Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1386
Views
5
Helpful
9
Replies

3850 to isp

Muhammad.nabeelch
Level 1
Level 1

‎11-13-2021 03:23 PM

Hi everyone. I am facing a problem. I want to connect my 3850 to service provider through upe which is installed in our location through fiber. 3850 will also connect to aruba controller. The service provider has given us a customer ip and gateway in /31 subnet and vlan 3092. I configure the port on my 3850 switch connected to isp under same vlan 3092 and also  configure interface vlan 3092 with the customer ip. The i add default gateway and add a static route too. But i am unable to ping gateway and internet. Can anyone please tell if some more configuration is needed. I shall be thankful.

0 Helpful
9 Replies 9

Georg Pauwen
VIP
VIP

‎11-13-2021 03:32 PM

Hello 

 

post the running configuration of your 3850...

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-13-2021 03:59 PM 

 I configure the port on my 3850 switch connected to isp under same vlan 3092 and also  configure interface vlan 3092 with the customer ip. The i add default gateway and add a static route too.

Have you created VLAN 3902, Make sure the interface that is connected to Provider should belong to VLAN 3902,

 

You do not require a default gateway, you need  to add ip route (and ip routing enable)

 

But i am unable to ping gateway and internet. Can anyone please tell if some more configuration is needed. I shall be thankful

Are you trying to switch or what device was not working on?

 

It would be nice you have your config here and more details i have asked to help better.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Muhammad.nabeelch
Level 1
Level 1
In response to balaji.bandi

‎11-13-2021 11:11 PM

circuit details.

customer ip 37.224.127.5/31
mask 255.255.255.254

gateway 37.224.127.4/31

vlan 3912

 


hostname T-2CoreSw
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!

aaa new-model
!
!
!
!
!
!
!
!
aaa session-id common
switch 1 provision ws-c3850-24p
!
!
!
!
ip routing
!
ip name-server 84.235.6.55 84.235.57.230
ip domain name saudi.net.sa
ip dhcp excluded-address 172.20.0.1 172.20.0.10
ip dhcp excluded-address 10.10.100.1 10.10.100.20
!
ip dhcp pool AP
network 10.10.100.0 255.255.255.0
default-router 10.10.100.1
option 43 ip 10.10.100.5
option 60 ascii "ArubaAP"
dns-server 208.67.222.222 208.67.220.220
!
ip dhcp pool ROYAL
network 172.20.0.0 255.255.248.0
default-router 172.20.0.5
dns-server 208.67.222.222 208.67.220.220
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1896273491
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1896273491
revocation-check none
rsakeypair TP-self-signed-1896273491
!
!
crypto pki certificate chain TP-self-signed-1896273491
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383936 32373334 3931301E 170D3138 31313135 31343139
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38393632
37333439 31308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100CB16 B5629E15 92955BCD 3B2DE0A4 6FB4E1A3 7BD62ED1 0D1A9A2D
0B443A24 10B91F7D 2DC3F9FE 5CCCE5D9 BEEF2DC8 575B220B 053FC0CF FB922737
DAF42873 0B332E03 104F4653 39E57166 5AD8C89B FD9C8860 48EBFBB2 F777B863
F6DC5BC5 AADB5677 2B1BC82D 15A70DF9 E340454E 8AA1D4DF 6FF3659E 7694A3B1
E245C9BB 29FADAA4 A0406495 C4B7A26A 1262F2C1 21D8E4F3 39FE8E7C 4AC87860
AF1F938F C7464F03 8EEF25FC 85B4E4F4 FEA07E03 F274CAC0 13948381 383988E8
137C450E 8BC6595F 60ADCBEA CDE954DE 49F0DC40 5F047C58 704EDE2B FECDDD0B
77EB5FBD ABE464A1 7A19F048 0984345A BBCF6E36 950F2C4E EBBF4CD3 1AEE2B1A
5FC30283 598F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 144981FB DD1135D7 F54D611E 0AD45D29 15B79413
BD301D06 03551D0E 04160414 4981FBDD 1135D7F5 4D611E0A D45D2915 B79413BD
300D0609 2A864886 F70D0101 05050003 82010100 614164CE 6650FA15 ECB0F234
B83D0A74 7F3D67B2 AEC313B0 3A42491E AFE9AAEA 38465363 D95BBC92 046241F4
A15604CE 219FA671 7610F10D F4028142 D3D228AC EC5F2354 988C1BAF 56DFFAA9
E7619A5B F52CD192 E1267CA5 9780CDCC 875BD2FA 9FB4889E 242E7288 EC9C1D34
A4390F9F 350CFF4E 35FD2517 0591AD18 B86A1AE4 8DEC2932 8FACC04F DF1FC341
7494FF73 91C2D843 1204B98D 7B1B7DD3 5CFB7781 13CBF7BD A865B5B2 50930A0F
568B2385 1D60645F BBF71E14 7C521A66 D70A803C DA3C3520 0FF439DD CDD04053
DDD1B5A4 1B5BB49B 58A2B0AA 49B22B2F E4408BCA 302FFE08 E127D200 B245EB1E
243D4379 050877E0 1232B4EB 49333414 5882F284
quit
!
!
!
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
username admin privilege 15 password 0 P@ssw0rd
!
redundancy
mode sso
!
!
vlan 3909,3912
lldp run
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description DHCP Snooping, EWLC control, EWCL data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-system-critical
description System Critical
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/16
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/17
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/19
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/20
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/21
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/22
switchport access vlan 100
switchport mode access
power inline static
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport access vlan 3912
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 3909
switchport mode access
!
interface GigabitEthernet1/1/1
description Internet Circuit
switchport access vlan 3912
switchport mode access
!
interface GigabitEthernet1/1/2
switchport access vlan 3909
switchport mode access
!
interface GigabitEthernet1/1/3
switchport mode trunk
!
interface GigabitEthernet1/1/4
switchport mode trunk
!
interface TenGigabitEthernet1/1/1
switchport mode access
!
interface TenGigabitEthernet1/1/2
switchport mode trunk
!
interface TenGigabitEthernet1/1/3
switchport mode trunk
!
interface TenGigabitEthernet1/1/4
switchport mode trunk
!
interface Vlan1
ip address 192.168.105.21 255.255.255.0
shutdown
!
interface Vlan5
ip address dhcp
!
interface Vlan100
description >>MGMT<<
ip address 10.10.100.1 255.255.255.0
!
interface Vlan200
ip address 172.20.0.1 255.255.248.0
!
interface Vlan3912
description Internet Circuit
ip address 37.224.127.5 255.255.255.0
!
ip default-gateway 37.224.127.4
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface Vlan1
ip route 0.0.0.0 0.0.0.0 172.18.99.1
ip route 0.0.0.0 0.0.0.0 192.168.105.1
ip route 0.0.0.0 0.0.0.0 93.112.110.16
ip route 0.0.0.0 0.0.0.0 37.224.127.4
!
!
!
!
!
!
!
control-plane
service-policy input system-cpp-policy

 

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to Muhammad.nabeelch

‎11-14-2021 01:22 PM

Hello,

 

the most you can accomplish is to ping the Internet from the switch. The switch does not do any network address translation, so none of the clients attached to the switch will be able to reach the Internet. 

 

In order to achieve the switch pinging the Internet, take all ip routes and the ip default gateway out and just leave the one route marked in bold:

 

hostname T-2CoreSw
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
aaa new-model
!
aaa session-id common
switch 1 provision ws-c3850-24p
!
ip routing
!
ip name-server 84.235.6.55 84.235.57.230
ip domain name saudi.net.sa
ip dhcp excluded-address 172.20.0.1 172.20.0.10
ip dhcp excluded-address 10.10.100.1 10.10.100.20
!
ip dhcp pool AP
network 10.10.100.0 255.255.255.0
default-router 10.10.100.1
option 43 ip 10.10.100.5
option 60 ascii "ArubaAP"
dns-server 208.67.222.222 208.67.220.220
!
ip dhcp pool ROYAL
network 172.20.0.0 255.255.248.0
default-router 172.20.0.5
dns-server 208.67.222.222 208.67.220.220
!
crypto pki trustpoint TP-self-signed-1896273491
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1896273491
revocation-check none
rsakeypair TP-self-signed-1896273491
!
crypto pki certificate chain TP-self-signed-1896273491
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383936 32373334 3931301E 170D3138 31313135 31343139
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38393632
37333439 31308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100CB16 B5629E15 92955BCD 3B2DE0A4 6FB4E1A3 7BD62ED1 0D1A9A2D
0B443A24 10B91F7D 2DC3F9FE 5CCCE5D9 BEEF2DC8 575B220B 053FC0CF FB922737
DAF42873 0B332E03 104F4653 39E57166 5AD8C89B FD9C8860 48EBFBB2 F777B863
F6DC5BC5 AADB5677 2B1BC82D 15A70DF9 E340454E 8AA1D4DF 6FF3659E 7694A3B1
E245C9BB 29FADAA4 A0406495 C4B7A26A 1262F2C1 21D8E4F3 39FE8E7C 4AC87860
AF1F938F C7464F03 8EEF25FC 85B4E4F4 FEA07E03 F274CAC0 13948381 383988E8
137C450E 8BC6595F 60ADCBEA CDE954DE 49F0DC40 5F047C58 704EDE2B FECDDD0B
77EB5FBD ABE464A1 7A19F048 0984345A BBCF6E36 950F2C4E EBBF4CD3 1AEE2B1A
5FC30283 598F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 144981FB DD1135D7 F54D611E 0AD45D29 15B79413
BD301D06 03551D0E 04160414 4981FBDD 1135D7F5 4D611E0A D45D2915 B79413BD
300D0609 2A864886 F70D0101 05050003 82010100 614164CE 6650FA15 ECB0F234
B83D0A74 7F3D67B2 AEC313B0 3A42491E AFE9AAEA 38465363 D95BBC92 046241F4
A15604CE 219FA671 7610F10D F4028142 D3D228AC EC5F2354 988C1BAF 56DFFAA9
E7619A5B F52CD192 E1267CA5 9780CDCC 875BD2FA 9FB4889E 242E7288 EC9C1D34
A4390F9F 350CFF4E 35FD2517 0591AD18 B86A1AE4 8DEC2932 8FACC04F DF1FC341
7494FF73 91C2D843 1204B98D 7B1B7DD3 5CFB7781 13CBF7BD A865B5B2 50930A0F
568B2385 1D60645F BBF71E14 7C521A66 D70A803C DA3C3520 0FF439DD CDD04053
DDD1B5A4 1B5BB49B 58A2B0AA 49B22B2F E4408BCA 302FFE08 E127D200 B245EB1E
243D4379 050877E0 1232B4EB 49333414 5882F284
quit
!
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
username admin privilege 15 password 0 P@ssw0rd
!
redundancy
mode sso
!
vlan 3909,3912
lldp run
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description DHCP Snooping, EWLC control, EWCL data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-system-critical
description System Critical
!
policy-map system-cpp-policy
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/16
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/17
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/19
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/20
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/21
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/22
switchport access vlan 100
switchport mode access
power inline static
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport access vlan 3912
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 3909
switchport mode access
!
interface GigabitEthernet1/1/1
description Internet Circuit
switchport access vlan 3912
switchport mode access
!
interface GigabitEthernet1/1/2
switchport access vlan 3909
switchport mode access
!
interface GigabitEthernet1/1/3
switchport mode trunk
!
interface GigabitEthernet1/1/4
switchport mode trunk
!
interface TenGigabitEthernet1/1/1
switchport mode access
!
interface TenGigabitEthernet1/1/2
switchport mode trunk
!
interface TenGigabitEthernet1/1/3
switchport mode trunk
!
interface TenGigabitEthernet1/1/4
switchport mode trunk
!
interface Vlan1
ip address 192.168.105.21 255.255.255.0
shutdown
!
interface Vlan5
ip address dhcp
!
interface Vlan100
description >>MGMT<<
ip address 10.10.100.1 255.255.255.0
!
interface Vlan200
ip address 172.20.0.1 255.255.248.0
!
interface Vlan3912
description Internet Circuit
ip address 37.224.127.5 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface Vlan1
--> ip route 0.0.0.0 0.0.0.0 37.224.127.4
!
control-plane
service-policy input system-cpp-policy

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Muhammad.nabeelch

‎11-14-2021 03:52 PM

I see a couple of issues here which is not clear in the config and also provider requirement.

 

1. Does your switch does the NAT ?  - I do not see any config.

2.  config seems to be odd, we need to remove it as per below to get connectivity.

 

 

interface Vlan3912
description Internet Circuit
ip address 37.224.127.5 255.255.255.0  
!
no ip default-gateway 37.224.127.4
no ip route 0.0.0.0 0.0.0.0 172.18.99.1
no ip route 0.0.0.0 0.0.0.0 192.168.105.1
no ip route 0.0.0.0 0.0.0.0 93.112.110.16
ip route 0.0.0.0 0.0.0.0 37.224.127.4

 

Testings

 

From switch try to ping 37.224.127.4  - is this works ?

 

If that works so you have connectivity with a provider, then you make a decision, you can extend that VLAN to any other device which can perform NAT or you like to 3850 do NAT ? ( as  per my experience switch does not do NAT) so you need another device to do this NAT.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Muhammad.nabeelch
Level 1
Level 1
In response to balaji.bandi

‎11-23-2021 07:18 PM

Thanks for your reply. Issue was resolved after isp removed vlan.

Nat is performed in peplink load balancer.

 

0 Helpful

Muhammad.nabeelch
Level 1
Level 1
In response to balaji.bandi

‎11-14-2021 12:20 AM


hostname T-2CoreSw
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!

aaa new-model
!
!
!
!
!
!
!
!
aaa session-id common
switch 1 provision ws-c3850-24p
!
!
!
!
ip routing
!
ip name-server 84.235.6.55 84.235.57.230
ip domain name saudi.net.sa
ip dhcp excluded-address 172.20.0.1 172.20.0.10
ip dhcp excluded-address 10.10.100.1 10.10.100.20
!
ip dhcp pool AP
network 10.10.100.0 255.255.255.0
default-router 10.10.100.1
option 43 ip 10.10.100.5
option 60 ascii "ArubaAP"
dns-server 208.67.222.222 208.67.220.220
!
ip dhcp pool ROYAL
network 172.20.0.0 255.255.248.0
default-router 172.20.0.5
dns-server 208.67.222.222 208.67.220.220
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1896273491
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1896273491
revocation-check none
rsakeypair TP-self-signed-1896273491
!
!
crypto pki certificate chain TP-self-signed-1896273491
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383936 32373334 3931301E 170D3138 31313135 31343139
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38393632
37333439 31308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100CB16 B5629E15 92955BCD 3B2DE0A4 6FB4E1A3 7BD62ED1 0D1A9A2D
0B443A24 10B91F7D 2DC3F9FE 5CCCE5D9 BEEF2DC8 575B220B 053FC0CF FB922737
DAF42873 0B332E03 104F4653 39E57166 5AD8C89B FD9C8860 48EBFBB2 F777B863
F6DC5BC5 AADB5677 2B1BC82D 15A70DF9 E340454E 8AA1D4DF 6FF3659E 7694A3B1
E245C9BB 29FADAA4 A0406495 C4B7A26A 1262F2C1 21D8E4F3 39FE8E7C 4AC87860
AF1F938F C7464F03 8EEF25FC 85B4E4F4 FEA07E03 F274CAC0 13948381 383988E8
137C450E 8BC6595F 60ADCBEA CDE954DE 49F0DC40 5F047C58 704EDE2B FECDDD0B
77EB5FBD ABE464A1 7A19F048 0984345A BBCF6E36 950F2C4E EBBF4CD3 1AEE2B1A
5FC30283 598F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 144981FB DD1135D7 F54D611E 0AD45D29 15B79413
BD301D06 03551D0E 04160414 4981FBDD 1135D7F5 4D611E0A D45D2915 B79413BD
300D0609 2A864886 F70D0101 05050003 82010100 614164CE 6650FA15 ECB0F234
B83D0A74 7F3D67B2 AEC313B0 3A42491E AFE9AAEA 38465363 D95BBC92 046241F4
A15604CE 219FA671 7610F10D F4028142 D3D228AC EC5F2354 988C1BAF 56DFFAA9
E7619A5B F52CD192 E1267CA5 9780CDCC 875BD2FA 9FB4889E 242E7288 EC9C1D34
A4390F9F 350CFF4E 35FD2517 0591AD18 B86A1AE4 8DEC2932 8FACC04F DF1FC341
7494FF73 91C2D843 1204B98D 7B1B7DD3 5CFB7781 13CBF7BD A865B5B2 50930A0F
568B2385 1D60645F BBF71E14 7C521A66 D70A803C DA3C3520 0FF439DD CDD04053
DDD1B5A4 1B5BB49B 58A2B0AA 49B22B2F E4408BCA 302FFE08 E127D200 B245EB1E
243D4379 050877E0 1232B4EB 49333414 5882F284
quit
!
!
!
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
username admin privilege 15 password 0 P@ssw0rd
!
redundancy
mode sso
!
!
vlan 3909,3912
lldp run
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description DHCP Snooping, EWLC control, EWCL data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-system-critical
description System Critical
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/16
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/17
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/19
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/20
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/21
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/22
switchport access vlan 100
switchport mode access
power inline static
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport access vlan 3912
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 3909
switchport mode access
!
interface GigabitEthernet1/1/1
description Internet Circuit
switchport access vlan 3912
switchport mode access
!
interface GigabitEthernet1/1/2
switchport access vlan 3909
switchport mode access
!
interface GigabitEthernet1/1/3
switchport mode trunk
!
interface GigabitEthernet1/1/4
switchport mode trunk
!
interface TenGigabitEthernet1/1/1
switchport mode access
!
interface TenGigabitEthernet1/1/2
switchport mode trunk
!
interface TenGigabitEthernet1/1/3
switchport mode trunk
!
interface TenGigabitEthernet1/1/4
switchport mode trunk
!
interface Vlan1
ip address 192.168.105.21 255.255.255.0
shutdown
!
interface Vlan5
ip address dhcp
!
interface Vlan100
description >>MGMT<<
ip address 10.10.100.1 255.255.255.0
!
interface Vlan200
ip address 172.20.0.1 255.255.248.0
!
interface Vlan3912
description Internet Circuit
ip address 37.224.127.5 255.255.255.0
!
ip default-gateway 37.224.127.4
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface Vlan1
ip route 0.0.0.0 0.0.0.0 172.18.99.1
ip route 0.0.0.0 0.0.0.0 192.168.105.1
ip route 0.0.0.0 0.0.0.0 93.112.110.16
ip route 0.0.0.0 0.0.0.0 37.224.127.4
!
!
!
!
!
!
!
control-plane
service-policy input system-cpp-policy

 

 

0 Helpful

Muhammad.nabeelch
Level 1
Level 1

‎11-13-2021 10:36 PM

Hi, below is the configuration. information received from ISP

customer IP : 37.224.127.5/31

mask 255.255.255.254

gateway ip : 37.224.127.4 /31
vlan 3912

 


hostname T-2CoreSw
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!

!
aaa new-model
!
!
!
!
!
!
!
!
aaa session-id common
switch 1 provision ws-c3850-24p
!
!
!
!
ip routing
!
ip name-server 84.235.6.55 84.235.57.230
ip domain name saudi.net.sa
ip dhcp excluded-address 172.20.0.1 172.20.0.10
ip dhcp excluded-address 10.10.100.1 10.10.100.20
!
ip dhcp pool AP
network 10.10.100.0 255.255.255.0
default-router 10.10.100.1
option 43 ip 10.10.100.5
option 60 ascii "ArubaAP"
dns-server 208.67.222.222 208.67.220.220
!
ip dhcp pool ROYAL
network 172.20.0.0 255.255.248.0
default-router 172.20.0.5
dns-server 208.67.222.222 208.67.220.220
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1896273491
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1896273491
revocation-check none
rsakeypair TP-self-signed-1896273491
!
!
crypto pki certificate chain TP-self-signed-1896273491
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383936 32373334 3931301E 170D3138 31313135 31343139
34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38393632
37333439 31308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100CB16 B5629E15 92955BCD 3B2DE0A4 6FB4E1A3 7BD62ED1 0D1A9A2D
0B443A24 10B91F7D 2DC3F9FE 5CCCE5D9 BEEF2DC8 575B220B 053FC0CF FB922737
DAF42873 0B332E03 104F4653 39E57166 5AD8C89B FD9C8860 48EBFBB2 F777B863
F6DC5BC5 AADB5677 2B1BC82D 15A70DF9 E340454E 8AA1D4DF 6FF3659E 7694A3B1
E245C9BB 29FADAA4 A0406495 C4B7A26A 1262F2C1 21D8E4F3 39FE8E7C 4AC87860
AF1F938F C7464F03 8EEF25FC 85B4E4F4 FEA07E03 F274CAC0 13948381 383988E8
137C450E 8BC6595F 60ADCBEA CDE954DE 49F0DC40 5F047C58 704EDE2B FECDDD0B
77EB5FBD ABE464A1 7A19F048 0984345A BBCF6E36 950F2C4E EBBF4CD3 1AEE2B1A
5FC30283 598F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 144981FB DD1135D7 F54D611E 0AD45D29 15B79413
BD301D06 03551D0E 04160414 4981FBDD 1135D7F5 4D611E0A D45D2915 B79413BD
300D0609 2A864886 F70D0101 05050003 82010100 614164CE 6650FA15 ECB0F234
B83D0A74 7F3D67B2 AEC313B0 3A42491E AFE9AAEA 38465363 D95BBC92 046241F4
A15604CE 219FA671 7610F10D F4028142 D3D228AC EC5F2354 988C1BAF 56DFFAA9
E7619A5B F52CD192 E1267CA5 9780CDCC 875BD2FA 9FB4889E 242E7288 EC9C1D34
A4390F9F 350CFF4E 35FD2517 0591AD18 B86A1AE4 8DEC2932 8FACC04F DF1FC341
7494FF73 91C2D843 1204B98D 7B1B7DD3 5CFB7781 13CBF7BD A865B5B2 50930A0F
568B2385 1D60645F BBF71E14 7C521A66 D70A803C DA3C3520 0FF439DD CDD04053
DDD1B5A4 1B5BB49B 58A2B0AA 49B22B2F E4408BCA 302FFE08 E127D200 B245EB1E
243D4379 050877E0 1232B4EB 49333414 5882F284
quit
!
!
!
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
username admin privilege 15 password 0 P@ssw0rd
!
redundancy
mode sso
!
!
vlan 3909,3912
lldp run
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description DHCP Snooping, EWLC control, EWCL data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-system-critical
description System Critical
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport access vlan 5
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/16
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/17
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/19
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/20
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/21
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/22
switchport access vlan 100
switchport mode access
power inline static
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport access vlan 3912
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 3909
switchport mode access
!
interface GigabitEthernet1/1/1
description Internet Circuit
switchport access vlan 3912
switchport mode access
!
interface GigabitEthernet1/1/2
switchport access vlan 3909
switchport mode access
!
interface GigabitEthernet1/1/3
switchport mode trunk
!
interface GigabitEthernet1/1/4
switchport mode trunk
!
interface TenGigabitEthernet1/1/1
switchport mode access
!
interface TenGigabitEthernet1/1/2
switchport mode trunk
!
interface TenGigabitEthernet1/1/3
switchport mode trunk
!
interface TenGigabitEthernet1/1/4
switchport mode trunk
!
interface Vlan1
ip address 192.168.105.21 255.255.255.0
shutdown
!
interface Vlan5
ip address dhcp
!
interface Vlan100
description >>MGMT<<
ip address 10.10.100.1 255.255.255.0
!
interface Vlan200
ip address 172.20.0.1 255.255.248.0
!
interface Vlan3912
description Internet Circuit
ip address 37.224.127.5 255.255.255.0
!
ip default-gateway 37.224.127.4
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface Vlan1
ip route 0.0.0.0 0.0.0.0 172.18.99.1
ip route 0.0.0.0 0.0.0.0 192.168.105.1
ip route 0.0.0.0 0.0.0.0 93.112.110.16
ip route 0.0.0.0 0.0.0.0 37.224.127.4
!
!
!
!
!
!
!
control-plane
service-policy input system-cpp-policy
!

0 Helpful

paul driver
VIP
VIP

‎11-23-2021 11:43 PM - edited ‎11-23-2021 11:45 PM

Hello
you have multiple default routes that are not required just a siingle one would be applicable pointing to your isp nexthop

Also the 3850 switch does not support Network Address Translation-(NAT) so your internal lan won’t be able to connect to the internet without it

You will need to add a rtr to your switch for NAT


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card