Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1202
Views
0
Helpful
5
Replies

3850 AVC/NBAR Not Working

DJX995
Level 3
Level 3

‎08-18-2020 05:40 PM

WS-C3850-12X48U running 16.9.5

I added all ports to the Application Visibility enabled column but I'm not seeing any AVC/NBAR data.

Capture.PNG

Capture.PNG

Tried rebooting the switch but still no data.

Does it take a while to show up or is there something wrong with my config?

Thanks!

Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎08-18-2020 11:55 PM

Hello,

 

it is a bit hard to tell from the GUI screenshots what you are missing, can you post the output of 'sh run' from the CLI ?

 

Make sure your running config has:

 

ip http authentication local

ip nbar http-service

0 Helpful

DJX995
Level 3
Level 3
In response to Georg Pauwen

‎08-19-2020 05:17 AM

Just checked the AM and still no data.

Both of those commands are in there.

I can't post the whole config because it's quite lengthy and contains private information.

 

What I find interesting is "show ip nbar protocol-d top" returns nothing even though every interface has the following:

 

service-policy input WEBUI-MARKING-IN
service-policy output WEBUI-QUEUING-OUT
ip nbar protocol-discovery

 

This leads me to believe it's a bug.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to DJX995

‎08-19-2020 06:58 AM

Since we have asked provide the configuraiton to see is the config applied in right place.

 

make sure the Interface you applied this NBAR - where you like to monitor AVC

 

example :

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-9/configuration_guide/sys_mgmt/b_169_sys_mgmt_3850_cg/application_visibility_and_control_in_a_wired_network.html

 

if possible remove other config, provide more related to NABR config.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

DJX995
Level 3
Level 3
In response to balaji.bandi

‎08-19-2020 07:51 AM

I understand.

I took the time to manually sanitize the config.

Hopefully removed all private information but I probably missed a few things.

Anyway, here it is:

!
! Last configuration change at 08:11:55 EDT Wed Aug 19 2020 by admin
! NVRAM config last updated at 08:13:36 EDT Wed Aug 19 2020 by admin
!
version 16.9
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname core3850
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
!
!
!
!
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
switch 1 provision ws-c3850-12x48u
!
!
!
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
  no destination transport-method email
ip routing
!
!
ip nbar protocol-pack flash:/pp-adv-cat3k-169.1-34-47.0.0.pack 
!
!
!
!
ip nbar http-services
!
!
!
ip multicast-routing 
ip dhcp database flash:/dhcp-db.text
ip dhcp remember
ip dhcp conflict resolution
ip dhcp excluded-address XXX.XXX.1.1 XXX.XXX.1.15
ip dhcp excluded-address XXX.XXX.1.200 XXX.XXX.1.254
ip dhcp excluded-address XXX.XXX.10.1 XXX.XXX.10.15
ip dhcp excluded-address XXX.XXX.10.200 XXX.XXX.10.254
ip dhcp excluded-address XXX.XXX.100.1 XXX.XXX.100.5
ip dhcp excluded-address XXX.XXX.100.200 XXX.XXX.100.254
ip dhcp excluded-address XXX.XXX.101.1 XXX.XXX.101.5
ip dhcp excluded-address XXX.XXX.101.200 XXX.XXX.101.254
!
ip dhcp pool VLAN1
 network XXX.XXX.1.0 255.255.255.0
 default-router XXX.XXX.1.254 
 option 2 hex ffff.b9b0
 dns-server XXX.XXX.10.10 XXX.XXX.10.10 
 lease 7
!
ip dhcp pool VLAN10
 network XXX.XXX.10.0 255.255.255.0
 default-router XXX.XXX.10.254 
 option 2 hex ffff.b9b0
 dns-server XXX.XXX.10.10 XXX.XXX.10.10 
 lease 7
!
ip dhcp pool VLAN100
 network XXX.XXX.100.0 255.255.255.0
 default-router XXX.XXX.100.254 
 option 2 hex ffff.b9b0
 dns-server XXX.XXX.10.10 XXX.XXX.10.10 
 lease 7
!
ip dhcp pool VLAN101
 network XXX.XXX.101.0 255.255.255.0
 default-router XXX.XXX.101.254 
 option 2 hex ffff.b9b0
 dns-server XXX.XXX.10.10 XXX.XXX.10.10 
 lease 7
!
!
!
ip igmp snooping querier
login on-success log
ipv6 unicast-routing
ipv6 mld snooping
ipv6 dhcp database flash:/dhcpv6-db.text
ipv6 dhcp pool VLAN1
 address prefix XXXX:XXX:XXXX:1::/64
 dns-server XXXX:XXX:XXXX:10::10
!
ipv6 dhcp pool VLAN10
 address prefix XXXX:XXX:XXXX:10::/64
 dns-server XXXX:XXX:XXXX:10::10
!
ipv6 dhcp pool VLAN100
 address prefix XXXX:XXX:XXXX:100::/64
 dns-server XXXX:XXX:XXXX:10::10
 domain-name djxmmx.net
!
ipv6 dhcp pool VLAN101
 address prefix XXXX:XXX:XXXX:101::/64
 dns-server XXXX:XXX:XXXX:10::10
!
ipv6 multicast-routing
!
!
!
!
!
!
!
vtp mode transparent
!
crypto pki trustpoint TP-self-signed-447615806
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-447615806
 revocation-check none
 rsakeypair TP-self-signed-447615806
!
crypto pki trustpoint SLA-TrustPoint
 enrollment terminal
 revocation-check crl
!
crypto pki trustpoint Certificate
 enrollment pkcs12
 revocation-check crl
 rsakeypair Certificate
!
crypto pki trustpoint Certificate-rrr1
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-447615806
 certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01 nvram:CiscoLicensi#1CA.cer
crypto pki certificate chain Certificate
 certificate 610259E00CB10F84E71699B005F07108 nvram:SectigoRSADo#7108.cer
 certificate ca 7D5B5126B476BA11DB74160BBC530DA7 nvram:USERTrustRSA#DA7CA.cer
crypto pki certificate chain Certificate-rrr1
 certificate ca 01FD6D30FCA3CA51A81BBC640E35032D nvram:USERTrustRSA#32DCA.cer
!
crypto pki certificate pool
 cabundle nvram:ios_core.p7b
!
system mtu 9198
license boot level ipservicesk9
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause link-monitor-failure
errdisable recovery cause oam-remote-failure
errdisable recovery cause loopback
errdisable recovery cause psp
!
!
redundancy
 mode sso
!
!
!
!
!
transceiver type all
 monitoring
!
vlan 10,100-101,4094 
lldp run
!
!
class-map match-all WEBUI-BROADCAST_VIDEO-NBAR
 match protocol attribute traffic-class broadcast-video
 match protocol attribute business-relevance business-relevant
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data, LOGGING
class-map match-all WEBUI-VOICE-NBAR
 match protocol attribute traffic-class voip-telephony
 match protocol attribute business-relevance business-relevant
class-map match-all WEBUI-BULK_DATA-NBAR
 match protocol attribute traffic-class bulk-data
 match protocol attribute business-relevance business-relevant
class-map match-any system-cpp-default
  description Inter FED, EWLC control, EWLC data
class-map match-all WEBUI-SIGNALING-NBAR
 match protocol attribute traffic-class signaling
 match protocol attribute business-relevance business-relevant
class-map match-any WEBUI-NETWORK_CONTROL-DSCP
 match dscp cs2 
 match dscp cs3 
 match dscp cs6 
 match dscp cs7 
class-map match-all WEBUI-SCAVENGER-NBAR
 match protocol attribute business-relevance business-irrelevant
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any WEBUI-SCAVENGER-DSCP
 match dscp cs1 
class-map match-all WEBUI-NETWORK_CONTROL-NBAR
 match protocol attribute traffic-class network-control
 match protocol attribute business-relevance business-relevant
class-map match-any WEBUI-BULK_DATA-DSCP
 match dscp af11 
 match dscp af12 
 match dscp af13 
class-map match-any WEBUI-BROADCAST_VIDEO-DSCP
 match dscp cs4 
 match dscp af41 
 match dscp af42 
 match dscp af43 
 match dscp cs5 
class-map match-all WEBUI-MULTIMEDIA_CONFERENCING-NBAR
 match protocol attribute traffic-class multimedia-conferencing
 match protocol attribute business-relevance business-relevant
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any WEBUI-VOICE-DSCP
 match dscp ef 
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-all WEBUI-NETWORK_MANAGEMENT-NBAR
 match protocol attribute traffic-class ops-admin-mgmt
 match protocol attribute business-relevance business-relevant
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any WEBUI-MULTIMEDIA_STREAMING-DSCP
 match dscp af31 
 match dscp af32 
 match dscp af33 
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-all WEBUI-REALTIME_INTERACTIVE-NBAR
 match protocol attribute traffic-class real-time-interactive
 match protocol attribute business-relevance business-relevant
class-map match-any WEBUI-TRANSACTIONAL_DATA-DSCP
 match dscp af21 
 match dscp af22 
 match dscp af23 
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual
class-map match-all WEBUI-TRANSACTIONAL_DATA-NBAR
 match protocol attribute traffic-class transactional-data
 match protocol attribute business-relevance business-relevant
class-map match-any system-cpp-police-control-low-priority
  description General punt
class-map match-any non-client-nrt-class
class-map match-all WEBUI-MULTIMEDIA_STREAMING-NBAR
 match protocol attribute traffic-class multimedia-streaming
 match protocol attribute business-relevance business-relevant
class-map match-any system-cpp-police-routing-control
  description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
  description DHCP snooping
class-map match-any system-cpp-police-system-critical
  description System Critical and Gold Pkt
!
policy-map WEBUI-MARKING-IN
 class WEBUI-VOICE-NBAR
  set dscp ef
 class WEBUI-BROADCAST_VIDEO-NBAR
  set dscp cs5
 class WEBUI-REALTIME_INTERACTIVE-NBAR
  set dscp cs4
 class WEBUI-MULTIMEDIA_CONFERENCING-NBAR
  set dscp af41
 class WEBUI-MULTIMEDIA_STREAMING-NBAR
  set dscp af31
 class WEBUI-SIGNALING-NBAR
  set dscp cs3
 class WEBUI-NETWORK_CONTROL-NBAR
  set dscp cs6
 class WEBUI-NETWORK_MANAGEMENT-NBAR
  set dscp cs2
 class WEBUI-TRANSACTIONAL_DATA-NBAR
  set dscp af21
 class WEBUI-BULK_DATA-NBAR
  set dscp af11
 class WEBUI-SCAVENGER-NBAR
  set dscp cs1
 class class-default
  set dscp default
policy-map system-cpp-policy
 class system-cpp-police-control-low-priority
policy-map WEBUI-QUEUING-OUT
 class WEBUI-VOICE-DSCP
  priority level 1 percent 1
  queue-buffers ratio 5
 class WEBUI-BROADCAST_VIDEO-DSCP
  priority level 2 percent 30
  queue-buffers ratio 5
 class WEBUI-NETWORK_CONTROL-DSCP
  bandwidth remaining percent 10 
  queue-buffers ratio 5
 class WEBUI-MULTIMEDIA_STREAMING-DSCP
  bandwidth remaining percent 20 
  queue-buffers ratio 10
  queue-limit dscp af33 percent 80
  queue-limit dscp af32 percent 90
  queue-limit dscp af31 percent 100
 class WEBUI-TRANSACTIONAL_DATA-DSCP
  bandwidth remaining percent 20 
  queue-buffers ratio 10
  queue-limit dscp af23 percent 80
  queue-limit dscp af22 percent 90
  queue-limit dscp af21 percent 100
 class WEBUI-BULK_DATA-DSCP
  bandwidth remaining percent 14 
  queue-buffers ratio 20
  queue-limit dscp af13 percent 80
  queue-limit dscp af12 percent 90
  queue-limit dscp af11 percent 100
 class WEBUI-SCAVENGER-DSCP
  bandwidth remaining percent 1 
  queue-buffers ratio 5
 class class-default
  bandwidth remaining percent 35 
  queue-buffers ratio 40
!
! 
!
!
!
!
!
!
!
!
!
interface Port-channel1
 description VLAN 1 - SonicWall
 switchport mode access
!
interface Port-channel2
 description VLAN 10
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 ip address 192.168.0.254 255.255.255.0
 negotiation auto
!
interface GigabitEthernet1/0/1
 description LAG - SonicWall    
 switchport mode access
 channel-group 1 mode on
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/2
 description LAG - SonicWall
 switchport mode access
 channel-group 1 mode on
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/3
 description LACP
 switchport access vlan 10
 switchport mode access
 channel-group 2 mode active
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/4
 description LACP
 switchport access vlan 10
 switchport mode access
 channel-group 2 mode active
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/5
 description VLAN 10 
 switchport access vlan 10
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/6
 description VLAN 10
 switchport access vlan 10
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/7
 description VLAN 10
 switchport access vlan 10
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/8
 description VLAN 10
 switchport access vlan 10
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/9
 description VLAN 10
 switchport access vlan 10
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/10
 description VLAN 10
 switchport access vlan 10
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/11
 description VLAN 10
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/12
 description VLAN 10
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/13
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/14
 description VLAN 1 - Lexmark MC3426
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/15
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/16
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/17
 description VLAN 101 - Polaris Z3
 switchport access vlan 101
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/18
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/19
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/20
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/21
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/22
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/23
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/24
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/25
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/26
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/27
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/28
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/29
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/30
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/31
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/32
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/33
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/34
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/35
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/36
 description VLAN 100
 switchport access vlan 100
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/37
 description TRUNK - Cisco AP3802
 switchport mode trunk
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/38
 description VLAN 10
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/39
 description TRUNK
 switchport mode trunk
 spanning-tree portfast
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/40
 description VLAN 1
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/41
 description VLAN 1
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/42
 description VLAN 1
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/43
 description VLAN 1
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/44
 description VLAN 1
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/45
 description VLAN 1
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/46
 description VLAN 1
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/47
 description VLAN 1
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/48
 description VLAN 1
 switchport mode access
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/1/1
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/1/2
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/1/3
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface GigabitEthernet1/1/4
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/1
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/2
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/3
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/4
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/5
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/6
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/7
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/8
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface FortyGigabitEthernet1/1/1
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface FortyGigabitEthernet1/1/2
 service-policy input WEBUI-MARKING-IN
 service-policy output WEBUI-QUEUING-OUT
 ip nbar protocol-discovery
!
interface Vlan1
 description VLAN 1
 ip address XXX.XXX.1.254 255.255.255.0
 ip helper-address XXX.XXX.10.255
 ip helper-address XXX.XXX.100.255
 ip directed-broadcast
 ip pim sparse-dense-mode
 ip igmp version 3
 ipv6 address XXXX:XXX:XXXX:1:FFFF:FFFF:FFFF:FF7F/64
 ipv6 nd prefix XXXX:XXX:XXXX:1::/64 2592000 604800 no-autoconfig
 ipv6 nd managed-config-flag
 ipv6 nd other-config-flag
 ipv6 nd router-preference High
 ipv6 nd ra dns server XXXX:XXX:XXXX:10::10 604800
 ipv6 dhcp server VLAN1
!
interface Vlan10
 description VLAN 10
 ip address XXX.XXX.10.254 255.255.255.0
 ip helper-address XXX.XXX.1.255
 ip helper-address XXX.XXX.100.255
 ip directed-broadcast
 ip pim sparse-dense-mode
 ip igmp version 3
 ipv6 address XXXX:XXX:XXXX:10:FFFF:FFFF:FFFF:FF7F/64
 ipv6 nd prefix XXXX:XXX:XXXX:10::/64 2592000 604800 no-autoconfig
 ipv6 nd managed-config-flag
 ipv6 nd other-config-flag
 ipv6 nd router-preference High
 ipv6 nd ra dns server XXXX:XXX:XXXX:10::10 604800
 ipv6 dhcp server VLAN10
!
interface Vlan100
 description VLAN 100
 ip address XXX.XXX.100.254 255.255.255.0
 ip helper-address XXX.XXX.1.255
 ip helper-address XXX.XXX.10.255
 ip directed-broadcast
 ip pim sparse-dense-mode
 ip igmp version 3
 ipv6 address XXXX:XXX:XXXX:100:FFFF:FFFF:FFFF:FF7F/64
 ipv6 nd prefix XXXX:XXX:XXXX:100::/64 2592000 604800
 ipv6 nd managed-config-flag
 ipv6 nd other-config-flag
 ipv6 nd router-preference High
 ipv6 nd ra dns server XXXX:XXX:XXXX:10::10 604800
 ipv6 dhcp server VLAN100
!
interface Vlan101
 description VLAN 101
 ip address XXX.XXX.101.254 255.255.255.0
 ip access-group VLAN101-IPv4-In in
 ip access-group VLAN101-IPv4-Out out
 ip igmp version 3
 ipv6 address XXXX:XXX:XXXX:101:FFFF:FFFF:FFFF:FF7F/64
 ipv6 nd prefix XXXX:XXX:XXXX:101::/64 2592000 604800
 ipv6 nd managed-config-flag
 ipv6 nd other-config-flag
 ipv6 nd router-preference High
 ipv6 nd ra dns server XXXX:XXX:XXXX:10::10 604800
 ipv6 dhcp server VLAN101
 ipv6 traffic-filter VLAN101-IPv6-In in
 ipv6 traffic-filter VLAN101-IPv6-Out out
!
ip forward-protocol nd
ip forward-protocol udp echo
ip forward-protocol udp discard
ip forward-protocol udp 1900
ip forward-protocol udp 3074
ip forward-protocol udp 3702
ip forward-protocol udp 4000
ip forward-protocol udp 12203
ip forward-protocol udp 13203
ip forward-protocol udp 27960
ip forward-protocol udp 27961
ip forward-protocol udp 27962
ip forward-protocol udp 28960
ip forward-protocol udp 28961
ip forward-protocol udp 28962
ip forward-protocol udp 28963
ip forward-protocol udp 28964
ip forward-protocol udp 28965
ip http server
ip http authentication local
ip http secure-server
ip http secure-trustpoint Certificate
ip route 0.0.0.0 0.0.0.0 Vlan1 XXX.XXX.1.1
ip ssh version 2
!
!
ip access-list extended VLAN101-IPv4-In
 permit tcp XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255 eq domain
 permit tcp XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255 eq www
 permit tcp XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255 eq 443
 permit udp XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255 eq domain
 permit tcp XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255 eq domain
 permit tcp XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255 eq www
 permit tcp XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255 eq 443
 permit udp XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255 eq domain
 deny   ip XXX.XXX.101.0 0.0.0.255 XXX.XXX.1.0 0.0.0.255
 deny   ip XXX.XXX.101.0 0.0.0.255 XXX.XXX.2.0 0.0.0.255
 deny   ip XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255
 deny   ip XXX.XXX.101.0 0.0.0.255 XXX.XXX.100.0 0.0.0.255
 deny   ip XXX.XXX.101.0 0.0.0.255 XXX.XXX.1.0 0.0.0.255
 deny   ip XXX.XXX.101.0 0.0.0.255 XXX.XXX.2.0 0.0.0.255
 deny   ip XXX.XXX.101.0 0.0.0.255 XXX.XXX.10.0 0.0.0.255
 deny   ip XXX.XXX.101.0 0.0.0.255 XXX.XXX.100.0 0.0.0.255
 permit ip any any
ip access-list extended VLAN101-IPv4-Out
 permit tcp XXX.XXX.10.0 0.0.0.255 eq domain XXX.XXX.101.0 0.0.0.255
 permit tcp XXX.XXX.10.0 0.0.0.255 eq www XXX.XXX.101.0 0.0.0.255
 permit tcp XXX.XXX.10.0 0.0.0.255 eq 443 XXX.XXX.101.0 0.0.0.255
 permit udp XXX.XXX.10.0 0.0.0.255 eq domain XXX.XXX.101.0 0.0.0.255
 permit tcp XXX.XXX.10.0 0.0.0.255 eq domain XXX.XXX.101.0 0.0.0.255
 permit tcp XXX.XXX.10.0 0.0.0.255 eq www XXX.XXX.101.0 0.0.0.255
 permit tcp XXX.XXX.10.0 0.0.0.255 eq 443 XXX.XXX.101.0 0.0.0.255
 permit udp XXX.XXX.10.0 0.0.0.255 eq domain XXX.XXX.101.0 0.0.0.255
 deny   ip XXX.XXX.1.0 0.0.0.255 XXX.XXX.101.0 0.0.0.255
 deny   ip XXX.XXX.2.0 0.0.0.255 XXX.XXX.101.0 0.0.0.255
 deny   ip XXX.XXX.10.0 0.0.0.255 XXX.XXX.101.0 0.0.0.255
 deny   ip XXX.XXX.100.0 0.0.0.255 XXX.XXX.101.0 0.0.0.255
 deny   ip XXX.XXX.1.0 0.0.0.255 XXX.XXX.101.0 0.0.0.255
 deny   ip XXX.XXX.2.0 0.0.0.255 XXX.XXX.101.0 0.0.0.255
 deny   ip XXX.XXX.10.0 0.0.0.255 XXX.XXX.101.0 0.0.0.255
 deny   ip XXX.XXX.100.0 0.0.0.255 XXX.XXX.101.0 0.0.0.255
 permit ip any any
!
ipv6 route ::/0 Vlan1 XXXX::XXXX:XXXX:XXXX:5A1A
!
!
snmp-server group ReadOnly v3 priv read ReadView 
snmp-server view ReadView internet included
snmp-server location
snmp-server contact
!
!
!
ipv6 access-list VLAN101-IPv6-In
 permit tcp XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64 eq domain
 permit tcp XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64 eq www
 permit tcp XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64 eq 443
 permit udp XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64 eq domain
 permit tcp XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64 eq domain
 permit tcp XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64 eq www
 permit tcp XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64 eq 443
 permit udp XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64 eq domain
 deny ipv6 XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:1::/64
 deny ipv6 XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:2::/64
 deny ipv6 XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64
 deny ipv6 XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:100::/64
 deny ipv6 XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:1::/64
 deny ipv6 XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:2::/64
 deny ipv6 XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:10::/64
 deny ipv6 XXXX:XXX:XXXX:101::/64 XXXX:XXX:XXXX:100::/64
 permit ipv6 any any
!
ipv6 access-list VLAN101-IPv6-Out
 permit tcp XXXX:XXX:XXXX:10::/64 eq domain XXXX:XXX:XXXX:101::/64
 permit tcp XXXX:XXX:XXXX:10::/64 eq www XXXX:XXX:XXXX:101::/64
 permit tcp XXXX:XXX:XXXX:10::/64 eq 443 XXXX:XXX:XXXX:101::/64
 permit udp XXXX:XXX:XXXX:10::/64 eq domain XXXX:XXX:XXXX:101::/64
 permit tcp XXXX:XXX:XXXX:10::/64 eq domain XXXX:XXX:XXXX:101::/64
 permit tcp XXXX:XXX:XXXX:10::/64 eq www XXXX:XXX:XXXX:101::/64
 permit tcp XXXX:XXX:XXXX:10::/64 eq 443 XXXX:XXX:XXXX:101::/64
 permit udp XXXX:XXX:XXXX:10::/64 eq domain XXXX:XXX:XXXX:101::/64
 deny ipv6 XXXX:XXX:XXXX:1::/64 XXXX:XXX:XXXX:101::/64
 deny ipv6 XXXX:XXX:XXXX:2::/64 XXXX:XXX:XXXX:101::/64
 deny ipv6 XXXX:XXX:XXXX:10::/64 XXXX:XXX:XXXX:101::/64
 deny ipv6 XXXX:XXX:XXXX:100::/64 XXXX:XXX:XXXX:101::/64
 deny ipv6 XXXX:XXX:XXXX:1::/64 XXXX:XXX:XXXX:101::/64
 deny ipv6 XXXX:XXX:XXXX:2::/64 XXXX:XXX:XXXX:101::/64
 deny ipv6 XXXX:XXX:XXXX:10::/64 XXXX:XXX:XXXX:101::/64
 deny ipv6 XXXX:XXX:XXXX:100::/64 XXXX:XXX:XXXX:101::/64
 permit ipv6 any any
!
control-plane
 service-policy input system-cpp-policy
!
banner motd 
Authorized Access Only

  This system is the property of 
  UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
  You must have explicit permission to access this
  device. All activities performed on this device
  are logged.

!
line con 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 logging synchronous
 transport preferred ssh
 transport input ssh
 transport output ssh
line vty 5 97
 logging synchronous
 transport preferred ssh
 transport input ssh
 transport output ssh
!
ntp server XXXX:XXX:XXXX:10::10
ntp server XXXX:XXX:XXXX:10::10
ntp server XXX.XXX.10.10
ntp server XXX.XXX.10.10
!
!
!
!
!
!
end

Hopefully I'm just missing something simple.

Thanks!

0 Helpful

DJX995
Level 3
Level 3
In response to DJX995

‎08-20-2020 05:45 AM

Ping

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card