Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1733
Views
0
Helpful
26
Replies

EIGRP will only route to VLAN1 on 4507

Go to solution
thunder_denton
Level 1
Level 1

‎02-13-2019 08:29 AM

I am setting up Layer 3 switches (3560s) at our remote sites to allow me to use EIGRP and MPLS to add an additional route back to corporate (currently using ASA VPN Tunnels).

 

From at 4507r+e at corporate on VLAN1, I can reach any computer on any of the VLANs I have setup as Network (and visa versa)....  But ONLY VLAN1 at corporate. 

Maybe my version is not correct?  Version 03.09.01.E  I have downloaded the latest version, but I hesitate to do the upgrade if not needed.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎02-14-2019 06:56 AM

I do not know why 10.100.10.0 is not advertised to the core (and that would impact access to anything on the core from that subnet). But I have identified the main reason why the remote can only access vlan 1 of the core. Other than the connected subnet of 10.10.5.0 the core advertises 3 subnets to the remote. It advertises 192.168.100.0 which is vlan 1 and that works. It advertises 192.168.0.0 which is vlan 100 and it does not work. It advertises 172.16.103.0 which is vlan 903 and it does not work. The two vlans that do not work have configured Policy Based Routing. The normal route to get to the Remote is to use connected 10.10.5.2 but the PBR over rides the normal routing and set ip next-hop to a different IP and that prevents traffic from those vlans returning to the remote. 

 

The solution for this issue is to revise the ACL used by PBR for those subnets and make the ACL deny traffic from the core subnets to the remote subnets. This will allow normal routing to take place and the remote will be able to access those subnets.

 

HTH

 

Rick

HTH

Rick

View solution in original post

0 Helpful
26 Replies 26

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎02-13-2019 08:36 AM

We do not know nearly enough about your environment and about how you have implemented EIGRP to be able to answer your question. Let us know more detail and we try to understand it.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎02-13-2019 08:54 AM

Dear,
Please provide more detail about your doubt or issue.

Could you post ouput from:
show ip route eigrp
show ip interfaces
show running-config
show ip eigrp interfaces
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
thunder_denton
Level 1
Level 1
In response to Jaderson Pessoa

‎02-13-2019 10:03 AM

This is the corporate side...



address-family ipv6

exit-address-family

!

no logging console

enable secret 4 q1pjUDv7NfMntmdGfrq75jZkci9c7OylfYvP7HX9beE

enable password 7 055C0B0E33555A010B0012564A

!

username tharris privilege 15 password 7 0800484A000A551943

username rhapsody privilege 15 password 7 1545060D16333F2C3A3630

username thunder privilege 15 password 7 064557721F6A1C1D00

username mikep privilege 15 password 7 073F2D4D401D1C5247

username mplante privilege 15 secret 5 $1$bpUx$AA74dp/6IGMrFTVvKeXlZ/

aaa new-model



CoreSwitch4507#how ip eigrp interfaces

^

% Invalid input detected at '^' marker.



CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#

CoreSwitch4507#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR



Gateway of last resort is 192.168.0.253 to network 0.0.0.0



10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

D 10.10.10.0/24 [90/3072] via 10.10.5.2, 03:33:02, GigabitEthernet7/14

CoreSwitch4507#show ip interfaces

^

% Invalid input detected at '^' marker.



CoreSwitch4507#show running-config

Building configuration...



Current configuration : 43763 bytes

!

! Last configuration change at 09:52:44 CST Wed Feb 13 2019 by thunder

! NVRAM config last updated at 09:52:46 CST Wed Feb 13 2019 by thunder

!

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

service compress-config

!

hostname CoreSwitch4507

!

boot-start-marker

boot system flash bootflash:cat4500es8-universalk9.SPA.03.09.01.E.152-5.E1.bin

license boot level entservices

boot-end-marker

!

!

vrf definition mgmtVrf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

no logging console

enable secret 4 q1pjUDv7NfMntmdGfrq75jZkci9c7OylfYvP7HX9beE

enable password 7 055C0B0E33555A010B0012564A

!

username tharris privilege 15 password 7 0800484A000A551943

username rhapsody privilege 15 password 7 1545060D16333F2C3A3630

username thunder privilege 15 password 7 064557721F6A1C1D00

username mikep privilege 15 password 7 073F2D4D401D1C5247

username mplante privilege 15 secret 5 $1$bpUx$AA74dp/6IGMrFTVvKeXlZ/



CoreSwitch4507#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR



Gateway of last resort is 192.168.0.253 to network 0.0.0.0



10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

D 10.10.10.0/24 [90/3072] via 10.10.5.2, 03:33:20, GigabitEthernet7/14





CoreSwitch4507#show ip interface GigabitEthernet7/14

GigabitEthernet7/14 is up, line protocol is up

Internet address is 10.10.5.1/24

Broadcast address is 255.255.255.255

Address determined by setup command

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Multicast reserved groups joined: 224.0.0.10

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is enabled

IP Flow switching is disabled

IP CEF switching is enabled

IP CEF switching turbo vector

IP Null turbo vector

IP multicast fast switching is enabled

IP multicast distributed fast switching is disabled

IP route-cache flags are Fast, CEF

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Probe proxy name replies are disabled

Policy routing is disabled

Network address translation is disabled

BGP Policy Mapping is disabled

Input features: MCI Check

IPv4 WCCP Redirect outbound is disabled

IPv4 WCCP Redirect inbound is disabled

IPv4 WCCP Redirect exclude is disabled

CoreSwitch4507#

CoreSwitch4507#show ip eigrp interfaces

EIGRP-IPv4 Interfaces for AS(7)

Xmit Queue PeerQ Mean Pacing Time Multicast Pending

Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes

Gi7/14 1 0/0 0/0 4 0/0 50 0

CoreSwitch4507#show running-config

Building configuration...



Current configuration : 43763 bytes

!

! Last configuration change at 09:52:44 CST Wed Feb 13 2019 by thunder

! NVRAM config last updated at 09:52:46 CST Wed Feb 13 2019 by thunder

!

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

service compress-config

!

hostname CoreSwitch4507

!

boot-start-marker

boot system flash bootflash:cat4500es8-universalk9.SPA.03.09.01.E.152-5.E1.bin

license boot level entservices

boot-end-marker

!

!

vrf definition mgmtVrf

!

address-family ipv4

exit-address-family

!

address-family ipv6

exit-address-family

!

no logging console

enable secret 4 q1pjUDv7NfMntmdGfrq75jZkci9c7OylfYvP7HX9beE

enable password 7 055C0B0E33555A010B0012564A

!

username tharris privilege 15 password 7 0800484A000A551943

username rhapsody privilege 15 password 7 1545060D16333F2C3A3630

username thunder privilege 15 password 7 064557721F6A1C1D00

username mikep privilege 15 password 7 073F2D4D401D1C5247

username mplante privilege 15 secret 5 $1$bpUx$AA74dp/6IGMrFTVvKeXlZ/

aaa new-model

!

!

aaa authentication fail-message ^CCCC

You have entered either incorrect user name or password! Please try again.^C

aaa authentication username-prompt "Enter Username: "

aaa authentication login UserList local

!

!

!

!

!

!

aaa session-id common

clock timezone CST -6 0

clock summer-time DST recurring 2 Sun Mar 2:00 2 Sun Nov 2:00

hw-module module 7 mode 1

!

!

!

!

!

!

!

!

!

!

!

ip domain-list lonestar.local

ip domain-lookup source-interface Vlan1

ip domain-name lonestar.local

ip name-server 192.168.0.170

ip name-server 192.168.0.160

ip dhcp-server 172.16.102.1

!

ip dhcp pool Guest_Wireless

network 172.16.102.0 255.255.255.0

default-router 172.16.102.253

domain-name Lonestar.public

dns-server 4.2.2.2 4.2.2.3

!

!

vtp mode transparent

!

!

crypto pki trustpoint TP-self-signed-2039194

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2039194

revocation-check none

rsakeypair TP-self-signed-2039194

!

!

crypto pki certificate chain TP-self-signed-2039194

certificate self-signed 01

30820225 3082018E A0030201 02020101 300D0609 2A864886 F70D0101 05050030

2E312C30 2A060355 04031323 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 32303339 31393430 1E170D31 37303131 39323035 3631375A

170D3230 30313031 30303030 30305A30 2E312C30 2A060355 04031323 494F532D

53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32303339 31393430

819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 CCDB33A8

F2805831 A56EEAEF 4F7B1FC9 2C54BC45 707C151D 80BD04AD 08B205E4 63E1E5D0

FDA74E32 315AD880 6ADB03F3 F914B3DB 6F835AED 565C5E0F 719CB164 15EC2FB6

B99BB6DB DBB4A3C5 CA9294CE F70C010C 279E8FCE 9DADB329 9B9FB123 1899F035

F3E4B4ED 0B9D0D44 16FA3FF4 4F711B2F 4F53D2C2 496BC2A1 B3F2C86D 02030100

01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 23041830

16801482 F4D9F9C7 7A8F0AFE A5F2873D 9C8A5791 BF979130 1D060355 1D0E0416

041482F4 D9F9C77A 8F0AFEA5 F2873D9C 8A5791BF 9791300D 06092A86 4886F70D

01010505 00038181 004F71CC 1089F1FF D88B261F D6353B08 E6E52049 9C41AC34

FD986064 E4ECADE1 0FF993BF 324678FC B0E0452A 10AAAAAC DB10D3BF EB147814

C5DAA9A3 0CDF0DCE 2FB20F67 FBB27E29 AC71A0C9 5E94F356 1367A273 1591CDC5

E45382BC 7A3B16CA 92D5735B CD84ADA2 B594980C 3394C033 88608F35 5084E344

01957C8A 6CB82749 6E

quit

power redundancy-mode redundant

archive

log config

record rc

logging enable

logging size 1000

path ftp://192.168.0.101/CoreSwitch4507.txt

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

exception coredump

!

redundancy

mode rpr

main-cpu

auto-sync standard

!

!

vlan 10

name IDF B PhonesComputers

!

vlan 12

name LonestarWireless

!

vlan 15

name SAN2

!

vlan 20

name SAN1

!

vlan 60

name P2P_Spring

!

vlan 100

name ServersDistribLayer

!

vlan 200

name CiscoWAPsPADs

!

vlan 201

name Security

!

vlan 202

name HVAC

!

vlan 901

name IDF A PhonesComputers

!

vlan 902

name Guest_Wireless

!

vlan 903

name 2nd_Floor

!

vlan 909

name LonestarCellPhones

!

!

!

!

!

!

!

!

!

!

bridge irb

!

!

!

!

!

!

interface Port-channel1

description Port Channel Link to IDF B

switchport

switchport trunk allowed vlan 10,12,100,200,201,901-903,909

switchport mode trunk

!

interface Port-channel2

description Port Channel Link to IDFA

switchport

switchport access vlan 12

switchport trunk allowed vlan 10,12,100,200,201,901-903,909

switchport mode trunk

!

interface Port-channel8

description Port Channel link to Lonestar-Core

switchport

switchport mode trunk

!

interface FastEthernet1

vrf forwarding mgmtVrf

no ip address

speed auto

duplex auto

!

interface GigabitEthernet1/1

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/2

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/3

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/4

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/5

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/6

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/7

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/8

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/9

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/10

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/11

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/12

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet1/13

description Managment Port on SANs

switchport access vlan 20

switchport mode access

spanning-tree portfast edge

!

interface GigabitEthernet1/14

description Managment Port on SANS

switchport access vlan 20

switchport mode access

spanning-tree portfast edge

!

interface GigabitEthernet1/15

description P2P going to Spring Clinic

switchport access vlan 60

switchport mode access

!

interface GigabitEthernet1/16

description LSFMWAP15

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast edge trunk

!

interface GigabitEthernet1/17

description LSFMWAP16

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast edge trunk

!

interface GigabitEthernet1/18

description WAP

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast edge trunk

!

interface GigabitEthernet1/19

description WAP

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast edge trunk

!

interface GigabitEthernet1/20

description Patch Pannel D040

switchport access vlan 10

!

interface GigabitEthernet1/21

description Director of Busness Development

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet1/22

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/23

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/24

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/25

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/26

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/27

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/28

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/29

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/30

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/31

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/32

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/33

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/34

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/35

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/36

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/37

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/38

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/39

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/40

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/41

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/42

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/43

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/44

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/45

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/46

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/47

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet1/48

description Printer on VLAN903

switchport access vlan 903

!

interface GigabitEthernet2/1

description Port Channel Link To IDF A

switchport access vlan 12

switchport trunk allowed vlan 10,12,100,200,201,901-903,909

switchport mode trunk

speed 1000

duplex full

no cdp enable

channel-group 2 mode active

spanning-tree portfast edge trunk

!

interface GigabitEthernet2/2

description Port Channel Link 2 To IDF A

switchport access vlan 12

switchport trunk allowed vlan 10,12,100,200,201,901-903,909

switchport mode trunk

speed 1000

duplex full

channel-group 2 mode active

spanning-tree portfast edge trunk

!

interface GigabitEthernet2/3

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet2/4

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet2/5

description Internet TVs

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet2/6

description Internet TVs

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet2/7

description Internet TVs

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet2/8

description Internet TVs

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet2/9

description Internet TVs

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet2/10

description Internet TVs

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet2/11

description Internet TVs

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet2/12

description Internet TVs

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet2/13

description Going to Netgear Switch

switchport access vlan 201

speed 1000

!

interface GigabitEthernet2/14

description Avaya IP Office Control Unit port 1 on back

switchport access vlan 10

!

interface GigabitEthernet2/15

description POE Netgear G5728TP Switch for Phones

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/16

description wap

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast edge trunk

!

interface GigabitEthernet2/17

description wap

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast edge trunk

!

interface GigabitEthernet2/18

description WAP

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast edge trunk

!

interface GigabitEthernet2/19

description WAP

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast edge trunk

!

interface GigabitEthernet2/20

description PDU-A

switchport access vlan 10

!

interface GigabitEthernet2/21

description PDU-A

switchport access vlan 10

!

interface GigabitEthernet2/22

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/23

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/24

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/25

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/26

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/27

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/28

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/29

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/30

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/31

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/32

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/33

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/34

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/35

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/36

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/37

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/38

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/39

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/40

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/41

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/42

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/43

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/44

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/45

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/46

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/47

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet2/48

description Printer on VLAN903

switchport access vlan 903

!

interface TenGigabitEthernet3/1

description Port Channel FDDI to IDF B Dell Stack

switchport access vlan 100

switchport trunk allowed vlan 10,12,100,200,201,902,909

switchport mode trunk

no cdp enable

!

interface TenGigabitEthernet3/2

description Port Channel FDDI to IDF A Dell Stack

switchport access vlan 100

switchport trunk allowed vlan 10,12,100,200,201,901,902,909

switchport mode trunk

no cdp enable

!

interface TenGigabitEthernet3/3

!

interface TenGigabitEthernet3/4

!

interface TenGigabitEthernet3/5

!

interface TenGigabitEthernet3/6

!

interface TenGigabitEthernet3/7

!

interface TenGigabitEthernet3/8

!

interface GigabitEthernet6/1

switchport access vlan 100

!

interface GigabitEthernet6/2

description ASA 5510 port 5 NewASA

switchport trunk allowed vlan 10,12,100,200-202,901-903,909

switchport mode trunk

speed 1000

duplex full

spanning-tree portfast edge trunk

!

interface GigabitEthernet6/3

description ASA 5510 port 0 NewASA

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet6/4

description 10GB SW01 oob

switchport access vlan 100

!

interface GigabitEthernet6/5

description 10GB SW01 oob

switchport access vlan 100

!

interface GigabitEthernet6/6

switchport access vlan 100

!

interface GigabitEthernet6/7

switchport access vlan 100

!

interface GigabitEthernet6/8

switchport access vlan 100

!

interface GigabitEthernet6/9

switchport access vlan 100

!

interface GigabitEthernet6/10

switchport access vlan 100

!

interface GigabitEthernet6/11

description Netgear N300 Switch for Pheresia

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/12

switchport access vlan 100

!

interface GigabitEthernet6/13

switchport access vlan 100

!

interface GigabitEthernet6/14

switchport access vlan 100

!

interface GigabitEthernet6/15

description B; Connected to Master Cisco AP B+

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903,909

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/16

description B; Connected to Master Cisco AP B+

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903,909

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/17

description B; Connected to Slave Cisco AP B+

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903,909

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/18

description B; Connected to Slave Cisco AP B+

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903,909

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/19

switchport access vlan 100

!

interface GigabitEthernet6/20

description B; Connected to Slave Cisco AP B+

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903,909

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/21

description B; Connected to Slave Cisco AP B+

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903,909

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/22

description B; Connected to Slave Cisco AP B+

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903,909

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/23

description B; Connected to Slave Cisco AP B+

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903,909

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/24

description B; Connected to Slave Cisco AP B+

switchport trunk allowed vlan 1,10,12,15,20,100,200-202,901-903,909

switchport trunk native vlan 200

switchport mode trunk

!

interface GigabitEthernet6/25

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/26

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/27

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/28

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/29

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/30

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/31

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/32

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/33

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/34

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/35

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/36

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/37

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/38

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/39

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/40

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/41

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/42

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/43

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/44

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/45

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/46

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/47

switchport access vlan 903

switchport mode access

!

interface GigabitEthernet6/48

description Printer on VLAN903

switchport access vlan 903

!

interface TenGigabitEthernet7/1

description LSFMS-HOST1 LAN On Board Port2

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/2

description LSFMS-HOST1 VM1 On Board Port3

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/3

description LSMFS-HOST2 LAN On Board Port2

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/4

description LSMFS-HOST2 VM1 On Board Port3

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/5

description LSMFS-HOST3 LAN 2nd 10Gig Port 1

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/6

description LSMFS-HOST3 VM1 On Board Port3

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/7

description LSFMS-BACKUP LAN1 PORT1

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/8

description LSFMS-BACKUP LAN2 PORT2

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/9

description LSMFS-HOST4 LAN 2nd 10Gig Port 1

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/10

description LSMFS-HOST4 VM1 On Board Port3

switchport access vlan 100

switchport mode access

!

interface TenGigabitEthernet7/11

!

interface TenGigabitEthernet7/12

!

interface GigabitEthernet7/13

description LSFMS-DR-HOST NIC

switchport access vlan 100

switchport trunk allowed vlan 10,12,15,20,100,199,901,909

switchport mode access

speed 1000

duplex full

!

interface GigabitEthernet7/14

description P2P going to Hospital port 5

no switchport

ip address 10.10.5.1 255.255.255.0

!

interface GigabitEthernet7/15

!

interface GigabitEthernet7/16

description IDF B Dell POE Managment

switchport access vlan 100

switchport trunk allowed vlan 10,12,100,200,201,901,909

switchport mode trunk

speed 1000

duplex full

!

interface GigabitEthernet7/17

description LSFMS-Access

switchport access vlan 100

switchport trunk allowed vlan 10,12,15,20,100,199,201,901,909

switchport mode access

speed 1000

duplex full

!

interface GigabitEthernet7/18

no switchport

no ip address

duplex full

!

interface GigabitEthernet7/19

description Fax Server

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet7/20

description Phone Controller

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet7/21

description New EPS Pharmacy Server

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet7/22

description LFSMS-Backup iDrac

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet7/23

description LFSMS-HOST1 iDrac

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet7/24

description LFSMS-HOST2 iDrac

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet7/25

description LFSMS-HOST3 iDrac

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet7/26

description LFSMS-HOST4 iDrac

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet7/27

description Test of VLAN 1

switchport mode access

!

interface GigabitEthernet7/28

!

interface GigabitEthernet7/29

!

interface GigabitEthernet7/30

switchport access vlan 100

!

interface GigabitEthernet7/31

switchport access vlan 100

!

interface GigabitEthernet7/32

switchport access vlan 100

!

interface GigabitEthernet7/33

switchport access vlan 100

!

interface GigabitEthernet7/34

switchport access vlan 100

!

interface GigabitEthernet7/35

switchport access vlan 100

!

interface GigabitEthernet7/36

switchport access vlan 100

!

interface GigabitEthernet7/37

description PACS

switchport access vlan 100

switchport mode access

speed 1000

duplex full

spanning-tree portfast edge

!

interface GigabitEthernet7/38

switchport access vlan 100

!

interface GigabitEthernet7/39

switchport access vlan 100

!

interface GigabitEthernet7/40

switchport access vlan 100

!

interface GigabitEthernet7/41

switchport access vlan 100

!

interface GigabitEthernet7/42

switchport access vlan 100

!

interface GigabitEthernet7/43

switchport access vlan 100

!

interface GigabitEthernet7/44

switchport access vlan 100

!

interface GigabitEthernet7/45

switchport access vlan 100

!

interface GigabitEthernet7/46

description TEMPORARY

switchport access vlan 10

!

interface GigabitEthernet7/47

switchport access vlan 100

!

interface GigabitEthernet7/48

description Printer on VLAN903

switchport access vlan 903

!

interface Vlan1

ip address 192.168.100.1 255.255.255.0

ip policy route-map PolicyRoute_Distro

!

interface Vlan10

ip address 192.168.10.1 255.255.255.0

ip broadcast-address 192.168.10.255

ip helper-address 192.168.0.50

ip policy route-map PolicyRoute_Access

!

interface Vlan11

description No Content Filter Restrictions

ip address 192.168.11.1 255.255.255.0

shutdown

!

interface Vlan12

ip address 192.168.12.1 255.255.255.0

ip broadcast-address 192.168.12.255

ip helper-address 192.168.0.50

ip policy route-map PolicyRoute_Access2

!

interface Vlan15

description SAN2 iSCSI Access

ip address 192.168.15.1 255.255.255.0

!

interface Vlan20

description SAN1 iSCSI Access

ip address 192.168.20.1 255.255.255.0

ip broadcast-address 192.168.20.255

ip policy route-map PolicyRoute_SANMgmt

!

interface Vlan100

ip address 192.168.0.1 255.255.255.0

ip helper-address 192.168.0.101

ip policy route-map PolicyRoute_Distro

!

interface Vlan200

ip address 192.168.200.1 255.255.255.0

ip broadcast-address 192.168.200.255

ip helper-address 192.168.0.50

ip policy route-map PolicyRoute_Wireless

!

interface Vlan201

ip address 192.168.201.1 255.255.255.0

ip policy route-map PolicyRoute_Security

!

interface Vlan202

description HVAC And Environmental Controls Network

ip address 192.168.202.1 255.255.255.0

ip policy route-map PolicyRoute_Environment

!

interface Vlan901

description IDF A Workstations

ip address 172.16.100.1 255.255.255.0

ip broadcast-address 172.16.100.255

ip helper-address 192.168.0.170

ip policy route-map PolicyRoute_901

!

interface Vlan902

description Guest Wireless Network

ip address 172.16.102.1 255.255.255.0

ip broadcast-address 172.16.102.255

ip helper-address 172.16.102.1

ip policy route-map PolicyRoute_902

!

interface Vlan903

description 2nd_Floor_VLAN

ip address 172.16.103.1 255.255.255.0

ip broadcast-address 172.16.103.255

ip helper-address 192.168.0.170

ip policy route-map PolicyRoute_903

!

interface Vlan909

description Lonestar Cell Phones

ip address 172.16.90.1 255.255.255.0

ip broadcast-address 172.16.90.255

ip helper-address 192.168.0.170

ip policy route-map PolicyRoute_909

!

!

router eigrp 7

network 10.10.5.0 0.0.0.255

network 172.16.103.0 0.0.0.255

network 192.168.0.0

network 192.168.100.0

passive-interface Vlan1

passive-interface Vlan100

passive-interface Vlan903

!

ip forward-protocol nd

ip forward-protocol spanning-tree

ip http server

ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.0.253

ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr

ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr

!

ip access-list extended PolicyRoute_1

deny ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.40.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.99.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.101.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.201.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.202.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.254.0 0.0.0.255 log

permit ip 192.168.0.0 0.0.0.255 any

deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_10

deny ip 192.168.10.0 0.0.0.255 172.16.90.0 0.0.0.255

deny ip 192.168.10.0 0.0.0.255 172.16.100.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 172.16.101.0 0.0.0.255

deny ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.10.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.40.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.99.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.200.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.254.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.201.0 0.0.0.255 log

deny ip 192.168.10.0 0.0.0.255 192.168.202.0 0.0.0.255 log

permit ip any any

deny ip 192.168.10.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_100

deny ip 192.168.0.0 0.0.0.255 172.16.90.0 0.0.0.255

deny ip 192.168.0.0 0.0.0.255 172.16.100.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 172.16.101.0 0.0.0.255

deny ip 192.168.0.0 0.0.0.255 172.16.103.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.15.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.40.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.99.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.100.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.254.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.101.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.200.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.201.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 192.168.202.0 0.0.0.255 log

permit ip 192.168.0.0 0.0.0.255 any

deny ip 192.168.0.0 0.0.0.255 192.168.12.0 0.0.0.255 log

deny ip 192.168.0.0 0.0.0.255 172.16.102.0 0.0.0.255

deny ip 192.168.0.0 0.0.0.255 10.10.5.0 0.0.0.255

deny ip 192.168.0.0 0.0.0.255 10.100.10.0 0.0.0.255

ip access-list extended PolicyRoute_12

deny ip 192.168.12.0 0.0.0.255 172.16.90.0 0.0.0.255

deny ip 192.168.12.0 0.0.0.255 172.16.100.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.0.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 172.16.101.0 0.0.0.255

deny ip 192.168.12.0 0.0.0.255 192.168.1.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.12.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.20.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.30.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.40.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.99.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.100.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.200.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.254.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.201.0 0.0.0.255 log

deny ip 192.168.12.0 0.0.0.255 192.168.202.0 0.0.0.255 log

permit ip any any

deny ip 192.168.12.0 0.0.0.255 192.168.10.0 0.0.0.255 log

ip access-list extended PolicyRoute_15

deny ip 192.168.15.0 0.0.0.255 192.168.0.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.1.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.10.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.15.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.20.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.30.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.40.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.99.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.100.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.101.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.200.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.201.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.202.0 0.0.0.255 log

deny ip 192.168.15.0 0.0.0.255 192.168.254.0 0.0.0.255 log

permit ip 192.168.15.0 0.0.0.255 any

deny ip 192.168.15.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_20

deny ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.1.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.40.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.50.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.99.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.100.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.200.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.201.0 0.0.0.255 log

deny ip 192.168.20.0 0.0.0.255 192.168.202.0 0.0.0.255 log

permit ip any any

deny ip 192.168.20.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_200

deny ip 192.168.200.0 0.0.0.255 172.16.100.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.0.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 172.16.101.0 0.0.0.255

deny ip 192.168.200.0 0.0.0.255 192.168.1.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.10.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.20.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.30.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.40.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.99.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.200.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.201.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.202.0 0.0.0.255 log

deny ip 192.168.200.0 0.0.0.255 192.168.254.0 0.0.0.255 log

permit ip any any

deny ip 192.168.200.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_201

deny ip 192.168.201.0 0.0.0.255 192.168.0.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.1.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.10.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.20.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.30.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.40.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.99.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.100.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.101.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.200.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.201.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.202.0 0.0.0.255 log

deny ip 192.168.201.0 0.0.0.255 192.168.254.0 0.0.0.255 log

permit ip 192.168.201.0 0.0.0.255 any

deny ip 192.168.201.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_202

deny ip 192.168.202.0 0.0.0.255 192.168.0.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.1.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.10.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.20.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.30.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.40.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.99.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.100.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.101.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.200.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.201.0 0.0.0.255 log

deny ip 192.168.202.0 0.0.0.255 192.168.202.0 0.0.0.255 log

permit ip 192.168.202.0 0.0.0.255 any

deny ip 192.168.202.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_901

deny ip 172.16.100.0 0.0.0.255 172.16.100.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 172.16.101.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.0.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.10.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.15.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.20.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.30.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.40.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.99.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.100.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.254.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.101.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.200.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.201.0 0.0.0.255

deny ip 172.16.100.0 0.0.0.255 192.168.202.0 0.0.0.255

permit ip 172.16.100.0 0.0.0.255 any

deny ip 172.16.100.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_902

deny ip 172.16.102.0 0.0.0.255 172.16.100.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 172.16.101.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 172.16.102.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.0.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.10.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.15.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.20.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.30.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.40.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.99.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.100.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.254.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.101.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.200.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.201.0 0.0.0.255

deny ip 172.16.102.0 0.0.0.255 192.168.202.0 0.0.0.255

permit ip 172.16.102.0 0.0.0.255 any

deny ip 172.16.102.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_903

deny ip 172.16.103.0 0.0.0.255 192.168.0.0 0.0.0.255

deny ip 172.16.103.0 0.0.0.255 192.168.10.0 0.0.0.255

deny ip 172.16.103.0 0.0.0.255 192.168.200.0 0.0.0.255

deny ip 172.16.103.0 0.0.0.255 172.16.90.0 0.0.0.255

deny ip 172.16.103.0 0.0.0.255 172.16.100.0 0.0.0.255

permit ip 172.16.103.0 0.0.0.255 any

deny ip 172.16.103.0 0.0.0.255 192.168.12.0 0.0.0.255 log

ip access-list extended PolicyRoute_909

deny ip 172.16.90.0 0.0.0.255 172.16.90.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 172.16.101.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.0.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.10.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.15.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.20.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.30.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.40.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.99.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.100.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.254.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.101.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.200.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.201.0 0.0.0.255

deny ip 172.16.90.0 0.0.0.255 192.168.202.0 0.0.0.255

permit ip 172.16.90.0 0.0.0.255 any

deny ip 172.16.90.0 0.0.0.255 192.168.12.0 0.0.0.255 log

!

logging trap errors

logging host 192.168.0.101

access-list 23 permit 24.28.23.243 log

access-list 23 permit 192.168.0.0 0.0.255.255 log

access-list 23 permit 172.16.0.0 0.0.255.255 log

access-list 23 deny any log

access-list 101 deny ip any 170.146.0.0 0.0.255.255 log

access-list 101 permit ip any any

access-list 102 deny ip any 170.146.0.0 0.0.255.255 log

access-list 102 permit ip any any

access-list 199 deny tcp host 192.168.0.99 eq www any log

access-list 199 deny tcp any eq www host 192.168.0.99 log

access-list 199 deny tcp 192.168.0.0 0.0.0.255 eq 443 any log

access-list 199 permit ip any any

!

route-map PolicyRoute_Access permit 100

match ip address PolicyRoute_10

set ip next-hop 192.168.10.253

!

route-map PolicyRoute_Wireless permit 10

match ip address PolicyRoute_200

set ip next-hop 192.168.200.253

!

route-map PolicyRoute_Security permit 201

match ip address PolicyRoute_201

set ip next-hop 192.168.201.253

!

route-map PolicyRoute_Distro permit 20

match ip address PolicyRoute_100

set ip next-hop 192.168.0.253

!

route-map PolicyRoute_909 permit 909

match ip address PolicyRoute_909

set ip next-hop 172.16.90.253

!

route-map PolicyRoute_100 permit 100

match ip address PolicyRoute_100

set ip next-hop 192.168.100.253

!

route-map PolicyRoute_903 permit 903

match ip address PolicyRoute_903

set ip next-hop 172.16.103.253

!

route-map PolicyRoute_902 permit 902

match ip address PolicyRoute_902

set ip next-hop 172.16.102.253

!

route-map PolicyRoute_901 permit 901

match ip address PolicyRoute_901

set ip next-hop 172.16.100.253

!

route-map PolicyRoute_15 permit 15

match ip address PolicyRoute_15

set ip next-hop 192.168.15.253

!

route-map PolicyRoute_10 permit 10

set ip next-hop 192.168.10.253

!

route-map Failover permit 207

match ip address Failover

set ip next-hop 207.70.158.189

!

route-map PolicyRoute_Access2 permit 12

set ip next-hop 192.168.12.253

!

route-map PolicyRoute_Access2 permit 100

match ip address PolicyRoute_12

set ip next-hop 192.168.12.253

!

route-map PolicyRoute_SANMgmt permit 50

match ip address PolicyRoute_20

set ip next-hop 192.168.20.253

!

route-map PolicyRoute_Wireless_903 permit 903

!

route-map PolicyRoute_Wired permit 20

match ip address PolicyRoute_10

set ip next-hop 192.168.10.253

!

route-map PolicyRoute_Environment permit 40

match ip address PolicyRoute_202

set ip next-hop 192.168.202.253

!

route-map PolicyRoute_Environment permit 254

match ip address PolicyRoute_254

set ip next-hop 192.168.254.253

!

snmp-server community public RO

!

!

!

!

banner motd ^CC

THIS IS A PRIVATE COMPUTER SYSTEM. It is for authorized use only.

Users (authorized or unauthorized) have no explicit or implicit

expectation of privacy.





Any or all uses of this system and all files on this system may

be intercepted, monitored, recorded, copied, audited, inspected,

and disclosed to authorized site and law enforcement personnel,

as well as authorized officials of other agencies, both domestic

and foreign. By using this system, the user consents to such

interception, monitoring, recording, copying, auditing, inspection,

and disclosure at the discretion of authorized site personnel.



Unauthorized or improper use of this system may result in

administrative disciplinary action and civil and criminal penalties.

By continuing to use this system you indicate your awareness of and

consent to these terms and conditions of use. LOG OFF IMMEDIATELY

if you do not agree to the conditions stated in this warning.

^C

alias exec sa show arp

alias exec smt show mac-address-table

alias exec sir show ip route

alias exec cmt clear mac-address-table dynamic

alias exec wr write mem

alias exec con config term

alias exec cmtd clear mac-address-table dynamic

alias exec ca clear arp

alias exec si show interface

alias exec sci show config | inc

alias exec scg show run | grep

alias exec sis sh interface status mod

alias exec sri show running interface

!

line con 0

stopbits 1

line vty 0 4

session-timeout 35791

access-class 23 in

privilege level 15

password 7 096D4A0D1016471C5A

transport input all

line vty 5

session-timeout 35791

access-class 23 in

privilege level 15

password 7 096D4A0D1016471C5A

transport input all

line vty 6 15

transport input all

!

ntp update-calendar

ntp server 192.168.0.170

!

end



CoreSwitch4507#


0 Helpful

Go to solution
thunder_denton
Level 1
Level 1
In response to thunder_denton

‎02-13-2019 10:18 AM

And this is the remote side....

 

Willis-3560#interface Vlan1
^
% Invalid input detected at '^' marker.

Willis-3560#no ip address 192.168.100.1 255.255.255.0
^
% Invalid input detected at '^' marker.

Willis-3560#no ip policy route-map PolicyRoute_Distro
^
% Invalid input detected at '^' marker.

Willis-3560#ping 192.168.0.170
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.170, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Willis-3560#ping 192.168.0.170
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.170, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Willis-3560#ping 192.168.0.165
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.165, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Willis-3560#config t
Enter configuration commands, one per line. End with CNTL/Z.
Willis-3560(config)#interface Vlan1
Willis-3560(config-if)# ip address 10.100.10.1 255.255.255.0
Willis-3560(config-if)#
Willis-3560(config-if)#
Willis-3560(config-if)#exit
Willis-3560(config)#exit
Willis-3560#ping 192.168.0.181
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.181, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Willis-3560#
Willis-3560#
Willis-3560#ping 192.168.0.181
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.181, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Willis-3560#ping 192.168.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms
Willis-3560#
Willis-3560#
Willis-3560#
Willis-3560#
Willis-3560#
Willis-3560#
Willis-3560#
Willis-3560#writ t
Building configuration...

Current configuration : 4200 bytes
!
! Last configuration change at 13:03:38 CST Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service unsupported-transceiver
!
hostname Willis-3560
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$hYn/$ObM6LBC7.dXXA/bx5p3oa/
enable password 7 13521A131915102239212D77
!
username tharris privilege 15 password 7 06270B25455D591754
username rhapsody privilege 15 password 7 0876414F1B00111F000E0940
username thunder privilege 15 password 7 03470358552B34484B
username mikep privilege 15 password 7 073F2D4D401D1C5247
username mplante privilege 15 password 7 153F020F0C2B2E28
aaa new-model
!
!
aaa authentication fail-message ^CCC
Wrong Password **bleep**! Try again.^C
aaa authentication username-prompt "Enter Username: "
!
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time DST recurring 2 Sun Mar 2:00 2 Sun Nov 2:00
system mtu routing 1500
vtp interface Vlan100
ip routing
ip domain-name lonestar.local
ip name-server 192.168.0.170
ip name-server 192.168.0.160
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
description "Point to Point to Corporate"
no switchport
ip address 10.10.5.2 255.255.255.0
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
description Test of VLAN 100
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
!
interface GigabitEthernet0/51
!
interface GigabitEthernet0/52
!
interface Vlan1
ip address 10.100.10.1 255.255.255.0
!
interface Vlan100
ip address 10.10.10.1 255.255.255.0
!
!
router eigrp 7
network 10.10.5.0 0.0.0.255
network 10.10.10.0 0.0.0.255
network 10.100.10.0 0.0.0.255
passive-interface Vlan1
eigrp stub connected summary
!
no ip classless
no ip http server
no ip http secure-server
!
!
snmp-server community public RO
!
!
!
vstack
alias exec sri show running interface
alias exec smt show mac-address-table
alias exec cmt clear mac-address-table dynamic
alias exec sa show arp
alias exec ca clear arp
alias exec si show interface
alias exec sr show run
alias exec sis show interface status
alias exec siib sh ip int brief
!
line con 0
line vty 4
session-timeout 35791
privilege level 15
transport input ssh
line vty 5 13
session-timeout 35791
privilege level 15
password 7 052A020B285F1E0748
transport input ssh
line vty 14
session-timeout 35791
privilege level 15
password 7 06270B25455D591754
transport input ssh
line vty 15
session-timeout 35791
privilege level 15
password 7 047A0F0206321C4058
transport input ssh
!
ntp server 128.194.254.9
end

Willis-3560#
Willis-3560#config t
Enter configuration commands, one per line. End with CNTL/Z.
Willis-3560(config)#router eigrp 7
Willis-3560(config-router)# passive-interface Vlan100
Willis-3560(config-router)#
Willis-3560(config-router)#exit
Willis-3560(config)#exit
Willis-3560#writ t
Building configuration...

Current configuration : 4227 bytes
!
! Last configuration change at 13:33:01 CST Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service unsupported-transceiver
!
hostname Willis-3560
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$hYn/$ObM6LBC7.dXXA/bx5p3oa/
enable password 7 13521A131915102239212D77
!
username tharris privilege 15 password 7 06270B25455D591754
username rhapsody privilege 15 password 7 0876414F1B00111F000E0940
username thunder privilege 15 password 7 03470358552B34484B
username mikep privilege 15 password 7 073F2D4D401D1C5247
username mplante privilege 15 password 7 153F020F0C2B2E28
aaa new-model
!
!
aaa authentication fail-message ^CCC
Wrong Password **bleep**! Try again.^C
aaa authentication username-prompt "Enter Username: "
!
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time DST recurring 2 Sun Mar 2:00 2 Sun Nov 2:00
system mtu routing 1500
vtp interface Vlan100
ip routing
ip domain-name lonestar.local
ip name-server 192.168.0.170
ip name-server 192.168.0.160
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
description "Point to Point to Corporate"
no switchport
ip address 10.10.5.2 255.255.255.0
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
description Test of VLAN 100
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
!
interface GigabitEthernet0/51
!
interface GigabitEthernet0/52
!
interface Vlan1
ip address 10.100.10.1 255.255.255.0
!
interface Vlan100
ip address 10.10.10.1 255.255.255.0
!
!
router eigrp 7
network 10.10.5.0 0.0.0.255
network 10.10.10.0 0.0.0.255
network 10.100.10.0 0.0.0.255
passive-interface Vlan1
passive-interface Vlan100
eigrp stub connected summary
!
no ip classless
no ip http server
no ip http secure-server
!
!
snmp-server community public RO
!

Willis-3560#config t

Password:
Willis-3560#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
D 172.16.103.0 [90/3072] via 10.10.5.1, 04:26:17, GigabitEthernet0/1
D 192.168.0.0/24 [90/3072] via 10.10.5.1, 04:26:17, GigabitEthernet0/1
D 192.168.100.0/24 [90/3072] via 10.10.5.1, 04:19:14, GigabitEthernet0/1


Willis-3560#show ip interface
Vlan1 is up, line protocol is down
Internet address is 10.100.10.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Check hwidb
Vlan100 is up, line protocol is up
Internet address is 10.10.10.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Check hwidb
GigabitEthernet0/1 is up, line protocol is up
Internet address is 10.10.5.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.10
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Check hwidb
GigabitEthernet0/2 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/3 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/4 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/5 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/6 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/7 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/8 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/9 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/10 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/11 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/12 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/13 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/14 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/15 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/16 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/17 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/18 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/19 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/20 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/21 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/22 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/23 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/24 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/25 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/26 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/27 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/28 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/29 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/30 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/31 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/32 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/33 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/34 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/35 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/36 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/37 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/38 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/39 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/40 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/41 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/42 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/43 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/44 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/45 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/46 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/47 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/48 is up, line protocol is up
Inbound access list is not set
GigabitEthernet0/49 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/50 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/51 is down, line protocol is down
Inbound access list is not set
GigabitEthernet0/52 is down, line protocol is down
Inbound access list is not set
Willis-3560#
Willis-3560#
Willis-3560#show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(7)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/1 1 0/0 0/0 1 0/0 50 0
Willis-3560#show running config
^
% Invalid input detected at '^' marker.

Willis-3560#show running-config
Building configuration...

Current configuration : 4227 bytes
!
! Last configuration change at 13:59:23 CST Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service unsupported-transceiver
!
hostname Willis-3560
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$hYn/$ObM6LBC7.dXXA/bx5p3oa/
enable password 7 13521A131915102239212D77
!
username tharris privilege 15 password 7 06270B25455D591754
username rhapsody privilege 15 password 7 0876414F1B00111F000E0940
username thunder privilege 15 password 7 03470358552B34484B
username mikep privilege 15 password 7 073F2D4D401D1C5247
username mplante privilege 15 password 7 153F020F0C2B2E28
aaa new-model
!
!
aaa authentication fail-message ^CCC
Wrong Password **bleep**! Try again.^C
aaa authentication username-prompt "Enter Username: "
!
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time DST recurring 2 Sun Mar 2:00 2 Sun Nov 2:00
system mtu routing 1500
vtp interface Vlan100
ip routing
ip domain-name lonestar.local
ip name-server 192.168.0.170
ip name-server 192.168.0.160
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
description "Point to Point to Corporate"
no switchport
ip address 10.10.5.2 255.255.255.0
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
description Test of VLAN 100
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
!
interface GigabitEthernet0/51
!
interface GigabitEthernet0/52
!
interface Vlan1
ip address 10.100.10.1 255.255.255.0
!
interface Vlan100
ip address 10.10.10.1 255.255.255.0
!
!
router eigrp 7
network 10.10.5.0 0.0.0.255
network 10.10.10.0 0.0.0.255
network 10.100.10.0 0.0.0.255
passive-interface Vlan1
passive-interface Vlan100
eigrp stub connected summary
!
no ip classless
no ip http server
no ip http secure-server
!
!
snmp-server community public RO
!
!
!
vstack
alias exec sri show running interface
alias exec smt show mac-address-table
alias exec cmt clear mac-address-table dynamic
alias exec sa show arp
alias exec ca clear arp
alias exec si show interface
alias exec sr show run
alias exec sis show interface status
alias exec siib sh ip int brief
!
line con 0
line vty 4
session-timeout 35791
privilege level 15
transport input ssh
line vty 5 13
session-timeout 35791
privilege level 15
password 7 052A020B285F1E0748
transport input ssh
line vty 14
session-timeout 35791
privilege level 15
password 7 06270B25455D591754
transport input ssh
line vty 15
session-timeout 35791
privilege level 15
password 7 047A0F0206321C4058
transport input ssh
!
ntp server 128.194.254.9
end

Willis-3560#

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to thunder_denton

‎02-13-2019 10:35 AM - edited ‎02-13-2019 10:46 AM

Hello,

I found something in your configuration.

 coporate route

router eigrp 7
network 10.10.5.0 0.0.0.255
network 172.16.103.0 0.0.0.255
network 192.168.0.0
network 192.168.100.0

show ip route eigrp

D 10.10.10.0/24 [90/3072] via 10.10.5.2, 03:33:02, GigabitEthernet7/14 

Here you have a summary route address /24, but in your remote site you have other network 10.10.5.0/24, 10.100.10.0/24

try to run: no auto-summary on eigrp configuration in remote site. 

 

remote site

eigrp 7
network 10.10.5.0 0.0.0.255
network 10.10.10.0 0.0.0.255
network 10.100.10.0 0.0.0.255
passive-interface Vlan1
passive-interface Vlan100
eigrp stub connected summary

show ip route
172.16.0.0/24 is subnetted, 1 subnets
D 172.16.103.0 [90/3072] via 10.10.5.1, 04:26:17, GigabitEthernet0/1
D 192.168.0.0/24 [90/3072] via 10.10.5.1, 04:26:17, GigabitEthernet0/1
D 192.168.100.0/24 [90/3072] via 10.10.5.1, 04:19:14, GigabitEthernet0/1

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
thunder_denton
Level 1
Level 1
In response to Jaderson Pessoa

‎02-13-2019 11:40 AM

I entered the command no auto-summary on the remote site.



Still no love.



By the way the remote switch is a 3560 and EIGRP is restricted to stub configurations.




0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to thunder_denton

‎02-13-2019 12:05 PM

remote site

run this command and all wil works fine

eigrp stub connected

 

after it, on corporate site

show ip route eigrp

 

 

test your connections.

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
thunder_denton
Level 1
Level 1
In response to Jaderson Pessoa

‎02-13-2019 12:16 PM

CoreSwitch4507#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR



Gateway of last resort is 192.168.0.253 to network 0.0.0.0



10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

D 10.10.10.0/24 [90/3072] via 10.10.5.2, 00:01:33, GigabitEthernet7/14




0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to thunder_denton

‎02-13-2019 12:19 PM

Dear,

On remote site run this command:
configure terminal
router eigrp 7
eigrp stub connected

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
thunder_denton
Level 1
Level 1
In response to Jaderson Pessoa

‎02-13-2019 12:20 PM

Yes, thank you, it was done.



router eigrp 7

network 10.10.5.0 0.0.0.255

network 10.10.10.0 0.0.0.255

network 10.100.10.0 0.0.0.255

passive-interface Vlan1

passive-interface Vlan100

eigrp stub connected

!


0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to thunder_denton

‎02-13-2019 12:21 PM

Great... Please if possible, mark this as solved and helpful..

Thanks in advance.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
thunder_denton
Level 1
Level 1
In response to Jaderson Pessoa

‎02-13-2019 12:24 PM

Sorry. I entered the command.



It is still not hitting any VLANs at corporate except for VLAN1.



I going back to my original thinking. Maybe I need to load the latest IOS?


0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to thunder_denton

‎02-13-2019 12:51 PM

Its not related about IOS version, your corporate route has just one route to remote_site that is 10.10.10.0/24

try it it on your corporate site.
ip route 10.10.5.0 255.255.255.0 10.10.5.2
ip route 10.100.10.0 255.255.255.0 10.10.5.2

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
thunder_denton
Level 1
Level 1
In response to Jaderson Pessoa

‎02-13-2019 12:58 PM

I had tried adding static routes before and I tried it just now again. It did not work.



I can always move the servers to VLAN1. It is not being used for anything at corporate.


0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card