.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   netbios-name-server 172.168.2.5

   lease 0 12

!

ip dhcp pool valn38

   network 192.168.38.0 255.255.255.0

   default-router 192.168.38.254

  domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   netbios-name-server 172.168.2.5

   lease 0 12

!

ip dhcp pool vlan39

   network 192.168.39.0 255.255.255.0

   default-router 192.168.39.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   netbios-name-server 172.168.2.5

   lease 0 12

!

ip dhcp pool vlan76

   network 192.168.76.0 255.255.255.0

   default-router 192.168.76.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool vlan77

   network 192.168.77.0 255.255.255.0

   default-router 192.168.77.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool vlan78

   network 192.168.78.0 255.255.255.0

   default-router 192.168.78.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

   lease 0 12

!

ip dhcp pool vlan79

   network 192.168.79.0 255.255.255.0

   default-router 192.168.79.254

   domain-name aol.com

   dns-server 172.168.2.5 172.168.2.6

  lease 0 12

!

ip domain-name aol.com

ip name-server 172.168.2.5

mls ip multicast flow-stat-timer 9

no mls flow ip

no mls flow ipv6

no mls acl tcam share-global

mls cef error action freeze

!

!        

!

!

!

!

!

!

redundancy

notification-timer 8000

mode sso

main-cpu

  auto-sync running-config

!

spanning-tree mode rapid-pvst

spanning-tree vlan 1,10-35,50-75,100-103 priority 8192

diagnostic cns publish cisco.cns.device.diag_results

diagnostic cns subscribe cisco.cns.device.diag_commands

fabric buffer-reserve queue

!

vlan internal allocation policy ascending

vlan access-log ratelimit 2000

!

!

!

!

interface GigabitEthernet1/1

description GDFLR_WEST_SW01 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/2

description 1STFLR_WEST_SW01 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!        

interface GigabitEthernet1/3

description GDFLR_EAST_SW01 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/4

description 1STFLR_EAST_SW01 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/5

description CHEM_ST_SW01 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/6

description LAB_BLDG_SW01 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/7

description DEMI_DESAL_RM_SW01 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/8

description MCB_ELECT_RM_SW01 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/9

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/10

description GDFLR_WEST_SW01 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/11

description 1STFLR_WEST_SW01 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/12

description GDFLR_EAST_SW02 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/13

description 1STFLR_EAST_SW01 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!        

interface GigabitEthernet1/14

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/15

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/16

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/17

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/18

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/19

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/20

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/21

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/22

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/23

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet1/24

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/1

description GDFLR_WEST_SW02 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/2

description 1STFLR_WEST_SW02 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/3

description GDFLR_EAST_SW01 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/4

description 1STFLR_EAST_SW02 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/5

description LAB_BLDG_SW02 Gig 0/4

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/6

description LAB_BLDG_SW02 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/7

description WWT_RM_SW01 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/8

description SIH_01_SW01 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/9

description MCB_ELECT_RM_SW03 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/10

description GDFLR_WEST_SW02 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/11

description 1STFLR_WEST_SW02 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/12

description GDFLR_EAST_SW02 Gig 0/2

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/13

description 1STFLR_EAST_SW02 Gig 0/1

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/14

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/15

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/16

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/17

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/18

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/19

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/20

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/21

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/22

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/23

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet2/24

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet3/1

description LAN NMS server Port # 1, 172.168.2.200

switchport

switchport access vlan 3

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/2

description *** Connected to Firewall-1 ***

switchport

switchport access vlan 5

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/3

description CTI / Voice Mail - Port 1

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/4

description LMS -Port # 1

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/5

description Voice Recording Server - Port 1

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/6

description NorAlert - LAN # 1

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/7

description PABX # 1 MGC - Port 2T

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/8

description ACS Main Server - Port 1/2, 192.168.106.100

switchport

switchport access vlan 103

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/9

description PABX # 2 Card 7 - Port # 1

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/10

description PABX # 3 MGT - Port 2T

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/11

description RADIO - Radio to Telephone (Admin), Vlan 8

switchport

switchport mode access

no ip address

speed 100

duplex half

spanning-tree portfast

!

interface GigabitEthernet3/12

description PAGING/PA - Paging to Telephone (Admin), Vlan 7, 192.168.7.1

switchport

switchport access vlan 7

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/13

description Call Pilot - CLAN

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/14

description description Paging Cabinet (Admin) - NMS, 192.168.7.102, Speed 10mbps

switchport

switchport access vlan 7

switchport mode access

no ip address

speed 10

duplex full

spanning-tree portfast

!

interface GigabitEthernet3/15

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/16

description Fiber Optics Converter

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/17

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/18

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/19

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/20

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!        

interface GigabitEthernet3/21

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/22

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/23

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/24

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/25

description **** IPS module on Leased Line ****

switchport

switchport access vlan 120

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/26

switchport

switchport access vlan 120

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/27

description **** IPS module on ADSL Connection ****

switchport

switchport access vlan 120

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/28

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/29

switchport

switchport access vlan 3

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/30

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/31

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/32

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/33

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/34

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/35

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/36

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!        

interface GigabitEthernet3/37

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/38

switchport

switchport access vlan 130

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/39

switchport

switchport access vlan 130

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/40

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/41

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/42

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/43

switchport

switchport access vlan 2

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/44

description Wireless Internet

switchport

switchport access vlan 250

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/45

switchport

switchport access vlan 130

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/46

switchport

switchport access vlan 250

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/47

description AOL Proxy Server - Internal

switchport

switchport access vlan 2

no ip address

spanning-tree portfast

!

interface GigabitEthernet3/48

description AOL Proxy Server - External (For Fw NAT)

switchport

switchport access vlan 254

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/1

description LAN NMS server Port # 2, 172.168.2.200

switchport

switchport access vlan 3

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/2

description *** Connected to ASA-Firewall-2 ****

switchport

switchport access vlan 5

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/3

description Call Accounting - Port # 2

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/4

description LMS -Port # 2

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/5

description Voice Recorder - Port # 2 (SPAN Port)

no ip address

!

interface GigabitEthernet4/6

description PABX # 2 SS Card - Port TLAN

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/7

description PABX # 2 Card 8 - Port # 1

switchport

switchport access vlan 101

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/8

description ACS Main Server - Port # 2

switchport

switchport access vlan 18

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/9

description ACS NC 1, 192.168.106.1

switchport

switchport access vlan 103

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/10

description ACS NC 2, 192.168.106.2

switchport

switchport access vlan 103

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/11

description ACS NC 3, 192.168.106.3

switchport

switchport access vlan 103

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/12

description ACS NC 4, 192.168.106.4

switchport

switchport access vlan 103

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/13

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet4/14

description Connected to MARS on NIC 1

switchport

switchport access vlan 40

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/15

description LAN NMS server, 172.168.2.200

switchport

switchport access vlan 8

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/16

description Connected to CAM NIC 1 ETH 0

switchport

switchport access vlan 41

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/17

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/18

description CAS trusted Interface ETH 0 NIC 1

switchport

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk native vlan 999

switchport trunk allowed vlan 10-39,42

no ip address

!

interface GigabitEthernet4/19

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/20

description CAS Untrusted Interface ETH 1 NIC 2

switchport

switchport mode trunk

switchport trunk encapsulation dot1q

switchport trunk native vlan 998

switchport trunk allowed vlan 410-439

no ip address

shutdown

!

interface GigabitEthernet4/21

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/22

switchport

switchport access vlan 29

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/23

description *** TEST PC for VLAN 24 <-> VLAN 429

switchport

switchport access vlan 429

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/24

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet4/25

switchport

switchport access vlan 500

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/26

switchport

switchport access vlan 250

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/27

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/28

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/29

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/30

switchport

switchport access vlan 130

switchport mode access

no ip address

spanning-tree portfast

!        

interface GigabitEthernet4/31

switchport

switchport mode access

no ip address

!

interface GigabitEthernet4/32

switchport

switchport access vlan 429

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/33

switchport

switchport access vlan 20

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/34

switchport

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/35

switchport

switchport access vlan 20

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/36

switchport

switchport access vlan 34

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/37

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/38

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/39

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/40

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/41

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/42

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/43

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/44

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/45

switchport

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet4/46

switchport

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface GigabitEthernet4/47

switchport

switchport access vlan 2

no ip address

spanning-tree portfast

!        

interface GigabitEthernet4/48

description AOL Switch, 192.168.1.2

switchport

switchport access vlan 2

no ip address

spanning-tree portfast

!

interface GigabitEthernet5/1

no ip address

shutdown

!

interface GigabitEthernet5/2

no ip address

shutdown

!

interface GigabitEthernet6/1

no ip address

shutdown

!

interface GigabitEthernet6/2

no ip address

shutdown

!

interface Vlan1

description Network Eq Management

ip address 192.168.1.254 255.255.255.0

!

interface Vlan2

description Data Server Segment 2 - Internal

ip address 172.168.2.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan3

description NMS Segment

ip address 172.168.3.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan5

description *** Firewall Inside Interface ***

ip address 192.168.5.1 255.255.255.0

!

interface Vlan7

description Vlan for Paging to Telephone Interconnection - Static IP

ip address 192.168.7.254 255.255.255.0

!

interface Vlan8

description Vlan for Radio to Telephone Interconnection, LDT - Static IP (Shut down, No Routing need)

ip address 192.168.8.254 255.255.255.0

shutdown

!

interface Vlan10

description Ground Flr  West Side

ip address 192.168.10.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan11

description Ground Flr  East Side

ip address 192.168.11.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan12

description 1 Flr  West Side

ip address 192.168.12.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan13

description 1 Flr  East Side

ip address 192.168.13.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!        

interface Vlan14

description MCB  ELECT ROOM

ip address 192.168.14.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan15

description Laboratory

ip address 192.168.15.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan16

description Hazard Mat. WHSE

ip address 192.168.16.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan17

description CHEMICAL STORE BUILDING

ip address 192.168.17.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan18

description GATEHOUSE

ip address 192.168.18.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan19

description WWT ROOM

ip address 192.168.19.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan20

description SIH-01

ip address 192.168.20.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan21

description SIH-02

ip address 192.168.21.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan22

description SIH-03

ip address 192.168.22.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan23

description MAIN S/S

ip address 192.168.23.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan24

description S/S-01

ip address 192.168.24.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan25

description S/S-02

ip address 192.168.25.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan26

description UTILITY S/S

ip address 192.168.26.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan27

description DEMI & DESAL

ip address 192.168.27.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan28

description PROCESS GATEHOUSE

ip address 192.168.28.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan29

description gdrflr_west_02

ip address 192.168.29.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan30

description gdrflr_east_02

ip address 192.168.30.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan31

description 1stflr_west_02

ip address 192.168.31.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan32

description 1stflr_east_02

ip address 192.168.32.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!        

interface Vlan33

description mcb_02

ip address 192.168.33.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan34

description lab_02

ip address 192.168.34.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan35

description mcb_03

ip address 192.168.35.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan36

description Fire Station

ip address 192.168.36.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan37

description WS1

ip address 192.168.37.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan38

description WS2

ip address 192.168.38.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan39

description WH

ip address 192.168.39.254 255.255.255.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan40

description MARS Management

ip address 192.168.40.254 255.255.255.0

!

interface Vlan41

description NAC-MGR

ip address 192.168.41.254 255.255.255.0

!

interface Vlan42

description NAC-SRV

ip address 192.168.42.254 255.255.255.0

!

interface Vlan50

description voice Ground Flr  West Sides

ip address 192.168.50.254 255.255.255.0

!

interface Vlan51

description voice Ground Flr  East Side

ip address 192.168.51.254 255.255.255.0

!

interface Vlan52

description voice 1 Flr  West

ip address 192.168.52.254 255.255.255.0

!

interface Vlan53

description voice 1 Flr  East Side

ip address 192.168.53.254 255.255.255.0

!

interface Vlan54

description voice MCB  ELECT ROOM

ip address 192.168.54.254 255.255.255.0

!

interface Vlan55

description voice Laboratory

ip address 192.168.55.254 255.255.255.0

!

interface Vlan56

description voice Hazard Mat. WHSE

ip address 192.168.56.254 255.255.255.0

!

interface Vlan57

description voice CHEMICAL STORE BUILDING

ip address 192.168.57.254 255.255.255.0

!

interface Vlan58

description voice GATEHOUSE

ip address 192.168.58.254 255.255.255.0

!

interface Vlan59

description voice WWT ROOM

ip address 192.168.59.254 255.255.255.0

!

interface Vlan60

description voice SIH-01

ip address 192.168.60.254 255.255.255.0

!

interface Vlan61

description voice SIH-02

ip address 192.168.61.254 255.255.255.0

!

interface Vlan62

description voice SIH-03

ip address 192.168.62.254 255.255.255.0

!

interface Vlan63

description voice MAIN S/S

ip address 192.168.63.254 255.255.255.0

!

interface Vlan64

description voice S/S-01

ip address 192.168.64.254 255.255.255.0

!        

interface Vlan65

description voice S/S-02

ip address 192.168.65.254 255.255.255.0

!

interface Vlan66

description voice UTILITY S/S

ip address 192.168.66.254 255.255.255.0

!

interface Vlan67

description voice DEMI & DESAL

ip address 192.168.67.254 255.255.255.0

!

interface Vlan68

description voice PROCESS GATEWAY

ip address 192.168.68.254 255.255.255.0

!

interface Vlan69

description voice grd west 02

ip address 192.168.69.254 255.255.255.0

!

interface Vlan70

description voice grd east 02

ip address 192.168.70.254 255.255.255.0

!

interface Vlan71

description voice 1st west 02

ip address 192.168.71.254 255.255.255.0

!

interface Vlan72

description voice 1st east 02

ip address 192.168.72.254 255.255.255.0

!

interface Vlan73

description voice mcb 02

ip address 192.168.73.254 255.255.255.0

!

interface Vlan74

description voice lab 02

ip address 192.168.74.254 255.255.255.0

!

interface Vlan75

description voice mcb 03

ip address 192.168.75.254 255.255.255.0

!

interface Vlan76

description Voice FS

ip address 192.168.76.254 255.255.255.0

shutdown

!

interface Vlan77

description Voice WS1

ip address 192.168.77.254 255.255.255.0

shutdown

!

interface Vlan78

description Voice WS2

ip address 192.168.78.254 255.255.255.0

shutdown

!

interface Vlan79

description Voice WH

ip address 192.168.79.254 255.255.255.0

shutdown

!

interface Vlan100

description Data Server Segment

ip address 192.168.100.254 255.255.254.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan101

description Voice Server Segment

ip address 192.168.102.254 255.255.254.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!        

interface Vlan102

description Voice Server Segment 2

ip address 192.168.104.254 255.255.254.0

ip helper-address 172.168.2.5

ip helper-address 172.168.2.6

!

interface Vlan103

description access control segment

ip address 192.168.106.254 255.255.254.0

!

interface Vlan120

description ***** IPS Mgmt VLAN *****

ip address 192.168.120.254 255.255.255.0

!

interface Vlan254

description Data Server Segment 2 - External (For Fw NAT)

no ip address

!

interface Vlan300

description AOL PIMS

ip address 10.10.10.1 255.0.0.0

!

interface Vlan600

no ip address

!

router eigrp 100

network 192.168.120.0

network 192.168.0.0 0.0.255.255

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.5.2

ip route 10.0.0.0 255.0.0.0 10.10.10.254

!

no ip http server

!

logging trap alerts

logging source-interface Vlan1

logging 172.168.2.200

logging 172.168.2.220

access-list 23 permit 85.154.243.112 0.0.0.7

!

snmp-server community ArOmAtIcS RO

snmp-server community ArOmAtIcSAOL RW

snmp-server trap-source Vlan1

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps chassis

snmp-server enable traps module

snmp-server enable traps transceiver all

snmp-server enable traps casa

snmp-server enable traps tty

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps bgp

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps dlsw

snmp-server enable traps event-manager

snmp-server enable traps frame-relay

snmp-server enable traps hsrp

snmp-server enable traps ipmulticast

snmp-server enable traps MAC-Notification move threshold

snmp-server enable traps msdp

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message

snmp-server enable traps rf

snmp-server enable traps rtr

snmp-server enable traps slb real virtual csrp

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency

snmp-server enable traps syslog

snmp-server enable traps flex-links status

snmp-server enable traps sonet

snmp-server enable traps dial

snmp-server enable traps fru-ctrl

snmp-server enable traps entity

snmp-server enable traps rsvp

snmp-server enable traps csg agent quota database

snmp-server enable traps srp

snmp-server enable traps vtp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps flash insertion removal

snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd swbus

snmp-server enable traps envmon fan shutdown supply temperature status

snmp-server enable traps port-security

snmp-server enable traps mpls traffic-eng

snmp-server enable traps mpls ldp

snmp-server enable traps isakmp policy add

snmp-server enable traps isakmp policy delete

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server enable traps alarms

snmp-server enable traps vlan-mac-limit

snmp-server enable traps voice poor-qov

snmp-server enable traps mpls vpn

snmp-server host 172.168.2.220 ArOmAtIcS

!

!

control-plane

!

!        

!

dial-peer cor custom

!

!

!

!

line con 0

exec-timeout 0 0

password 7 06271D71414F1D100604405B5D54

login

line vty 0 4

password 7 072E331C43080D0C1401595C557A

login local

line vty 5 15

login local

!

!

monitor session 1 destination interface Gi4/5

monitor session 1 source remote vlan 200

scheduler runtime netinput 300

ntp source Vlan1

ntp master 3

ntp update-calendar

no cns aaa enable

end

Highlighted
Cisco Employee

Troubleshooting DHCP would be my first effort here. To ensure your untrusted traffic is passing through the CAS run a tcpdump on your untrusted interface and watch for traffic generated by your client. Also make sure you don't have a Layer 3 (SVI) for your untrusted network. You can also check /var/log/dhcplog for DHCP handshake. Also remember that the CAS reads the 802.1q tag for the AUTH VLAN to hand out IP addresses, so make sure that is correct on the switch port. Is the DHCP VLAN trunked to the TRUSTED side of the CAS? And lastly, make sure your VLAN mapping is correctly set up.

HTH, a bit.

Highlighted

On CAS, i posted early also that,

On CAS ETH1 i kept my port shut with ifconfig eth1 down whole time and made it ifconfig eth1 up once CAS and CAM were connected thru trusted side.

Whoel config with PORT Description is there, i posted that also.

DHCP is all configured in the core switch and i am testing on the same core switch.

I have eg. a real/access vlan = 29 = 192.168.29.x/24

and i mapped it to auth/untrusted vlan = 429  (no svi for it )

In CAM , i have defined VLAN MAP to 429 <--> 29 and defined a manged subnet also 192.168.29.253 ( provided exclusion in switch for it , plz see config) ,

and restarted both cam and cam a few times YET ASME PROBLEM... no traffic is passing thRU CAS !!!!

CAM = 4/16

CAS TRUSTED = 4/18


CAS UNTRUSTED = 4/20

TEST MACHINE = 4 /23

Plz c my switch config.

Srikath is good and he might figure it out for me.

I have licensed CAM  already and i  am sure CAS will not work and connect if it is NOT licensed also , if i am right.

CAM CAS are running CentOS 4.8 NAC release !

My test machien works fine , once i  put it in real vlan 29 and stops getting IP thru DHCP once i put it up on 429 ????

Highlighted

So did you try tcpdump to see if you have any traffic hitting the untrusted interface? Or look in the DHCP log?

Highlighted

hey philip,

instead of tcpdump i did the below :

[root@cas ~]# cd /proc/click/intern_arpq/
[root@cas intern_arpq]# more table
[root@cas intern_arpq]#

[root@cas ~]# cd /proc/click/real_routing_table/
[root@cas real_routing_table]# more table
192.168.42.1/32         -               0 0
192.168.42.254/32       -               1 0
192.168.42.0/24         -               2 0
0.0.0.0/0               192.168.42.254  1 0
192.168.10.0/24         192.168.10.254  1 8
192.168.11.0/24         192.168.11.254  1 8
192.168.12.0/24         192.168.12.254  1 8
192.168.13.0/24         192.168.13.254  1 8
192.168.14.0/24         192.168.14.254  1 8
192.168.15.0/24         192.168.15.254  1 8
192.168.16.0/24         192.168.16.254  1 8
192.168.17.0/24         192.168.17.254  1 8
192.168.18.0/24         192.168.18.254  1 8
192.168.19.0/24         192.168.19.254  1 8
192.168.20.0/24         192.168.20.254  1 8
192.168.21.0/24         192.168.21.254  1 8
192.168.22.0/24         192.168.22.254  1 8
192.168.23.0/24         192.168.23.254  1 8
192.168.24.0/24         192.168.24.254  1 8
192.168.25.0/24         192.168.25.254  1 8
192.168.26.0/24         192.168.26.254  1 8
192.168.27.0/24         192.168.27.254  1 8
192.168.28.0/24         192.168.28.254  1 8

Content for Community-Ad