04-05-2011 11:29 PM - edited 03-09-2019 11:28 PM
"CAS + CAM + TEST XP box is all on SAME L3 SWITCH just in different VLANS "
1> I have a simple setup of inband vg mode for a small set of users .
2> CAM IP is : vlan 41 = 192.168.41.1 , CAS IP : vlan 42 = 192.168.42.1 ( both are pingable from switch and also from each other boxes )
3> SSL Cert is fine and shows CAS connected in CAM.
4> I have a user vlan 29 , which i did vlan map to 429 in CAM. and also defined a managed subnet (with free ip from dhcp scope, excluded) 192.168.29.253
Following is my port config on the L3 switch :
CAM port config on switch :
===================
interface GigabitEthernet4/16
description Connected to CAM NIC 1 ETH 0
switchport
switchport access vlan 41
switchport mode access
no ip address
spanning-tree portfast
end
CAS port config on switch(trusted eth0):
==============================
interface GigabitEthernet4/18
description CAS trusted Interface ETH 0 NIC 1
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 10-39,42
switchport mode access
no ip address
end
CAS port config on switch(untrusted eth1):
==============================
interface GigabitEthernet4/20
description CAS Untrusted Interface ETH 1 NIC 2
switchport
switchport access vlan 2
switchport trunk encapsulation dot1q
switchport trunk native vlan 998
switchport trunk allowed vlan 410-439
no ip address
end
Now ......... I was before using XP laptop on vlan 29 and it was working fine ,the moment i put it up on vlan 429 , it stops woerking and not taking IP even. I wanted to ATLEAST download the AGENT on PC and then proceed on requirements of user ???? EVEN FROM CAS/NAS i did the following command and see the output : ( PLEASE SUGGEST me how to troubleshoot and proceed on this )
[root@cas ~]# more /perfigo/build
VERSION=4.8.0
NAME=Clean Access Server
DATE=2010/07/21
AUTHOR=avinkuma
BUILD_TAG=NAC-4_8_0-RC9
BUILD_INFO=Experimental
BUILT_ON=nacbuild
REBUILD_COUNT=0
[root@cas ~]#
[root@cas ~]# cd /proc/click/intern_arpq/
[root@cas intern_arpq]# more table
[root@cas intern_arpq]#
[root@cas ~]# cd /proc/click/real_routing_table/
[root@cas real_routing_table]# more table
192.168.42.1/32 - 0 0
192.168.42.254/32 - 1 0
192.168.42.0/24 - 2 0
0.0.0.0/0 192.168.42.254 1 0
192.168.10.0/24 192.168.10.254 1 8
192.168.11.0/24 192.168.11.254 1 8
192.168.12.0/24 192.168.12.254 1 8
192.168.13.0/24 192.168.13.254 1 8
192.168.14.0/24 192.168.14.254 1 8
192.168.15.0/24 192.168.15.254 1 8
192.168.16.0/24 192.168.16.254 1 8
192.168.17.0/24 192.168.17.254 1 8
192.168.18.0/24 192.168.18.254 1 8
192.168.19.0/24 192.168.19.254 1 8
192.168.20.0/24 192.168.20.254 1 8
192.168.21.0/24 192.168.21.254 1 8
192.168.22.0/24 192.168.22.254 1 8
192.168.23.0/24 192.168.23.254 1 8
192.168.24.0/24 192.168.24.254 1 8
192.168.25.0/24 192.168.25.254 1 8
192.168.26.0/24 192.168.26.254 1 8
192.168.27.0/24 192.168.27.254 1 8
192.168.28.0/24 192.168.28.254 1 8
I THINK SOME ISSUE is about UNTRUSTED ETH1 in LEARNING ? how to check it further and troubleshoot more ????
my XP desktop is fine and it works fine on vlan 29 , but in auth vlan 429 ( there is no SVI for it ) IT IS NOT WORKING ????
please help..................desperate !
04-06-2011 03:10 AM
Hi,
Checking you switchport config i see some mistakes...
Both CAS interfaces must be "switchport mode trunk" as you have more than one vlan there, so it can't be mode access...
The switchport config should be something like this:
CAS port config on switch(trusted eth0):
==============================
interface GigabitEthernet4/18
description CAS trusted Interface ETH 0 NIC 1
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 10-39,42
switchport mode trunk
no ip address
end
CAS port config on switch(untrusted eth1):
==============================
interface GigabitEthernet4/20
description CAS Untrusted Interface ETH 1 NIC 2
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 998
switchport trunk allowed vlan 410-439
switchport mode trunk
no ip address
end
Please make sure the VLAN mapping 429 - 29 is configured properly.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
04-06-2011 08:32 PM
Well, i have removed the switchport mode access from trusted side, sorry for the error . there but still i have the follwing on CAS CLI .
[root@cas ~]# cd /proc/click/intern_arpq/
[root@cas intern_arpq]# more table
[root@cas intern_arpq]#
<<<<<<<<<<<<<<<<<< THE CAS is not learning about ARP for 429 >>>>>>>>>>>>>>>>>
WELL, Here i must mention 1 more thing the DHCP is not in AD , it is on the same switch .
ip dhcp pool VLAN29
network 192168.29.0 255.255.255.0
default-router 192.168.29.254 <-------------- inter vlan 29 ip address!
dns
ip dhcp-exclude address 192.168.29.253 <--------------- used in MANAGED SUBNET in CAM for vlan 429
Plz experts suggest me the resolution ? It should be basic stuff missing here, the the eth1 untrsuted was SHUTDOWN whole time until i started the test. I am using new NAC 4.8
WAITING...
04-07-2011 02:17 PM
Hi,
You need to remove the switchport mode access from the untrusted port as well.
Unless the DHCP starts working, the NAC agent will not download.
Secondly, clear the CAM table on the switch, since it would have already learned the MAC address for the test PC when you used it on vlan 29.
Now, to troubleshoot further, you need to trace the flow of the dhcp request.
On the switch, span the untrusted NAS port to some port which has another PC on vlan 29 running wireshark.
This way you can see if DHCP request is going to the NAS or not.
Hope this helps.
-Shrikant
04-07-2011 10:26 PM
Nice tip. I will try this out .
Plus this is my 2nd deployment but i didnt face this issue before.
The only difference here is , in my previous delpoyment the AD was having DHCP , here the switch is having DHCP for clients.
Does it make any difference?
04-09-2011 03:07 AM
Hi,
Well, what is needed is that the user gets IP address from the correct subnet.
If cannot create any SVI for the untrusted vlan, otherwise the dhcp exchange does not flow through the CAS.
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
04-09-2011 10:34 PM
I have following 3 important queries.:
1> I have more than 20 vlans and 10 of them are for data ,which needs to be used for NAC Users, remaining 10 vlans are not thru NAC but configured with SVI on the same switch ? "DO I HAVE TO PROVIDE EXCEPTION TO IT ON NAS/CAS eth1 with switchport vlan except or switchport vlan remove vlan , .........or do i have to add ALL other vlans which are not thru NAC to be added to REAL VLAN trusted list on CAS/NAS Eth0.
2> DHCP is working fine if i use normal vlan for user, but once i map it thru its mapped vlan 29 (real vlan) <---> 429 (mapped vlan) , the user is not coming online and not getting IP/MASK details ? "WHAT could be the causes of it and what could be solution to it ...this is my 2nd concern " , please advice !
3> My test machines are windows 7 and windows xp machines, and this is my 2nd deployment i didnt face this problem, do i have to check something about it on the client side ? if so please advice !
"CAS and CAM are showing connected and i do not see any problem in MANAGED SUBNET ,VLAN MAP" , my deployment is L2 VG Mode "
regards
K.
04-10-2011 05:57 AM
Hi K.,
1. You need to allow only those 10 VLANs that need to be authenticated by CAS through the CAS untrusted (eth1) interface.
There should be 10 mappings, 1 for each VLAN, on the CAS. None of these 10 VLANs should have an SVI on the switch.
2. If DHCP is not working, then this should be the primary problem. You need to troubleshoot as to why it is not working.
The flow of the DHCP request should be: PC -> Switch ->eth1 CAS eth0 -> Switch
The DHCP reply, should return along the same path via CAS.
To troubleshoot this, I would suggest, spanning the switch's ports which are connected to eth0 and eth1 to a PC on vlan 29, and see if the DHCP request is going through the CAS or not. If it isn't then there is some configuration issue with respect to vlans on the switch.
3. I dont think there would be anything to check on the client side as yet. Though Windows 7 support started with NAC 4.7 only, if i am not mistaken.
However, you could run captures on the Client too, and see if it get any reply to the DHCP requests it sends out?
Hope this helps.
-Shrikant
04-10-2011 11:04 AM
Well, i would look into the matter more and update the discussion thread by tuesday . I am missing some point here, but wehat i dont know....
DHCP is on the same switch and no on the AD server 2003.
I am running CAS/CAM 4.8 ...
04-12-2011 08:46 AM
Hi K.,
Could you please attach the config of the switch, and also label the ports connected to the PC, CAS and CAM?
I will try to figure out if something is wrong in the config.
-Shrikant
04-13-2011 11:50 AM
Here you go Srikant :
The following config is from actual test switch ( 6500 ) .
Ports are labeled . I am working with only 4 ports here .
4/16 = CAM
4/18 = TRUSTED ETH0 CAS
4/20 = UNTRUSTED ETH1 CAS
4/23 = TEST PC XP MACHINE ( works fine if i put it on vlan 29 for dhcp , and stops working if i put it in vlan 429 )
[ i have created vlan 429 and no svi interface for it , only svi is for vlan 29 ]
Could you please help in solving my problem , OF WHY TRAFFIC is not passing thru ETH1 NIC2 OF CAS ...
i am using 4.8 CAS CAM.
NOTED: CAS ETH1 was shutdown whole time with "ifconfig eth1 down" command and CAS and CAM are both CONNECTED thru SSL ]
------------------------------------------------------------------
ADMIN-CSW01#SH RUN
Building configuration...
Current configuration : 51582 bytes
!
! Last configuration change at 08:57:35 gmt Tue Apr 12 2011 by DraculA
! NVRAM config last updated at 08:57:38 gmt Tue Apr 12 2011 by DraculA
!
upgrade fpd auto
version 12.2
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service counters max age 5
!
hostname ADMIN-CSW01
!
boot system flash sup-bootdisk:
no logging console
enable secret 5 $1$Hc4y$xpxYtVioPTdOn/LXGct900
!
username DraculA secret 5 $1$1rbK$sq/HsjcXDlStIlkrVTxy61
no aaa new-model
clock timezone gmt 4
ip subnet-zero
!
!
ip dhcp excluded-address 192.168.10.254 192.168.10.255
ip dhcp excluded-address 192.168.11.254 192.168.11.255
ip dhcp excluded-address 192.168.12.254 192.168.12.255
ip dhcp excluded-address 192.168.13.254 192.168.13.255
ip dhcp excluded-address 192.168.14.254 192.168.14.255
ip dhcp excluded-address 192.168.15.254 192.168.15.255
ip dhcp excluded-address 192.168.16.254 192.168.16.255
ip dhcp excluded-address 192.168.17.254 192.168.17.255
ip dhcp excluded-address 192.168.18.254 192.168.18.255
ip dhcp excluded-address 192.168.19.254 192.168.19.255
ip dhcp excluded-address 192.168.20.254 192.168.20.255
ip dhcp excluded-address 192.168.21.254 192.168.21.255
ip dhcp excluded-address 192.168.22.254 192.168.22.255
ip dhcp excluded-address 192.168.23.254 192.168.23.255
ip dhcp excluded-address 192.168.24.254 192.168.24.255
ip dhcp excluded-address 192.168.25.254 192.168.25.255
ip dhcp excluded-address 192.168.26.254 192.168.26.255
ip dhcp excluded-address 192.168.27.254 192.168.27.255
ip dhcp excluded-address 192.168.28.254 192.168.28.255
ip dhcp excluded-address 192.168.29.254 192.168.29.255
ip dhcp excluded-address 192.168.30.254 192.168.30.255
ip dhcp excluded-address 192.168.31.254 192.168.31.255
ip dhcp excluded-address 192.168.32.254 192.168.32.255
ip dhcp excluded-address 192.168.33.254 192.168.33.255
ip dhcp excluded-address 192.168.34.254 192.168.34.255
ip dhcp excluded-address 192.168.35.254 192.168.35.255
ip dhcp excluded-address 192.168.10.50
ip dhcp excluded-address 192.168.11.50
ip dhcp excluded-address 192.168.12.50
ip dhcp excluded-address 192.168.13.50
ip dhcp excluded-address 192.168.15.50
ip dhcp excluded-address 192.168.16.50
ip dhcp excluded-address 192.168.17.50
ip dhcp excluded-address 192.168.18.50
ip dhcp excluded-address 192.168.19.50
ip dhcp excluded-address 192.168.20.50
ip dhcp excluded-address 192.168.21.50
ip dhcp excluded-address 192.168.22.50
ip dhcp excluded-address 192.168.23.50
ip dhcp excluded-address 192.168.24.50
ip dhcp excluded-address 192.168.25.50
ip dhcp excluded-address 192.168.26.50
ip dhcp excluded-address 192.168.27.50
ip dhcp excluded-address 192.168.28.50
ip dhcp excluded-address 192.168.29.50
ip dhcp excluded-address 192.168.30.50
ip dhcp excluded-address 192.168.31.50
ip dhcp excluded-address 192.168.32.50
ip dhcp excluded-address 192.168.33.50
ip dhcp excluded-address 192.168.34.50
ip dhcp excluded-address 192.168.35.50
ip dhcp excluded-address 192.168.10.1 192.168.10.20
ip dhcp excluded-address 192.168.11.1 192.168.11.20
ip dhcp excluded-address 192.168.12.1 192.168.12.20
ip dhcp excluded-address 192.168.13.1 192.168.13.20
ip dhcp excluded-address 192.168.14.1 192.168.14.20
ip dhcp excluded-address 192.168.15.1 192.168.15.20
ip dhcp excluded-address 192.168.16.1 192.168.16.20
ip dhcp excluded-address 192.168.17.1 192.168.17.20
ip dhcp excluded-address 192.168.18.1 192.168.18.20
ip dhcp excluded-address 192.168.19.1 192.168.19.20
ip dhcp excluded-address 192.168.20.1 192.168.20.20
ip dhcp excluded-address 192.168.21.1 192.168.21.20
ip dhcp excluded-address 192.168.22.1 192.168.22.20
ip dhcp excluded-address 192.168.23.1 192.168.23.20
ip dhcp excluded-address 192.168.24.1 192.168.24.20
ip dhcp excluded-address 192.168.25.1 192.168.25.20
ip dhcp excluded-address 192.168.26.1 192.168.26.20
ip dhcp excluded-address 192.168.27.1 192.168.27.20
ip dhcp excluded-address 192.168.28.1 192.168.28.20
ip dhcp excluded-address 192.168.29.1 192.168.29.20
ip dhcp excluded-address 192.168.30.1 192.168.30.20
ip dhcp excluded-address 192.168.31.1 192.168.31.20
ip dhcp excluded-address 192.168.32.1 192.168.32.20
ip dhcp excluded-address 192.168.33.1 192.168.33.20
ip dhcp excluded-address 192.168.34.1 192.168.34.20
ip dhcp excluded-address 192.168.35.1 192.168.35.20
ip dhcp excluded-address 192.168.50.254 192.168.50.255
ip dhcp excluded-address 192.168.51.254 192.168.51.255
ip dhcp excluded-address 192.168.52.254 192.168.52.255
ip dhcp excluded-address 192.168.53.254 192.168.53.255
ip dhcp excluded-address 192.168.54.254 192.168.54.255
ip dhcp excluded-address 192.168.55.254 192.168.55.255
ip dhcp excluded-address 192.168.56.254 192.168.56.255
ip dhcp excluded-address 192.168.57.254 192.168.57.255
ip dhcp excluded-address 192.168.58.254 192.168.58.255
ip dhcp excluded-address 192.168.59.254 192.168.59.255
ip dhcp excluded-address 192.168.60.254 192.168.60.255
ip dhcp excluded-address 192.168.61.254 192.168.61.255
ip dhcp excluded-address 192.168.62.254 192.168.62.255
ip dhcp excluded-address 192.168.63.254 192.168.63.255
ip dhcp excluded-address 192.168.64.254 192.168.64.255
ip dhcp excluded-address 192.168.65.254 192.168.65.255
ip dhcp excluded-address 192.168.66.254 192.168.66.255
ip dhcp excluded-address 192.168.67.254 192.168.67.255
ip dhcp excluded-address 192.168.68.254 192.168.68.255
ip dhcp excluded-address 192.168.69.254 192.168.69.255
ip dhcp excluded-address 192.168.70.254 192.168.70.255
ip dhcp excluded-address 192.168.71.254 192.168.71.255
ip dhcp excluded-address 192.168.72.254 192.168.72.255
ip dhcp excluded-address 192.168.73.254 192.168.73.255
ip dhcp excluded-address 192.168.74.254 192.168.74.255
ip dhcp excluded-address 192.168.75.254 192.168.75.255
ip dhcp excluded-address 192.168.36.254 192.168.36.255
ip dhcp excluded-address 192.168.37.254 192.168.37.255
ip dhcp excluded-address 192.168.38.254 192.168.38.255
ip dhcp excluded-address 192.168.39.254 192.168.39.255
ip dhcp excluded-address 192.168.76.254 192.168.76.255
ip dhcp excluded-address 192.168.77.254 192.168.77.255
ip dhcp excluded-address 192.168.78.254 192.168.78.255
ip dhcp excluded-address 192.168.79.254 192.168.79.255
ip dhcp excluded-address 192.168.36.1 192.168.36.20
ip dhcp excluded-address 192.168.37.1 192.168.37.20
ip dhcp excluded-address 192.168.38.1 192.168.38.20
ip dhcp excluded-address 192.168.39.1 192.168.39.20
ip dhcp excluded-address 192.168.36.50
ip dhcp excluded-address 192.168.37.50
ip dhcp excluded-address 192.168.38.50
ip dhcp excluded-address 192.168.39.50
ip dhcp excluded-address 192.168.10.253
ip dhcp excluded-address 192.168.11.253
ip dhcp excluded-address 192.168.12.253
ip dhcp excluded-address 192.168.13.253
ip dhcp excluded-address 192.168.14.253
ip dhcp excluded-address 192.168.15.253
ip dhcp excluded-address 192.168.16.253
ip dhcp excluded-address 192.168.17.253
ip dhcp excluded-address 192.168.18.253
ip dhcp excluded-address 192.168.19.253
ip dhcp excluded-address 192.168.20.253
ip dhcp excluded-address 192.168.21.253
ip dhcp excluded-address 192.168.22.253
ip dhcp excluded-address 192.168.23.253
ip dhcp excluded-address 192.168.24.253
ip dhcp excluded-address 192.168.25.253
ip dhcp excluded-address 192.168.26.253
ip dhcp excluded-address 192.168.27.253
ip dhcp excluded-address 192.168.28.253
ip dhcp excluded-address 192.168.29.253
ip dhcp excluded-address 192.168.30.253
ip dhcp excluded-address 192.168.31.253
ip dhcp excluded-address 192.168.32.253
ip dhcp excluded-address 192.168.33.253
ip dhcp excluded-address 192.168.34.253
ip dhcp excluded-address 192.168.35.253
ip dhcp excluded-address 192.168.36.253
ip dhcp excluded-address 192.168.37.253
ip dhcp excluded-address 192.168.39.253
ip dhcp excluded-address 192.168.38.253
!
ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN11
network 192.168.11.0 255.255.255.0
default-router 192.168.11.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN12
network 192.168.12.0 255.255.255.0
default-router 192.168.12.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN13
network 192.168.13.0 255.255.255.0
dns-server 172.168.2.5 172.168.2.6
default-router 192.168.13.254
domain-name aol.com
lease 0 12
!
ip dhcp pool VLAN15
network 192.168.15.0 255.255.255.0
default-router 192.168.15.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN16
network 192.168.16.0 255.255.255.0
default-router 192.168.16.254
domain-name aol.com
option 150 ip 192.168.102.1
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN17
network 192.168.17.0 255.255.255.0
default-router 192.168.17.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN18
network 192.168.18.0 255.255.255.0
default-router 192.168.18.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN19
network 192.168.19.0 255.255.255.0
default-router 192.168.19.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN21
network 192.168.21.0 255.255.255.0
default-router 192.168.21.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN22
network 192.168.22.0 255.255.255.0
default-router 192.168.22.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN23
network 192.168.23.0 255.255.255.0
default-router 192.168.23.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN24
network 192.168.24.0 255.255.255.0
default-router 192.168.24.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN25
network 192.168.25.0 255.255.255.0
default-router 192.168.25.254
domain-name aol.com
option 150 ip 192.168.102.1
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN26
network 192.168.26.0 255.255.255.0
default-router 192.168.26.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN27
network 192.168.27.0 255.255.255.0
default-router 192.168.27.254
domain-name aol.com
option 150 ip 192.168.102.1
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN28
network 192.168.28.0 255.255.255.0
default-router 192.168.28.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN29
network 192.168.29.0 255.255.255.0
default-router 192.168.29.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
netbios-name-server 172.168.2.5
lease 0 12
!
ip dhcp pool VLAN30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN31
network 192.168.31.0 255.255.255.0
default-router 192.168.31.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN32
network 192.168.32.0 255.255.255.0
default-router 192.168.32.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN33
network 192.168.33.0 255.255.255.0
default-router 192.168.33.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN34
network 192.168.34.0 255.255.255.0
default-router 192.168.34.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN14
network 192.168.14.0 255.255.255.0
default-router 192.168.14.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN35
network 192.168.35.0 255.255.255.0
default-router 192.168.35.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN50
network 192.168.50.0 255.255.255.0
default-router 192.168.50.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN56
network 192.168.56.0 255.255.255.0
default-router 192.168.56.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN57
network 192.168.57.0 255.255.255.0
default-router 192.168.57.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN58
network 192.168.58.0 255.255.255.0
default-router 192.168.58.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN59
network 192.168.59.0 255.255.255.0
default-router 192.168.59.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN60
network 192.168.60.0 255.255.255.0
default-router 192.168.60.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN61
network 192.168.61.0 255.255.255.0
default-router 192.168.61.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN62
network 192.168.62.0 255.255.255.0
default-router 192.168.62.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN63
network 192.168.63.0 255.255.255.0
default-router 192.168.63.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN64
network 192.168.64.0 255.255.255.0
default-router 192.168.64.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN65
network 192.168.65.0 255.255.255.0
default-router 192.168.65.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN66
network 192.168.66.0 255.255.255.0
default-router 192.168.66.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN67
network 192.168.67.0 255.255.255.0
default-router 192.168.67.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN68
network 192.168.68.0 255.255.255.0
default-router 192.168.68.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN70
network 192.168.70.0 255.255.255.0
default-router 192.168.70.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN71
network 192.168.71.0 255.255.255.0
default-router 192.168.71.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN72
network 192.168.72.0 255.255.255.0
default-router 192.168.72.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN73
network 192.168.73.0 255.255.255.0
default-router 192.168.73.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN74
network 192.168.74.0 255.255.255.0
default-router 192.168.74.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool VLAN75
network 192.168.75.0 255.255.255.0
default-router 192.168.75.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool valn36
network 192.168.36.0 255.255.255.0
default-router 192.168.36.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
netbios-name-server 172.168.2.5
lease 0 12
!
ip dhcp pool vlan37
network 192.168.37.0 255.255.255.0
default-router 192.168.37.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
netbios-name-server 172.168.2.5
lease 0 12
!
ip dhcp pool valn38
network 192.168.38.0 255.255.255.0
default-router 192.168.38.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
netbios-name-server 172.168.2.5
lease 0 12
!
ip dhcp pool vlan39
network 192.168.39.0 255.255.255.0
default-router 192.168.39.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
netbios-name-server 172.168.2.5
lease 0 12
!
ip dhcp pool vlan76
network 192.168.76.0 255.255.255.0
default-router 192.168.76.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool vlan77
network 192.168.77.0 255.255.255.0
default-router 192.168.77.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool vlan78
network 192.168.78.0 255.255.255.0
default-router 192.168.78.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip dhcp pool vlan79
network 192.168.79.0 255.255.255.0
default-router 192.168.79.254
domain-name aol.com
dns-server 172.168.2.5 172.168.2.6
lease 0 12
!
ip domain-name aol.com
ip name-server 172.168.2.5
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
!
!
!
!
!
!
!
!
redundancy
notification-timer 8000
mode sso
main-cpu
auto-sync running-config
!
spanning-tree mode rapid-pvst
spanning-tree vlan 1,10-35,50-75,100-103 priority 8192
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
fabric buffer-reserve queue
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
!
!
!
interface GigabitEthernet1/1
description GDFLR_WEST_SW01 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/2
description 1STFLR_WEST_SW01 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/3
description GDFLR_EAST_SW01 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/4
description 1STFLR_EAST_SW01 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/5
description CHEM_ST_SW01 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/6
description LAB_BLDG_SW01 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/7
description DEMI_DESAL_RM_SW01 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/8
description MCB_ELECT_RM_SW01 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/9
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/10
description GDFLR_WEST_SW01 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/11
description 1STFLR_WEST_SW01 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/12
description GDFLR_EAST_SW02 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/13
description 1STFLR_EAST_SW01 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/14
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/15
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/16
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/17
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/18
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/19
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/20
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/21
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/22
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/23
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet1/24
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/1
description GDFLR_WEST_SW02 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/2
description 1STFLR_WEST_SW02 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/3
description GDFLR_EAST_SW01 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/4
description 1STFLR_EAST_SW02 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/5
description LAB_BLDG_SW02 Gig 0/4
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/6
description LAB_BLDG_SW02 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/7
description WWT_RM_SW01 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/8
description SIH_01_SW01 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/9
description MCB_ELECT_RM_SW03 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/10
description GDFLR_WEST_SW02 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/11
description 1STFLR_WEST_SW02 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/12
description GDFLR_EAST_SW02 Gig 0/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/13
description 1STFLR_EAST_SW02 Gig 0/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/14
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/15
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/16
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/17
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/18
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/19
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/20
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/21
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/22
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/23
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet2/24
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet3/1
description LAN NMS server Port # 1, 172.168.2.200
switchport
switchport access vlan 3
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/2
description *** Connected to Firewall-1 ***
switchport
switchport access vlan 5
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/3
description CTI / Voice Mail - Port 1
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/4
description LMS -Port # 1
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/5
description Voice Recording Server - Port 1
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/6
description NorAlert - LAN # 1
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/7
description PABX # 1 MGC - Port 2T
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/8
description ACS Main Server - Port 1/2, 192.168.106.100
switchport
switchport access vlan 103
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/9
description PABX # 2 Card 7 - Port # 1
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/10
description PABX # 3 MGT - Port 2T
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/11
description RADIO - Radio to Telephone (Admin), Vlan 8
switchport
switchport mode access
no ip address
speed 100
duplex half
spanning-tree portfast
!
interface GigabitEthernet3/12
description PAGING/PA - Paging to Telephone (Admin), Vlan 7, 192.168.7.1
switchport
switchport access vlan 7
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/13
description Call Pilot - CLAN
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/14
description description Paging Cabinet (Admin) - NMS, 192.168.7.102, Speed 10mbps
switchport
switchport access vlan 7
switchport mode access
no ip address
speed 10
duplex full
spanning-tree portfast
!
interface GigabitEthernet3/15
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/16
description Fiber Optics Converter
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/17
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/18
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/19
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/20
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/21
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/22
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/23
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/24
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/25
description **** IPS module on Leased Line ****
switchport
switchport access vlan 120
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/26
switchport
switchport access vlan 120
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/27
description **** IPS module on ADSL Connection ****
switchport
switchport access vlan 120
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/28
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/29
switchport
switchport access vlan 3
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/30
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/31
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/32
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/33
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/34
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/35
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/36
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/37
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/38
switchport
switchport access vlan 130
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/39
switchport
switchport access vlan 130
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/40
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/41
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/42
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/43
switchport
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/44
description Wireless Internet
switchport
switchport access vlan 250
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/45
switchport
switchport access vlan 130
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/46
switchport
switchport access vlan 250
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/47
description AOL Proxy Server - Internal
switchport
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface GigabitEthernet3/48
description AOL Proxy Server - External (For Fw NAT)
switchport
switchport access vlan 254
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/1
description LAN NMS server Port # 2, 172.168.2.200
switchport
switchport access vlan 3
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/2
description *** Connected to ASA-Firewall-2 ****
switchport
switchport access vlan 5
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/3
description Call Accounting - Port # 2
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/4
description LMS -Port # 2
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/5
description Voice Recorder - Port # 2 (SPAN Port)
no ip address
!
interface GigabitEthernet4/6
description PABX # 2 SS Card - Port TLAN
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/7
description PABX # 2 Card 8 - Port # 1
switchport
switchport access vlan 101
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/8
description ACS Main Server - Port # 2
switchport
switchport access vlan 18
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/9
description ACS NC 1, 192.168.106.1
switchport
switchport access vlan 103
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/10
description ACS NC 2, 192.168.106.2
switchport
switchport access vlan 103
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/11
description ACS NC 3, 192.168.106.3
switchport
switchport access vlan 103
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/12
description ACS NC 4, 192.168.106.4
switchport
switchport access vlan 103
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/13
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet4/14
description Connected to MARS on NIC 1
switchport
switchport access vlan 40
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/15
description LAN NMS server, 172.168.2.200
switchport
switchport access vlan 8
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/16
description Connected to CAM NIC 1 ETH 0
switchport
switchport access vlan 41
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/17
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/18
description CAS trusted Interface ETH 0 NIC 1
switchport
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 10-39,42
no ip address
!
interface GigabitEthernet4/19
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/20
description CAS Untrusted Interface ETH 1 NIC 2
switchport
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 998
switchport trunk allowed vlan 410-439
no ip address
shutdown
!
interface GigabitEthernet4/21
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/22
switchport
switchport access vlan 29
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/23
description *** TEST PC for VLAN 24 <-> VLAN 429
switchport
switchport access vlan 429
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/24
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet4/25
switchport
switchport access vlan 500
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/26
switchport
switchport access vlan 250
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/27
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/28
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/29
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/30
switchport
switchport access vlan 130
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/31
switchport
switchport mode access
no ip address
!
interface GigabitEthernet4/32
switchport
switchport access vlan 429
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/33
switchport
switchport access vlan 20
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/34
switchport
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/35
switchport
switchport access vlan 20
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/36
switchport
switchport access vlan 34
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/37
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/38
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/39
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/40
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/41
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/42
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/43
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/44
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/45
switchport
switchport access vlan 2
switchport mode access
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/46
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface GigabitEthernet4/47
switchport
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface GigabitEthernet4/48
description AOL Switch, 192.168.1.2
switchport
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface GigabitEthernet5/1
no ip address
shutdown
!
interface GigabitEthernet5/2
no ip address
shutdown
!
interface GigabitEthernet6/1
no ip address
shutdown
!
interface GigabitEthernet6/2
no ip address
shutdown
!
interface Vlan1
description Network Eq Management
ip address 192.168.1.254 255.255.255.0
!
interface Vlan2
description Data Server Segment 2 - Internal
ip address 172.168.2.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan3
description NMS Segment
ip address 172.168.3.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan5
description *** Firewall Inside Interface ***
ip address 192.168.5.1 255.255.255.0
!
interface Vlan7
description Vlan for Paging to Telephone Interconnection - Static IP
ip address 192.168.7.254 255.255.255.0
!
interface Vlan8
description Vlan for Radio to Telephone Interconnection, LDT - Static IP (Shut down, No Routing need)
ip address 192.168.8.254 255.255.255.0
shutdown
!
interface Vlan10
description Ground Flr West Side
ip address 192.168.10.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan11
description Ground Flr East Side
ip address 192.168.11.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan12
description 1 Flr West Side
ip address 192.168.12.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan13
description 1 Flr East Side
ip address 192.168.13.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan14
description MCB ELECT ROOM
ip address 192.168.14.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan15
description Laboratory
ip address 192.168.15.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan16
description Hazard Mat. WHSE
ip address 192.168.16.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan17
description CHEMICAL STORE BUILDING
ip address 192.168.17.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan18
description GATEHOUSE
ip address 192.168.18.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan19
description WWT ROOM
ip address 192.168.19.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan20
description SIH-01
ip address 192.168.20.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan21
description SIH-02
ip address 192.168.21.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan22
description SIH-03
ip address 192.168.22.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan23
description MAIN S/S
ip address 192.168.23.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan24
description S/S-01
ip address 192.168.24.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan25
description S/S-02
ip address 192.168.25.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan26
description UTILITY S/S
ip address 192.168.26.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan27
description DEMI & DESAL
ip address 192.168.27.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan28
description PROCESS GATEHOUSE
ip address 192.168.28.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan29
description gdrflr_west_02
ip address 192.168.29.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan30
description gdrflr_east_02
ip address 192.168.30.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan31
description 1stflr_west_02
ip address 192.168.31.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan32
description 1stflr_east_02
ip address 192.168.32.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan33
description mcb_02
ip address 192.168.33.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan34
description lab_02
ip address 192.168.34.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan35
description mcb_03
ip address 192.168.35.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan36
description Fire Station
ip address 192.168.36.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan37
description WS1
ip address 192.168.37.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan38
description WS2
ip address 192.168.38.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan39
description WH
ip address 192.168.39.254 255.255.255.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan40
description MARS Management
ip address 192.168.40.254 255.255.255.0
!
interface Vlan41
description NAC-MGR
ip address 192.168.41.254 255.255.255.0
!
interface Vlan42
description NAC-SRV
ip address 192.168.42.254 255.255.255.0
!
interface Vlan50
description voice Ground Flr West Sides
ip address 192.168.50.254 255.255.255.0
!
interface Vlan51
description voice Ground Flr East Side
ip address 192.168.51.254 255.255.255.0
!
interface Vlan52
description voice 1 Flr West
ip address 192.168.52.254 255.255.255.0
!
interface Vlan53
description voice 1 Flr East Side
ip address 192.168.53.254 255.255.255.0
!
interface Vlan54
description voice MCB ELECT ROOM
ip address 192.168.54.254 255.255.255.0
!
interface Vlan55
description voice Laboratory
ip address 192.168.55.254 255.255.255.0
!
interface Vlan56
description voice Hazard Mat. WHSE
ip address 192.168.56.254 255.255.255.0
!
interface Vlan57
description voice CHEMICAL STORE BUILDING
ip address 192.168.57.254 255.255.255.0
!
interface Vlan58
description voice GATEHOUSE
ip address 192.168.58.254 255.255.255.0
!
interface Vlan59
description voice WWT ROOM
ip address 192.168.59.254 255.255.255.0
!
interface Vlan60
description voice SIH-01
ip address 192.168.60.254 255.255.255.0
!
interface Vlan61
description voice SIH-02
ip address 192.168.61.254 255.255.255.0
!
interface Vlan62
description voice SIH-03
ip address 192.168.62.254 255.255.255.0
!
interface Vlan63
description voice MAIN S/S
ip address 192.168.63.254 255.255.255.0
!
interface Vlan64
description voice S/S-01
ip address 192.168.64.254 255.255.255.0
!
interface Vlan65
description voice S/S-02
ip address 192.168.65.254 255.255.255.0
!
interface Vlan66
description voice UTILITY S/S
ip address 192.168.66.254 255.255.255.0
!
interface Vlan67
description voice DEMI & DESAL
ip address 192.168.67.254 255.255.255.0
!
interface Vlan68
description voice PROCESS GATEWAY
ip address 192.168.68.254 255.255.255.0
!
interface Vlan69
description voice grd west 02
ip address 192.168.69.254 255.255.255.0
!
interface Vlan70
description voice grd east 02
ip address 192.168.70.254 255.255.255.0
!
interface Vlan71
description voice 1st west 02
ip address 192.168.71.254 255.255.255.0
!
interface Vlan72
description voice 1st east 02
ip address 192.168.72.254 255.255.255.0
!
interface Vlan73
description voice mcb 02
ip address 192.168.73.254 255.255.255.0
!
interface Vlan74
description voice lab 02
ip address 192.168.74.254 255.255.255.0
!
interface Vlan75
description voice mcb 03
ip address 192.168.75.254 255.255.255.0
!
interface Vlan76
description Voice FS
ip address 192.168.76.254 255.255.255.0
shutdown
!
interface Vlan77
description Voice WS1
ip address 192.168.77.254 255.255.255.0
shutdown
!
interface Vlan78
description Voice WS2
ip address 192.168.78.254 255.255.255.0
shutdown
!
interface Vlan79
description Voice WH
ip address 192.168.79.254 255.255.255.0
shutdown
!
interface Vlan100
description Data Server Segment
ip address 192.168.100.254 255.255.254.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan101
description Voice Server Segment
ip address 192.168.102.254 255.255.254.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan102
description Voice Server Segment 2
ip address 192.168.104.254 255.255.254.0
ip helper-address 172.168.2.5
ip helper-address 172.168.2.6
!
interface Vlan103
description access control segment
ip address 192.168.106.254 255.255.254.0
!
interface Vlan120
description ***** IPS Mgmt VLAN *****
ip address 192.168.120.254 255.255.255.0
!
interface Vlan254
description Data Server Segment 2 - External (For Fw NAT)
no ip address
!
interface Vlan300
description AOL PIMS
ip address 10.10.10.1 255.0.0.0
!
interface Vlan600
no ip address
!
router eigrp 100
network 192.168.120.0
network 192.168.0.0 0.0.255.255
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.5.2
ip route 10.0.0.0 255.0.0.0 10.10.10.254
!
no ip http server
!
logging trap alerts
logging source-interface Vlan1
logging 172.168.2.200
logging 172.168.2.220
access-list 23 permit 85.154.243.112 0.0.0.7
!
snmp-server community ArOmAtIcS RO
snmp-server community ArOmAtIcSAOL RW
snmp-server trap-source Vlan1
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps chassis
snmp-server enable traps module
snmp-server enable traps transceiver all
snmp-server enable traps casa
snmp-server enable traps tty
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps bgp
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps dlsw
snmp-server enable traps event-manager
snmp-server enable traps frame-relay
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps MAC-Notification move threshold
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps rf
snmp-server enable traps rtr
snmp-server enable traps slb real virtual csrp
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps flex-links status
snmp-server enable traps sonet
snmp-server enable traps dial
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps rsvp
snmp-server enable traps csg agent quota database
snmp-server enable traps srp
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd swbus
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps port-security
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls ldp
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps alarms
snmp-server enable traps vlan-mac-limit
snmp-server enable traps voice poor-qov
snmp-server enable traps mpls vpn
snmp-server host 172.168.2.220 ArOmAtIcS
!
!
control-plane
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 0 0
password 7 06271D71414F1D100604405B5D54
login
line vty 0 4
password 7 072E331C43080D0C1401595C557A
login local
line vty 5 15
login local
!
!
monitor session 1 destination interface Gi4/5
monitor session 1 source remote vlan 200
scheduler runtime netinput 300
ntp source Vlan1
ntp master 3
ntp update-calendar
no cns aaa enable
end
04-14-2011 06:15 AM
Troubleshooting DHCP would be my first effort here. To ensure your untrusted traffic is passing through the CAS run a tcpdump on your untrusted interface and watch for traffic generated by your client. Also make sure you don't have a Layer 3 (SVI) for your untrusted network. You can also check /var/log/dhcplog for DHCP handshake. Also remember that the CAS reads the 802.1q tag for the AUTH VLAN to hand out IP addresses, so make sure that is correct on the switch port. Is the DHCP VLAN trunked to the TRUSTED side of the CAS? And lastly, make sure your VLAN mapping is correctly set up.
HTH, a bit.
04-14-2011 06:45 AM
On CAS, i posted early also that,
On CAS ETH1 i kept my port shut with ifconfig eth1 down whole time and made it ifconfig eth1 up once CAS and CAM were connected thru trusted side.
Whoel config with PORT Description is there, i posted that also.
DHCP is all configured in the core switch and i am testing on the same core switch.
I have eg. a real/access vlan = 29 = 192.168.29.x/24
and i mapped it to auth/untrusted vlan = 429 (no svi for it )
In CAM , i have defined VLAN MAP to 429 <--> 29 and defined a manged subnet also 192.168.29.253 ( provided exclusion in switch for it , plz see config) ,
and restarted both cam and cam a few times YET ASME PROBLEM... no traffic is passing thRU CAS !!!!
CAM = 4/16
CAS TRUSTED = 4/18
CAS UNTRUSTED = 4/20
TEST MACHINE = 4 /23
Plz c my switch config.
Srikath is good and he might figure it out for me.
I have licensed CAM already and i am sure CAS will not work and connect if it is NOT licensed also , if i am right.
CAM CAS are running CentOS 4.8 NAC release !
My test machien works fine , once i put it in real vlan 29 and stops getting IP thru DHCP once i put it up on 429 ????
04-14-2011 06:54 AM
So did you try tcpdump to see if you have any traffic hitting the untrusted interface? Or look in the DHCP log?
04-14-2011 07:32 AM
hey philip,
instead of tcpdump i did the below :
[root@cas ~]# cd /proc/click/intern_arpq/
[root@cas intern_arpq]# more table
[root@cas intern_arpq]#
[root@cas ~]# cd /proc/click/real_routing_table/
[root@cas real_routing_table]# more table
192.168.42.1/32 - 0 0
192.168.42.254/32 - 1 0
192.168.42.0/24 - 2 0
0.0.0.0/0 192.168.42.254 1 0
192.168.10.0/24 192.168.10.254 1 8
192.168.11.0/24 192.168.11.254 1 8
192.168.12.0/24 192.168.12.254 1 8
192.168.13.0/24 192.168.13.254 1 8
192.168.14.0/24 192.168.14.254 1 8
192.168.15.0/24 192.168.15.254 1 8
192.168.16.0/24 192.168.16.254 1 8
192.168.17.0/24 192.168.17.254 1 8
192.168.18.0/24 192.168.18.254 1 8
192.168.19.0/24 192.168.19.254 1 8
192.168.20.0/24 192.168.20.254 1 8
192.168.21.0/24 192.168.21.254 1 8
192.168.22.0/24 192.168.22.254 1 8
192.168.23.0/24 192.168.23.254 1 8
192.168.24.0/24 192.168.24.254 1 8
192.168.25.0/24 192.168.25.254 1 8
192.168.26.0/24 192.168.26.254 1 8
192.168.27.0/24 192.168.27.254 1 8
192.168.28.0/24 192.168.28.254 1 8
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide