Matthew Cioffi
asked on
Reprogramming Catalyst 2960 switch
Hi,
I have inherited a complicated LAN that I'm trying to resolve some issues in.
Here is the situation:
The switch was configured with 4 VLANS and DHCP. The VLANS are listed below.
VLAN 36
VLAN 37
VLAN 39
VLAN 42
DHCP assigns ip addresses to devices plugged into the switch according to the VLAN ID, for example 192.168.36.21 and above. Same for 37, 39 and 42. I need to reprogram the DNS entry in DHCP. We removing a very small netgear router/firewall and replacing it with a Sonciwall NSA 2400. The environment is mostly Apple PC's and webcams. There is no internal DNS server, we are going to use the ISP routers IP address for the DNS entry, instead of the internal LAN device.
I have next to zero experience with configuring Catalyst switches, can someone help me understand how to reprogram this to have the settings I need?
Thanks.
I have inherited a complicated LAN that I'm trying to resolve some issues in.
Here is the situation:
The switch was configured with 4 VLANS and DHCP. The VLANS are listed below.
VLAN 36
VLAN 37
VLAN 39
VLAN 42
DHCP assigns ip addresses to devices plugged into the switch according to the VLAN ID, for example 192.168.36.21 and above. Same for 37, 39 and 42. I need to reprogram the DNS entry in DHCP. We removing a very small netgear router/firewall and replacing it with a Sonciwall NSA 2400. The environment is mostly Apple PC's and webcams. There is no internal DNS server, we are going to use the ISP routers IP address for the DNS entry, instead of the internal LAN device.
I have next to zero experience with configuring Catalyst switches, can someone help me understand how to reprogram this to have the settings I need?
Thanks.
If the catalyst switch is already in your environment, you don't need to reconfigure it if all you are changing is the dns server that your computers will be using. You just need to change the name server entry on your DHCP server, so that is assignes the new dns server to your computers.
ASKER
The catalyst switch is the DHCP server, it is doing DHCP, there is not another server doing the DHCP.
It was setup to assign an address to the device based on the port it is plugged into, each VLAN.
So I need to know how to change the DHCP settings that the switch is sending out to reflect where I want to send DNS requests.
It was setup to assign an address to the device based on the port it is plugged into, each VLAN.
So I need to know how to change the DHCP settings that the switch is sending out to reflect where I want to send DNS requests.
Can you post the current config?
ASKER
I'm not on site. I will be back in a few days. Is there a command you can send me that will produce the output you are looking for?
sh run
then copy it to a text file
then copy it to a text file
ASKER
Current configuration : 20156 bytes
!
! Last configuration change at 17:48:23 SUMMER Sun Mar 28 1993 by !admin!
!
version 15.0
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname CSW-LNX-2960-1
!
boot-start-marker
boot-end-marker
!
logging buffered 16384
enable secret 5 $1$L80Z$Ba1iCwlBSBme.NlVC9 Tpd0
!
username !support! privilege 15 password 7 100F05100B0F532B4F
username !admin! privilege 15 password 7 030852051E1A324D0F295A41
no aaa new-model
clock timezone EST -5 0
clock summer-time SUMMER recurring
system mtu routing 1500
vtp mode transparent
udld aggressive
no ip source-route
ip routing
no ip gratuitous-arps
ip dhcp excluded-address 192.168.36.1 192.168.36.20
ip dhcp excluded-address 192.168.39.1 192.168.39.20
ip dhcp excluded-address 192.168.42.1 192.168.42.20
ip dhcp excluded-address 192.168.37.1 192.168.37.20
!
ip dhcp pool User_Vlan
network 192.168.36.0 255.255.255.0
default-router 192.168.36.1
dns-server 192.168.36.1
!
ip dhcp pool Wireless_Vlan
network 192.168.37.0 255.255.255.0
default-router 192.168.37.1
dns-server 192.168.36.1
!
ip dhcp pool Video_Vlan
network 192.168.42.0 255.255.255.0
default-router 192.168.42.1
dns-server 192.168.36.1
!
ip dhcp pool Phone_Vlan
network 192.168.39.0 255.255.255.0
default-router 192.168.39.1
dns-server 192.168.36.1
!
ip dhcp pool test
!
!
no ip domain-lookup
ip domain-name xxxx-usa.com
login block-for 10 attempts 3 within 30
login delay 1
login on-failure log
!
mls qos map policed-dscp 0 10 18 24 46 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input cos-map queue 1 threshold 2 3
mls qos srr-queue input cos-map queue 1 threshold 3 6 7
mls qos srr-queue input cos-map queue 2 threshold 1 4
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue input dscp-map queue 2 threshold 3 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
crypto pki trustpoint TP-self-signed-1229112064
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-12291 12064
revocation-check none
rsakeypair TP-self-signed-1229112064
!
!
crypto pki certificate chain TP-self-signed-1229112064
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323239 31313230 3634301E 170D3933 30333031 30303236
30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32323931
31323036 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100ABE6 C11BD378 1296BBC2 480E4C52 B2E1C92F B58E395E 58BA60F6 7F339049
289DCD77 2A55AFE0 4A903F92 F546538E C1EB37EA 6AEFD6C2 06F08D18 9724A261
B3A0C5D9 4C1E212A 5531082C B3DD66C4 B74E943C DB364A0A 9A09AB25 96548B7E
F602FBA9 887217A4 6F669E9B 0E74B112 B5B438BE FA8D3ED0 32EE40EF 2B7AC60A
11FF0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F426F74 746F6D2E 4C696E78 2E636F6D 301F0603 551D2304
18301680 14D8170F 117D0752 D2734B3C F96939E1 CA642D67 08301D06 03551D0E
04160414 D8170F11 7D0752D2 734B3CF9 6939E1CA 642D6708 300D0609 2A864886
F70D0101 04050003 81810092 1D90EBC9 61C40043 E5205152 A4CA9979 00751CF3
B73BAA61 3630DEE4 215A4409 8070E09F FC327665 BD4FE626 C5630B5A 33A5AA98
1A275AD2 35680690 66864614 4D9C9A46 B23F7108 42C961DF 171D6434 6360B581
44912AF1 D6698EB8 C37AA11E 14C15FA4 B64CFC7C F69EB692 D2DE7B85 10BA59B8
7CDE8615 20A685CC 1A3A72
quit
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 90
auto qos srnd4
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 36
name User_Vlan
!
vlan 37
name Wireless_Vlan
!
vlan 39
name Phone_Vlan
!
vlan 42
name Video_Vlan
!
vlan 255
name Firewall_Vlan
!
!
class-map match-all AUTOQOS_VOIP_DATA_CLASS
match ip dscp ef
class-map match-all AUTOQOS_DEFAULT_CLASS
match access-group name AUTOQOS-ACL-DEFAULT
class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS
match ip dscp cs3
!
policy-map AUTOQOS-SRND4-CISCOPHONE-P OLICY
class AUTOQOS_VOIP_DATA_CLASS
set dscp ef
police 128000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_VOIP_SIGNAL_CLASS
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_DEFAULT_CLASS
set dscp default
police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
!
!
!
interface Port-channel1
description ***Port-Channel to CSW-LNX-2960-2***
switchport mode trunk
!
interface GigabitEthernet0/1
description *** To Firewall Port 0/2 ***
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet0/2
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/3
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/4
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/5
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/6
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/7
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/8
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/9
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/10
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/11
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/12
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/13
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/14
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/15
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/16
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/17
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/18
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/19
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/20
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P OLICY
!
interface GigabitEthernet0/21
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P OLICY
!
interface GigabitEthernet0/22
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P OLICY
!
interface GigabitEthernet0/23
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P OLICY
!
interface GigabitEthernet0/24
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P OLICY
!
interface GigabitEthernet0/25
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/26
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/27
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/28
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/29
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/30
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/31
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/32
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/33
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/34
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/35
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/36
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/37
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/38
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/39
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/40
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/41
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/42
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/43
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/44
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/45
description *** To CSW-LNX-2960-2 G0/45 ***
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
!
interface GigabitEthernet0/46
description *** To CSW-LNX-2960-2 G0/46 ***
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
!
interface GigabitEthernet0/47
description *** To CSW-LNX-2960-2 G0/47 ***
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
!
interface GigabitEthernet0/48
description *** To CSW-LNX-2960-2 G0/48 ***
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan36
description *** User_Vlan ***
ip address 192.168.36.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan37
description *** Wireless_Vlan ***
ip address 192.168.37.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan39
description *** Phone_Vlan ***
ip address 192.168.39.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan42
description *** Wireless_Vlan ***
ip address 192.168.42.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan255
description *** Firewall_Vlan ***
ip address 192.168.255.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
ip default-gateway 192.168.255.1
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.36.1
!
ip access-list extended AUTOQOS-ACL-DEFAULT
permit ip any any
logging esm config
logging facility local6
!
! Last configuration change at 17:48:23 SUMMER Sun Mar 28 1993 by !admin!
!
version 15.0
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname CSW-LNX-2960-1
!
boot-start-marker
boot-end-marker
!
logging buffered 16384
enable secret 5 $1$L80Z$Ba1iCwlBSBme.NlVC9
!
username !support! privilege 15 password 7 100F05100B0F532B4F
username !admin! privilege 15 password 7 030852051E1A324D0F295A41
no aaa new-model
clock timezone EST -5 0
clock summer-time SUMMER recurring
system mtu routing 1500
vtp mode transparent
udld aggressive
no ip source-route
ip routing
no ip gratuitous-arps
ip dhcp excluded-address 192.168.36.1 192.168.36.20
ip dhcp excluded-address 192.168.39.1 192.168.39.20
ip dhcp excluded-address 192.168.42.1 192.168.42.20
ip dhcp excluded-address 192.168.37.1 192.168.37.20
!
ip dhcp pool User_Vlan
network 192.168.36.0 255.255.255.0
default-router 192.168.36.1
dns-server 192.168.36.1
!
ip dhcp pool Wireless_Vlan
network 192.168.37.0 255.255.255.0
default-router 192.168.37.1
dns-server 192.168.36.1
!
ip dhcp pool Video_Vlan
network 192.168.42.0 255.255.255.0
default-router 192.168.42.1
dns-server 192.168.36.1
!
ip dhcp pool Phone_Vlan
network 192.168.39.0 255.255.255.0
default-router 192.168.39.1
dns-server 192.168.36.1
!
ip dhcp pool test
!
!
no ip domain-lookup
ip domain-name xxxx-usa.com
login block-for 10 attempts 3 within 30
login delay 1
login on-failure log
!
mls qos map policed-dscp 0 10 18 24 46 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input cos-map queue 1 threshold 2 3
mls qos srr-queue input cos-map queue 1 threshold 3 6 7
mls qos srr-queue input cos-map queue 2 threshold 1 4
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue input dscp-map queue 2 threshold 3 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
crypto pki trustpoint TP-self-signed-1229112064
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1229112064
!
!
crypto pki certificate chain TP-self-signed-1229112064
certificate self-signed 01
30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323239 31313230 3634301E 170D3933 30333031 30303236
30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32323931
31323036 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100ABE6 C11BD378 1296BBC2 480E4C52 B2E1C92F B58E395E 58BA60F6 7F339049
289DCD77 2A55AFE0 4A903F92 F546538E C1EB37EA 6AEFD6C2 06F08D18 9724A261
B3A0C5D9 4C1E212A 5531082C B3DD66C4 B74E943C DB364A0A 9A09AB25 96548B7E
F602FBA9 887217A4 6F669E9B 0E74B112 B5B438BE FA8D3ED0 32EE40EF 2B7AC60A
11FF0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603
551D1104 13301182 0F426F74 746F6D2E 4C696E78 2E636F6D 301F0603 551D2304
18301680 14D8170F 117D0752 D2734B3C F96939E1 CA642D67 08301D06 03551D0E
04160414 D8170F11 7D0752D2 734B3CF9 6939E1CA 642D6708 300D0609 2A864886
F70D0101 04050003 81810092 1D90EBC9 61C40043 E5205152 A4CA9979 00751CF3
B73BAA61 3630DEE4 215A4409 8070E09F FC327665 BD4FE626 C5630B5A 33A5AA98
1A275AD2 35680690 66864614 4D9C9A46 B23F7108 42C961DF 171D6434 6360B581
44912AF1 D6698EB8 C37AA11E 14C15FA4 B64CFC7C F69EB692 D2DE7B85 10BA59B8
7CDE8615 20A685CC 1A3A72
quit
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 90
auto qos srnd4
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 36
name User_Vlan
!
vlan 37
name Wireless_Vlan
!
vlan 39
name Phone_Vlan
!
vlan 42
name Video_Vlan
!
vlan 255
name Firewall_Vlan
!
!
class-map match-all AUTOQOS_VOIP_DATA_CLASS
match ip dscp ef
class-map match-all AUTOQOS_DEFAULT_CLASS
match access-group name AUTOQOS-ACL-DEFAULT
class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS
match ip dscp cs3
!
policy-map AUTOQOS-SRND4-CISCOPHONE-P
class AUTOQOS_VOIP_DATA_CLASS
set dscp ef
police 128000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_VOIP_SIGNAL_CLASS
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
class AUTOQOS_DEFAULT_CLASS
set dscp default
police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
!
!
!
interface Port-channel1
description ***Port-Channel to CSW-LNX-2960-2***
switchport mode trunk
!
interface GigabitEthernet0/1
description *** To Firewall Port 0/2 ***
switchport access vlan 255
switchport mode access
!
interface GigabitEthernet0/2
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/3
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/4
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/5
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/6
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/7
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/8
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/9
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/10
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/11
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/12
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/13
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/14
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/15
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/16
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/17
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/18
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/19
description ***Data Port***
switchport access vlan 36
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/20
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P
!
interface GigabitEthernet0/21
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P
!
interface GigabitEthernet0/22
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P
!
interface GigabitEthernet0/23
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P
!
interface GigabitEthernet0/24
description ***Phone Port***
switchport access vlan 39
switchport mode access
srr-queue bandwidth share 1 30 35 5
srr-queue bandwidth shape 10 0 0 0
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
storm-control broadcast level 10.50
storm-control action trap
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AUTOQOS-SRND4-CISCOPHONE-P
!
interface GigabitEthernet0/25
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/26
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/27
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/28
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/29
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/30
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/31
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/32
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/33
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/34
description ***Wireless Port***
switchport access vlan 37
switchport mode access
mls qos trust dscp
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/35
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/36
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/37
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/38
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/39
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/40
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/41
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/42
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/43
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/44
description ***Video Port***
switchport access vlan 42
switchport mode access
storm-control broadcast level 10.50
storm-control action trap
spanning-tree portfast
!
interface GigabitEthernet0/45
description *** To CSW-LNX-2960-2 G0/45 ***
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
!
interface GigabitEthernet0/46
description *** To CSW-LNX-2960-2 G0/46 ***
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
!
interface GigabitEthernet0/47
description *** To CSW-LNX-2960-2 G0/47 ***
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
!
interface GigabitEthernet0/48
description *** To CSW-LNX-2960-2 G0/48 ***
switchport mode trunk
mls qos trust dscp
channel-group 1 mode desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan36
description *** User_Vlan ***
ip address 192.168.36.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan37
description *** Wireless_Vlan ***
ip address 192.168.37.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan39
description *** Phone_Vlan ***
ip address 192.168.39.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan42
description *** Wireless_Vlan ***
ip address 192.168.42.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan255
description *** Firewall_Vlan ***
ip address 192.168.255.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
ip default-gateway 192.168.255.1
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.36.1
!
ip access-list extended AUTOQOS-ACL-DEFAULT
permit ip any any
logging esm config
logging facility local6
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
I hope to give this a try next week while I'm on site. Since this is not my area of expertise can you also tell me if the VLANS are tagged correctly? I need to configure the firewall to accept the VLANS and they should be tagged. If it is not too much trouble can you indicate in the output I provided where the tagging is referenced and if it is not tagged properly how I can change it.
From what I understand the firewall is looking for a numeric value for the tagging.
I would like to make sure I understand a couple things in the output:
PORT 13 on the switch is assigned to the 36 vlan, which is for the users (computers). Same for the other references like this.
interface GigabitEthernet0/13
description ***Data Port***
switchport access vlan 36
Lastly, can you tell me how to backup the config and restore if I mess it up? I want to back it up, change the DNS settings, create a second backup with the change then test. If anything is not working I want to restore the previous config.
Thank you again for the assistance.
I hope to give this a try next week while I'm on site. Since this is not my area of expertise can you also tell me if the VLANS are tagged correctly? I need to configure the firewall to accept the VLANS and they should be tagged. If it is not too much trouble can you indicate in the output I provided where the tagging is referenced and if it is not tagged properly how I can change it.
From what I understand the firewall is looking for a numeric value for the tagging.
I would like to make sure I understand a couple things in the output:
PORT 13 on the switch is assigned to the 36 vlan, which is for the users (computers). Same for the other references like this.
interface GigabitEthernet0/13
description ***Data Port***
switchport access vlan 36
Lastly, can you tell me how to backup the config and restore if I mess it up? I want to back it up, change the DNS settings, create a second backup with the change then test. If anything is not working I want to restore the previous config.
Thank you again for the assistance.
ASKER
Exactly what I was hoping for.
Thanks.
Thanks.
Cisco reference page index:
http://www.cisco.com/c/en/us/support/switches/catalyst-2960-series-switches/products-installation-and-configuration-guides-list.html
Catalyst 2960 Switch Getting Started Guide
http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/catalyst2960/hardware/quick/guide/9368.pdf
Catalyst 2960 Switch
Software Configuration Guide
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_40_se/configuration/guide/scg.pdf
Catalyst 2960 Switch Hardware
Installation Guide
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/hardware/installation/guide/2960_hg.pdf