cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1630
Views
0
Helpful
15
Replies

can I get some input on my routing between vlans

spd2612
Level 1
Level 1

Can Anyone tell me why these subnets cant communicate localy ?
I have looked over my NVI setup and see nothing wrong
Been racking my brain and may have to give up here

Thu Feb 01 2024 16:23:14 GMT-0500 (Eastern Standard Time)
===================================================================================
#show running-config
Building configuration...
Current configuration : 10124 bytes
!
! Last configuration change at 21:22:44 UTC Thu Feb 1 2024 by john
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform punt-keepalive disable-kernel-core
platform management port rate-limt-enabled
!
hostname Switch
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging console emergencies
enable secret 9 $9$oVqlz6ZLRXiOGE$mbQ5zDmIIKmwI6ycwTChIuSK.GG7Rdibq0ZHyVzajRo
enable password xxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
!
aaa session-id common
switch 1 provision ws-c3650-48ps
!
!
!
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
ip routing
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!
!
vtp mode transparent
no device-tracking logging theft
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint TP-self-signed-1716188296
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1716188296
revocation-check none
rsakeypair TP-self-signed-1716188296
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
crypto pki certificate chain TP-self-signed-1716188296
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373136 31383832 3936301E 170D3234 30313331 31373339
35385A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37313631
38383239 36308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100C9F8 E9246F37 F2D1400A 1FC7C9B3 C364C7A1 4BECEEBC C67CE077
7948C40B 70A4CA7A 26E1A8B7 2B750FBD 1F980AD7 6F6AD2A8 1E4BBD0E 04DFE47E
845424C7 41CBD03D FF6804AC 6AEFA63C 5BEC1E77 E8594E16 0A2E0AFE 5C2A9D6F
DAFD6064 E334864F D8E0BCB3 9E81B0B9 54088356 DB98B23A CE169AB7 337CB6D9
12663BF4 AB38AD4C 8B4C14FE 3B2CB5FE C469A33C 3906D643 E0F4E7B2 4CECCF08
FF631462 C4282C9E 8758FBCE 5F9E7FA7 A26DE31E 1A49DD20 0BB42130 CED344F6
10EB6CFF 9F27A741 A405C10B C6942F64 1AB13DE6 2F4737DB EEBA6FD2 13C20889
37F3F94B DF07ACB0 D0786DC1 CE3D526B A6AA1A85 BBC29542 43FDDE19 8926B818
A7449D5C 30370203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14679635 2AFE0CDC D6070EA4 EAF4C176 F3EDAB3B
C5301D06 03551D0E 04160414 6796352A FE0CDCD6 070EA4EA F4C176F3 EDAB3BC5
300D0609 2A864886 F70D0101 05050003 82010100 BBEB64FF EF33E9E4 AE582422
0561D11D 25D7EE80 B9195ABB 228370CD 898084CF 95BADDAC C69A4B9B 1E71017B
8C36C5F2 15DE5860 537D3C7A 8C1D1E2E B71B63E4 6E00F3A3 8C98EF0B 98A8BD11
A145EBED B48CC588 F53BEBB1 7A727884 8C98E3D6 44EBD559 A5FF8316 9443629F
9E6D2D3C 37E48FB7 7C5AF8AA 0F189D4C C38DF113 93B63420 26194CDA 50290047
5460E769 7367F6AF 47CE4047 15404AF0 19D5700E 714FE152 BE266A20 89454651
0B85740C 091E114D 9750E13D 259F4DED 0EBBDC69 34621D2D 743014BD 4C36FC5A
219E568B 47B045C9 8EC93755 76EBD986 774440FA 040B6CB8 5515468E 182EC543
5358DA2D 53998A11 5AD06CFC C8C53685 739B314F
quit
!
!
license boot level ipbasek9
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
memory free low-watermark processor 79468
!
username john privilege 15 password 0 xxxxxxxx
username admin privilege 15 secret 9 xxxxxx
username cisco privilege 15 secret 9 xxxxxxxxx
!
redundancy
mode sso
!
!
!
!
!
transceiver type all
monitoring
!
vlan 20,30
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description EWLC control, EWLC data, Inter FED
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
switchport mode trunk
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
spanning-tree portfast disable
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
spanning-tree portfast disable
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
spanning-tree portfast disable
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
ip dhcp client client-id ascii FDO2131E1UZ
ip address 192.168.2.1 255.255.255.0
!
interface Vlan20
ip address 192.168.3.1 255.255.255.0
!
interface Vlan30
ip address 192.168.4.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface Vlan1
!
!
!
!
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxxxxxxxxx
length 0
line vty 5 15
password xxxxxxxxx
!
!
!
!
!
!
!
end

 


#########################################################################

Thu Feb 01 2024 15:56:53 GMT-0500 (Eastern Standard Time)
===================================================================================
#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Vlan1
L 192.168.2.1/32 is directly connected, Vlan1
192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.3.0/24 is directly connected, Vlan20
L 192.168.3.1/32 is directly connected, Vlan20
192.168.4.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly connected, Vlan30
L 192.168.4.1/32 is directly connected, Vlan30

########################################################

 

Thu Feb 01 2024 16:26:12 GMT-0500 (Eastern Standard Time)
===================================================================================
#show ip int bri
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.2.1 YES NVRAM up up
Vlan20 192.168.3.1 YES NVRAM up up
Vlan30 192.168.4.1 YES NVRAM up up
GigabitEthernet0/0 unassigned YES unset down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset up up
GigabitEthernet1/0/4 unassigned YES unset up up
GigabitEthernet1/0/5 unassigned YES unset up up
GigabitEthernet1/0/6 unassigned YES unset up up
GigabitEthernet1/0/7 unassigned YES unset up up
GigabitEthernet1/0/8 unassigned YES unset down down
GigabitEthernet1/0/9 unassigned YES unset down down
GigabitEthernet1/0/10 unassigned YES unset up up
GigabitEthernet1/0/11 unassigned YES unset up up
GigabitEthernet1/0/12 unassigned YES unset up up
GigabitEthernet1/0/13 unassigned YES unset down down
GigabitEthernet1/0/14 unassigned YES unset down down
GigabitEthernet1/0/15 unassigned YES unset down down
GigabitEthernet1/0/16 unassigned YES unset down down
GigabitEthernet1/0/17 unassigned YES unset down down
GigabitEthernet1/0/18 unassigned YES unset down down
GigabitEthernet1/0/19 unassigned YES unset down down
GigabitEthernet1/0/20 unassigned YES unset down down
GigabitEthernet1/0/21 unassigned YES unset down down
GigabitEthernet1/0/22 unassigned YES unset down down
GigabitEthernet1/0/23 unassigned YES unset down down
GigabitEthernet1/0/24 unassigned YES unset down down
GigabitEthernet1/0/25 unassigned YES unset down down
GigabitEthernet1/0/26 unassigned YES unset down down
GigabitEthernet1/0/27 unassigned YES unset down down
GigabitEthernet1/0/28 unassigned YES unset down down
GigabitEthernet1/0/29 unassigned YES unset down down
GigabitEthernet1/0/30 unassigned YES unset down down
GigabitEthernet1/0/31 unassigned YES unset down down
GigabitEthernet1/0/32 unassigned YES unset down down
GigabitEthernet1/0/33 unassigned YES unset down down
GigabitEthernet1/0/34 unassigned YES unset up up
GigabitEthernet1/0/35 unassigned YES unset down down
GigabitEthernet1/0/36 unassigned YES unset down down
GigabitEthernet1/0/37 unassigned YES unset up up
GigabitEthernet1/0/38 unassigned YES unset down down
GigabitEthernet1/0/39 unassigned YES unset up up
GigabitEthernet1/0/40 unassigned YES unset up up
GigabitEthernet1/0/41 unassigned YES unset up up
GigabitEthernet1/0/42 unassigned YES unset down down
GigabitEthernet1/0/43 unassigned YES unset up up
GigabitEthernet1/0/44 unassigned YES unset down down
GigabitEthernet1/0/45 unassigned YES unset up up
GigabitEthernet1/0/46 unassigned YES unset down down
GigabitEthernet1/0/47 unassigned YES unset up up
GigabitEthernet1/0/48 unassigned YES unset down down
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down

###########################################################


Thu Feb 01 2024 16:00:08 GMT-0500 (Eastern Standard Time)
===================================================================================
#show vtp status
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name :
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 7070.8b8d.cc00
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00
Feature VLAN:
--------------
VTP Operating Mode : Transparent
Maximum VLANs supported locally : 1005
Number of existing VLANs : 7
Configuration Revision : 0
MD5 digest : 0xAF 0x0D 0xE1 0xE7 0x5F 0xD9 0x93 0x33
0xB2 0x71 0xBF 0xBA 0x57 0x99 0x9D 0xD0
######################################################################
If I run tracert on a vlan pc from Vlan1 I get below
It looks like its trying to hit my wan gateway 50.192.28.30 not my routers
Tracing route to 192.168.3.140 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.2.2 (is assigned gateway)
2 2 ms 1 ms 1 ms 50-192-28-30-static.hfc.comcastbusiness.net [50.192.28.30]
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.

 

 

 

15 Replies 15

Hello,

what does the rest of your topology look like ? Where are the clients ? I see one trunk, what is connected that ? Post a schematic drawing of your topology, as well as the full running configs of all devices involved...

well there are 3 tp-link routers all getting static ip WAN addresses from a comcast Business Gateway, routers all have port forwarding in use so I can use port 80 on more then one wan IP.  Those three routers connect directly to the c3650 switch as far as for the one trunk its the only way to show operational staus as up, I have read that VTP Transparent will allow the data to pass across a trunk. This is just a LAB so I have nothing for a schematic

Router IPs 192.168.2.2  Dhcp server is enabled on that subnet

router 2 192.168.3.2

Router 3 192.168.4.2

I have a total block of 5 statics just not using all, 

 

Hello,

can you ping the respective .1 addresses from the TP routers ?

Yes from the TP-Link I can ping all 3 .1 addresses 

I can not ping from the cisco to the tp-link

spd2612
Level 1
Level 1

Ok I changed the router ports on the switch to trunk ports and set them to there correct native vlan and I am able to ping only there vlan  from the c3650 In other words I can not ing 192.168.3.4 from 192.168.2.2 vlan but I can ping from 2.1 to 2.4

I am a bit confused about this environment. The posted config shows one port as a trunk and all other ports as access ports with no vlan assignment, so all should be in vlan 1. What is connected to G1/0/7? Is that device perhaps part of your issue?

It might shed some light on the issue if you would post the output of show arp from the switch.

HTH

Rick

G107 is a trunk port that goes to a pc and 45,47 and I believe are trunk ports going to the 3 routers
I was under the understanding that as long as I had at least one trunk port I did not need to assign any ports with ip addresses using vti

spd2612
Level 1
Level 1
sorry for the delay on this had to get in front of the switch
 
Fri Feb 02 2024 19:51:34 GMT-0500 (Eastern Standard Time)
===================================================================================
#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.2.1             -   7070.8b8d.cc47  ARPA   Vlan1
Internet  192.168.2.2             0   ac15.a27c.cd7b  ARPA   Vlan1
Internet  192.168.2.10           63   000c.2965.10d3  ARPA   Vlan1
Internet  192.168.2.13          231   000c.29d2.c40c  ARPA   Vlan1
Internet  192.168.2.17           63   000c.2919.c6a8  ARPA   Vlan1
Internet  192.168.2.108          32   e003.6b97.0e89  ARPA   Vlan1
Internet  192.168.2.178           0   3c37.8691.c3af  ARPA   Vlan1
Internet  192.168.2.201           6   3417.ebc9.c2d5  ARPA   Vlan1
Internet  192.168.3.1             -   7070.8b8d.cc56  ARPA   Vlan20
Internet  192.168.3.2            39   ac15.a27c.cd7b  ARPA   Vlan20
Internet  192.168.4.1             -   7070.8b8d.cc65  ARPA   Vlan30

spd2612
Level 1
Level 1

ANYBODY ? I am sure I have done something wrong I am new to Cisco programing and Know enough to be dangerous

spd2612
Level 1
Level 1

If I set switch port to no switchport which enables layer 3 and try to put a ip address on it I get a error ( ip address over lap}

Thats trying to use the ip subnet that that port is connected to

example port 41 is connected to a router that is 192.168.3.2  If I try to give port 41, 192.168.3.5 I get the error

I am still trying to figure out the issues discussed earlier in this discussion and am still puzzled. This most recent post describes a new issue and I believe that I do understand and can explain it. You configured the vlan interface for vlan 20 with address 192.168.3.1 which means that subnet 192.168.3.0/24 is associated with vlan 20. Then you created a layer 3 interface using no switchport and attempt to assign address 192.168.3.5, which would associate subnet 192.168.3.0/24 with that new interface. But that subnet is already assigned so you get the error about address overlap.

Am I correct in understanding that port 1/0/41 is connected to the router and wants to use 192.168.3.5 as its address? if so the solution is easy - just assign 1/0/41 to vlan 20.

HTH

Rick

spd2612
Level 1
Level 1

I am confused Here as the only way I can put that port into NO SWITCHPORT is to  enable layer 3 address in which case I would have to put in a ip 192.168.3.5 but that is where it errored out I can do this thru the console but should not make a difference see screen shot

Untitled.jpg

Here is a screen shot of SVI from the gui

Untitled2.jpg

I can follow commands if you want I have a console port connected

I have looked at the output that you posted and here is what I think about it:

- the setting for Port Fast indicates trunk. Do you really want this port to function as a trunk? What are the other options for this field?

- I am sure that you do not want Enable Layer 3 Address to be enabled. What are the options for this field?

I believe that what you want is for port 41 to be an access port in vlan 20.

HTH

Rick

spd2612
Level 1
Level 1
 the setting for Port Fast indicates trunk. Do you really want this port to function as a trunk? What are the other options for this field?
Settings are Trunk,Access,Dynamic Auto and Dynamic Desirable

I am not against wiping this out and setting this up from scratch If I can get the commands to do so via command line

I tried setting 41 to ACCESS and Vlan 20 I then cannot access my mail server which is vlan 20

Port Fast is disabled