I'm trying to set up a Guest VLAN for wireless at a client site, and I feel like I'm missing something small in the configuration, since I can't ping any of the VLAN interfaces from my laptop when the address is statically set to something in the 172.20.100.x range.
I've pasted the configs for the ASA 5505 and the 6 switches below for convenience. Near as I can tell, all should be well. The ports are in trunking mode, the "show cdp neighbors" command returns the proper information, VLAN 100 exists on all the switches, etc.
Hoping someone smarter than I can show me where I went wrong.
ASA:
Switch #1:
Switch #2:
Switch #3:
Switch #4:
Switch #5:
Switch #6
I've pasted the configs for the ASA 5505 and the 6 switches below for convenience. Near as I can tell, all should be well. The ports are in trunking mode, the "show cdp neighbors" command returns the proper information, VLAN 100 exists on all the switches, etc.
Hoping someone smarter than I can show me where I went wrong.
ASA:
Code:
ASA Version 7.2(4)
!
hostname ASA
domain-name xxxx.local
enable password Cj3LF.ehxXN3xVkxWcxd encrypted
passwd Cj3LF.ehxXN3xVkWcxd encrypted
names
name 172.20.0.7 xxxxx
name 172.20.0.3 xxxxx
!
interface Vlan1
nameif inside
security-level 100
ip address 172.20.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address xxxxxxxxxx 255.255.255.248
!
interface Vlan3
no nameif
no security-level
no ip address
!
interface Vlan100
nameif GUEST
security-level 10
ip address 172.20.100.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
switchport trunk allowed vlan 1,100
switchport trunk native vlan 1
switchport mode trunk
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
dns server-group DefaultDNS
domain-name xxxxxx.local
access-list inbound extended permit tcp any any eq https
access-list inbound extended permit tcp any any eq 3389
access-list inbound extended permit tcp any any eq www
access-list inbound extended permit tcp any host x eq 709
access-list inbound extended permit udp any host x eq isakmp
access-list inbound extended permit udp any host x eq 4500
access-list inbound extended permit esp any host x
access-list inbound extended permit icmp any host x
access-list inbound extended permit gre any host x
access-list inbound extended permit tcp any host x eq 709
access-list inbound extended permit udp any host x eq isakmp
access-list inbound extended permit udp any host x eq 4500
access-list inbound extended permit esp any host x
access-list inbound extended permit icmp any host x
access-list inbound extended permit tcp any host x eq 709
access-list inbound extended permit udp any host x eq isakmp
access-list inbound extended permit udp any host x eq 4500
access-list inbound extended permit esp any host x
access-list inbound extended permit icmp any host x
access-list inbound extended permit tcp any any eq 5900
access-list inbound extended permit gre any host x
access-list inbound extended permit tcp any host x eq 9964
access-list inbound extended permit tcp any host x eq 9964
access-list inbound extended permit tcp any host x eq 9964
access-list inbound extended permit tcp host x host x eq l
ap
access-list inbound extended permit tcp host x host x eq l
aps
access-list inbound extended permit tcp host x host x eq 3
37
access-list inbound extended permit tcp host x host x eq
3437
access-list inbound extended permit tcp host x any eq smtp
access-list inbound extended permit tcp host x any eq ldap
access-list vpn-acl extended permit ip 192.168.100.0 255.255.255.0 172.20.0.0 2
5.255.255.0
access-list vpn-acl extended permit ip 172.20.0.0 255.255.255.0 192.168.100.0 2
5.255.255.0
pager lines 24
logging enable
logging trap notifications
logging asdm informational
logging host inside server
mtu inside 1500
mtu outside 1500
mtu GUEST 1500
ip local pool clientpool 192.168.100.1-192.168.100.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list vpn-acl
nat (inside) 1 0.0.0.0 0.0.0.0
nat (GUEST) 1 172.20.100.0 255.255.255.0
static (inside,outside) tcp interface ldap misys ldap netmask 255.255.255.255
static (inside,outside) tcp interface smtp server smtp netmask 255.255.255.255
static (inside,outside) tcp interface https server https netmask 255.255.255.25
static (inside,outside) tcp interface www server www netmask 255.255.255.255
static (inside,outside) tcp interface 3437 server ldap netmask 255.255.255.255
static (inside,outside) xxxxxx 172.20.0.49 netmask 255.255.255.255
static (inside,outside) xxxxxxxx 172.20.0.37 netmask 255.255.255.255
static (inside,outside) xxxxxxxxxxxx 172.20.0.145 netmask 255.255.255.255
access-group inbound in interface outside
route outside 0.0.0.0 0.0.0.0 xxxxxxxxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa-server vpn protocol radius
aaa-server vpn (inside) host server
key cisco11
http server enable
http 172.20.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map cisco 1 set transform-set myset
crypto map dyn-map 20 ipsec-isakmp dynamic cisco
crypto map dyn-map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp nat-traversal 20
telnet 172.20.0.0 255.255.255.0 inside
telnet 172.20.0.0 255.255.255.255 inside
telnet timeout 5
ssh sssssss 255.255.255.255 outside
ssh xxxxxxxxxxxx 255.255.255.255 outside
ssh timeout 60
console timeout 0
dhcpd auto_config outside
!
dhcpd address 172.20.100.100-172.20.100.199 GUEST
dhcpd dns 4.2.2.2 8.8.8.8 interface GUEST
dhcpd enable GUEST
!
group-policy ssss internal
group-policysssss attributes
wins-server value 172.20.0.3
dns-server value 172.20.0.3
vpn-idle-timeout 30
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-acl
default-domain value sssss.local
split-dns value ssss.local
nem enable
tunnel-group sssvpn type ipsec-ra
tunnel-group sssvpn general-attributes
address-pool clientpool
authentication-server-group vpn
default-group-policyssssvpn
tunnel-group sssvpn ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:c721a056be2a89ba04e72e5cc644b3dd
: end
Switch #1:
Code:
Current configuration : 5030 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xx-xxx-Switch1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$29wsC$rxYVgLdspQRV.J18yjFYYe.
!
!
!
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
!
!
!
crypto pki trustpoint TP-self-signed-114779136
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-114779136
revocation-check none
rsakeypair TP-self-signed-114779136
!
!
crypto pki certificate chain TP-self-signed-114779136
certificate self-signed 01
30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313437 37393133 36301E17 0D393330 33303130 30303233
345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3131 34373739
31333630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BCCD20B8 0EC58A7B 06DE89F8 5DD69260 299F80D8 56ED0E8A 545E2B94 D1ABF1E8
8F2BD193 56EF3FEB 7686D2B5 D744F272 3A2D6C3C 93E92F81 2995E78F E411A70A
A63CB96E 5E49D4F3 426AA707 770E531F 3176BD47 4F919A41 2DDA1478 16FD7BF5
DA54BBB5 907E6009 D1AC0B96 D572C003 083D2A33 18995AC4 00417D7E 8E6D44E9
02030100 01A37230 70300F06 03551D13 0101FF04 05300301 01FF301D 0603551D
11041630 14821243 502D4365 6E746572 2D537769 74636831 2E301F06 03551D23
04183016 80140FE3 0EDB89A8 58E0D98C 596AB844 E228598B F767301D 0603551D
0E041604 140FE30E DB89A858 E0D98C59 6AB844E2 28598BF7 67300D06 092A8648
86F70D01 01040500 03818100 19A28842 4F7C8D2C 75CECDB0 CE0CC913 56408BC2
D698AA8B ADFC8A3C D814C590 75EE1372 BF83763E 7A446CCE 1D399782 907DBA3E
DF04EFF4 E48D6D8C 7DDC852F 16534FD4 75FB713B EC0088DB 2C351BF8 F342A0D0
C0998CDB 53803208 4AC5E4AE DD945993 D3057570 039A0F25 49920153 785EB3BD
9DBDFE12 B6DE5C18 362B4A1A
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/5
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/6
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/7
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/8
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/9
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/10
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/11
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/13
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/14
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/15
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/16
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/17
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/18
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/19
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/20
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/22
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 172.20.0.64 255.255.255.0
!
interface Vlan100
ip address 172.20.100.2 255.255.255.0
!
ip default-gateway 172.20.0.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
banner motd ^C
******************************************
Unauthorized access prohibited!
******************************************
^C
!
line con 0
password 7 04783sB050sssA2F581sD3B58
login
line vty 0 4
password 7 04783B050Assss2F581Ds3B58
login
line vty 5 15
password 7 05283ss60C24425sA5A2B44
login
!
end
Switch #2:
Code:
Current configuration : 5435 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ss-ssss-Switch2
!
enable secret 5 $1$wOusN$M2rkLms0/Pf0Jdw7sfbAf320
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/2
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/5
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/6
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/7
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/9
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/10
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/11
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/12
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/13
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/14
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/15
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/16
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/17
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/18
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/19
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/20
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/21
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/22
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/23
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/24
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/25
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/26
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/27
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/28
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/29
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/30
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/31
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/32
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/33
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/34
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/35
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/36
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/37
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/38
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/39
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/40
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/41
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/42
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/43
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/44
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/45
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/46
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/47
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/48
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface Vlan1
ip address 172.20.0.40 255.255.255.0
no ip route-cache
!
interface Vlan100
ip address 172.20.100.3 255.255.255.0
no ip route-cache
!
ip default-gateway 172.20.0.1
ip http server
logging 172.20.0.2
!
control-plane
!
!
line con 0
line vty 0 4
password 7 0027230F0Af58585558
login
line vty 5 15
password 7 15313B050sA29f78777F
login
!
end
Switch #3:
Code:
Current configuration : 5601 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ss-sss-Switch3
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
!
!
!
crypto pki trustpoint TP-self-signed-3885847552
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3885847552
revocation-check none
rsakeypair TP-self-signed-3885847552
!
!
crypto pki certificate chain TP-self-signed-3885847552
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383835 38343735 3532301E 170D3933 30333031 30303032
33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383538
34373535 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C4DC B1CEABF9 D9E4E4DF ACF2DAF1 EF519967 F8F82B6A E301C200 C7DF0057
7A46BD94 557AC07B D0589FA1 EB69CEA9 A43AA670 EB672A9D 70F9301A 6E33AE88
EEB0A8B0 504C9795 3A2EF8CF 52B1983E 4624A32C 80C7C72C 61F42DBC A748455B
8DEB12D3 525F8543 61BBF5DA BCF1F245 36938CAD 9EF9D8D8 1EEB1DD6 F0518AB6
620B0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
551D1104 16301482 1243502D 43656E74 65722D53 77697463 68332E30 1F060355
1D230418 30168014 E2D5CF8E 8C1AB427 A2A2BC7E 6DECE7C4 1D5BCE17 301D0603
551D0E04 160414E2 D5CF8E8C 1AB427A2 A2BC7E6D ECE7C41D 5BCE1730 0D06092A
864886F7 0D010104 05000381 81007FF0 9BC11ADD 2149B90A EDA5A6F4 C9BCA309
D3DFC64F ECA4E9B3 3D7276CE C8580CD3 CE7CC19D BC17829B A0BBC023 7103EB37
FE02F7CC 7C6B79BE 2D659398 3C35D802 0195D0FC EEE99535 D6AC84C5 CC4E503C
D59951C3 0D9D7C2F 3B059F3A 739C2620 C69C7E38 AAEA7A7C 9E58F02F 3585B9A1
9136D70A 8EAC84FF A0D2358A 5E3A
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/14
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/16
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/17
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/19
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/20
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/21
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/22
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/25
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/26
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/27
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/28
switchport mode access
spanning-tree portfast
!
interface Vlan1
ip address 172.20.0.41 255.255.255.0
!
interface Vlan100
ip address 172.20.100.4 255.255.255.0
!
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
password 7 112A2906121Cf1F5F366B
logging synchronous
login
line vty 0 4
password 7 112A290f6121C1F5F366B
logging synchronous
login
line vty 5 15
password 7 123A351417f051857186A
logging synchronous
login
!
end
Switch #4:
Code:
Current configuration : 5631 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xx-xxx-Switch4
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
!
!
!
crypto pki trustpoint TP-self-signed-3882734208
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3882734208
revocation-check none
rsakeypair TP-self-signed-3882734208
!
!
crypto pki certificate chain TP-self-signed-3882734208
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383832 37333432 3038301E 170D3933 30333031 30303032
33335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383237
33343230 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CB5E 6EF7838B 4B3E6AC8 3B956DE2 34C44609 802A7A35 94FE532F 5E008EF7
DF7CF1FD 196FC713 D40605C2 6644B5EE FBD1B207 8DF0E64A 13F78EE8 829D4C68
AD6CFEE1 ABFD864E 62C4E76B 899A0DA2 3935689A A05B7615 FF7BF4A9 11048357
799C26B7 796B79C7 0A35BD07 85A9AB2F CBDF6760 718E93B7 E2EDE437 7FC48971
84A50203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
551D1104 16301482 1243502D 43656E74 65722D53 77697463 68342E30 1F060355
1D230418 30168014 9C124FFC FBDF845A 14E92A47 952D3DA8 A3D03A6B 301D0603
551D0E04 1604149C 124FFCFB DF845A14 E92A4795 2D3DA8A3 D03A6B30 0D06092A
864886F7 0D010104 05000381 81007643 E3E1CD92 8BA1C53C 07030397 B38990D0
B26EC403 85794FEF 871DFD95 7D714AAF 84718417 0EDC4834 483B89BA DC7DFE1B
D869806B 5D544D14 0D074721 CDA60786 B44C94DA 4DD3036E 22A42DA1 21F8A071
6A590C75 FF80F1C6 A3E4FA9C 4C17EE14 EA2EF129 8385EF86 DD3638DE 4C3AD58C
9ACEEBAE 8C53BD5E 2C619C47 FC25
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/14
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/16
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/17
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/19
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/20
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/21
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/22
switchport trunk allowed vlan 1,100
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/25
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/26
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/27
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/28
switchport mode access
spanning-tree portfast
!
interface Vlan1
ip address 172.20.0.42 255.255.255.0
!
interface Vlan100
ip address 172.20.100.5 255.255.255.0
!
ip default-gateway 172.20.0.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
password 7 1434220x809x0A3E781669
logging synchronous
login
line vty 0 4
password 7 1x43x22080x90A3E781669
logging synchronous
login
line vty 5 15
password 7 096F7E0xA1C0B0341394D
logging synchronous
login
!
end
Switch #5:
Code:
Current configuration : 5002 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xx-xxx-Switch5
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$wIWz$D/HRx4KGpnzJKyYh3K3Cvk.
!
!
!
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
!
!
!
crypto pki trustpoint TP-self-signed-114781056
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-114781056
revocation-check none
rsakeypair TP-self-signed-114781056
!
!
crypto pki certificate chain TP-self-signed-114781056
certificate self-signed 01
30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313437 38313035 36301E17 0D393330 33303130 30303233
375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3131 34373831
30353630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
CFD43D12 82FC4240 6CE4658A 9A6E9619 FE5BCE49 6B7A720B F09F6E44 BC35983B
9804B2E8 2EBDED0A FECA623D 60B8EFB9 F291A1FF A0E5DB9A 24E8E1B1 D38FE6CF
2F9B85A6 F218C2F2 5C00EFDD 73D32292 C3D9D70F E26A30D7 25DD191D DCA903F9
882F2DD2 3D16BAA5 3EE9311A B1ED92D4 0D2BF370 B6120534 B806D706 B85AFE0D
02030100 01A37230 70300F06 03551D13 0101FF04 05300301 01FF301D 0603551D
11041630 14821243 502D4365 6E746572 2D537769 74636832 2E301F06 03551D23
04183016 80140FA3 4E9B0AE9 140D2637 CBE87E3A 4A06A40B 0AA7301D 0603551D
0E041604 140FA34E 9B0AE914 0D2637CB E87E3A4A 06A40B0A A7300D06 092A8648
86F70D01 01040500 03818100 8F8EBBFB 15642BF5 96F2869E 95A67420 5BD866C9
8A5E2DC3 2473C2F9 00E1D0E5 24EBC70E A481CBDA 7569FA98 F197A3EE 6BC552B2
CCDDFDEF 042699E5 0BFAB84A 7AE6F0CE 42181B36 8A4BD2DB 0A3F2FB2 79C9490F
E50CBF46 5F996367 B213844B 50530A0A 26786166 FE981E52 4E60DEF6 149C57B5
7758994C F152A53E 9E131EA1
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/4
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/5
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/6
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/7
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/8
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/9
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/10
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/11
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/13
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/14
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/15
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/16
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/17
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/18
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/19
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/20
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/22
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 172.20.0.43 255.255.255.0
!
interface Vlan100
ip address 172.20.100.6 255.255.255.0
!
ip default-gateway 172.20.0.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
banner motd ^C
*********************************
Unauthorized Access Prohibited!
*********************************
^C
!
line con 0
password 7 080x27C4D0C17x1144204A
login
line vty 0 4
password 7 080x27C4xD0C171144204A
login
line vty 5 15
password 7 112Ax29061x21C1F5F366B
login
!
end
Switch #6
Code:
Current configuration : 5167 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xx-xxx-Switch6
!
enable secret 5 $1$NDTK$Epo/raKWvbuxetqp2cku541
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/3
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/4
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/5
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/6
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/7
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/9
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/10
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/11
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/12
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/13
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/14
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/15
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/16
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/17
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/18
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/19
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/20
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/21
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/22
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/23
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/24
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/25
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/26
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/27
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/28
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/29
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/30
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/31
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/32
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/33
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/34
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/35
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/36
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/37
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/38
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/39
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/40
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/41
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/42
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/43
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/44
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/45
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/46
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/47
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface FastEthernet0/48
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface Vlan1
ip address 172.20.0.44 255.255.255.0
no ip route-cache
!
interface Vlan100
ip address 172.20.100.7 255.255.255.0
no ip route-cache
!
ip default-gateway 172.20.0.1
ip http server
logging 172.20.0.2
!
control-plane
!
!
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
!
end
Last edited: