Solved

Programming a Cisco Catalyst 2960 for VLANS

Posted on 2014-04-18
23
941 Views
Last Modified: 2014-05-15
Hi Folks,

I have inherited a situation where I'm somewhat out of my element.  I have to check and reprogram if necessary 2 Cisco Catalyst 2960 switches.  I have very little experience with these and need some guidance on setting these up properly.

Things I need:
1. How to back up the current config for restore if everything gets messed up.
2. How to restore the backup if needed.
3. How to check and see if the VLANS configured already are done correctly.
     a. is the trunking port setup properly
     b. are the vlans getting tagged correctly
4. How to program the switch for VLANS with a trunk port and VLAN tagging

thanks very much.
0
Comment
Question by:mcioffi209
  • 9
  • 8
  • 3
  • +1
23 Comments
 
LVL 17

Expert Comment

by:Spartan_1337
ID: 40008977
1. Download PUTTY.. free tool and simple to use. Just log into switch with Putty (set logging in Putty to save everything to log file first) then just
   a. Set terminal 0 (this will prevent breaks for the following command)
   b. Show run - this will output the entire config of the switch.
exit and you have a backup of your switch.
2. To restore, just cut and paste backup (previous step) into switch
3. Tricky question, for that you will have to post config and see if there is anything odd.
4. Commands required:
  conf t
  Interface (fa/gi) (1/1 or 1/0/1) ex: int gi1/0/1
  switchport trunk encapsulation dot1q **This allows port to become trunk
  switchport mode trunk ***sets port to trunk
  switchport trunk allowed vlan (whatever VLAN's you have or want to pass, put here)
0
 
LVL 10

Expert Comment

by:Rafael
ID: 40009629
Here is a link to the Cisco configuration for your switch.

To help you can log into your switch and do a Show Tech command. This will create a clean copy of your config (no Passwords) HOWEVER, you must be able to capture the logging of the output as it will be long. So make sure you're able to capture it. Putty will do this when you configure it properly.
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 40009645
1. run the following on the command line "copy running-config flash:/backup.cfg". I would also recommend running the command "copy running-config startup-config" before doing anything. This will allow you to perform number 2 as follows.
2. If your configuration gets messed up, *AND* you have not written the config, just power cycle and it will revert to the current startup config. If that is not an option for you, you can simply run "copy flash:/backup.cfg running-config".
3. Run the command "show int trunk". This will display all currently active trunk interfaces and what VLANs are allowed on them. You can also run the command "sh vlan" to see a list of all VLANs configured on the switch.
4. To configure additional trunk interfaces, just follow what Spartan_1337 wrote for his number 4.
0
 

Author Comment

by:mcioffi209
ID: 40009758
So I have the output from the show int trunk and the sh vlan.  Can you tell me if this is setup properly?  Can I fix the VLANS and tag them properly?

CSW-LNX-2960-1#show int trunk

Port        Mode             Encapsulation  Status        Native vlan
Po1         on               802.1q         trunking      1

Port        Vlans allowed on trunk
Po1         1-4094

Port        Vlans allowed and active in management domain
Po1         1,36-37,39,42,255

Port        Vlans in spanning tree forwarding state and not pruned
Po1         1,36-37,39,42,255
CSW-LNX-2960-1#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/45
36   User_Vlan                        active    Gi0/2, Gi0/3, Gi0/4, Gi0/5
                                                Gi0/6, Gi0/7, Gi0/8, Gi0/9
                                                Gi0/10, Gi0/11, Gi0/12, Gi0/13
                                                Gi0/14, Gi0/15, Gi0/16, Gi0/17
                                                Gi0/18, Gi0/19
37   Wireless_Vlan                    active    Gi0/25, Gi0/26, Gi0/27, Gi0/28
                                                Gi0/29, Gi0/30, Gi0/31, Gi0/32
                                                Gi0/33, Gi0/34
39   Phone_Vlan                       active    Gi0/20, Gi0/21, Gi0/22, Gi0/23
                                                Gi0/24
42   Video_Vlan                       active    Gi0/35, Gi0/36, Gi0/37, Gi0/38
                                                Gi0/39, Gi0/40, Gi0/41, Gi0/42
                                                Gi0/43, Gi0/44
255  Firewall_Vlan                    active    Gi0/1
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
36   enet  100036     1500  -      -      -        -    -        0      0
37   enet  100037     1500  -      -      -        -    -        0      0
39   enet  100039     1500  -      -      -        -    -        0      0
42   enet  100042     1500  -      -      -        -    -        0      0
255  enet  100255     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------


The full config is below.

CSW-LNX-2960-1#
CSW-LNX-2960-1#
CSW-LNX-2960-1#sh run
Building configuration...

Current configuration : 20156 bytes
!
! Last configuration change at 17:48:23 SUMMER Sun Mar 28 1993 by !admin!
!
version 15.0
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
service counters max age 5
!
hostname CSW-LNX-2960-1
!
boot-start-marker
boot-end-marker
!
logging buffered 16384
enable secret 5 $1$L80Z$Ba1iCwlBSBme.NlVC9Tpd0
!
username !support! privilege 15 password 7 100F05100B0F532B4F
username !admin! privilege 15 password 7 030852051E1A324D0F295A41
no aaa new-model
clock timezone EST -5 0
clock summer-time SUMMER recurring
system mtu routing 1500
vtp mode transparent
udld aggressive

no ip source-route
ip routing
no ip gratuitous-arps
ip dhcp excluded-address 192.168.36.1 192.168.36.20
ip dhcp excluded-address 192.168.39.1 192.168.39.20
ip dhcp excluded-address 192.168.42.1 192.168.42.20
ip dhcp excluded-address 192.168.37.1 192.168.37.20
!
ip dhcp pool User_Vlan
   network 192.168.36.0 255.255.255.0
   default-router 192.168.36.1 
   dns-server 192.168.36.1 
!
ip dhcp pool Wireless_Vlan
   network 192.168.37.0 255.255.255.0
   default-router 192.168.37.1 
   dns-server 192.168.36.1 
!
ip dhcp pool Video_Vlan
   network 192.168.42.0 255.255.255.0
   default-router 192.168.42.1 
   dns-server 192.168.36.1 
!
ip dhcp pool Phone_Vlan
   network 192.168.39.0 255.255.255.0
   default-router 192.168.39.1 
   dns-server 192.168.36.1 
!
ip dhcp pool test
!
!
no ip domain-lookup
ip domain-name linx-usa.com
login block-for 10 attempts 3 within 30
login delay 1
login on-failure log
!
mls qos map policed-dscp  0 10 18 24 46 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input cos-map queue 1 threshold 2 3
mls qos srr-queue input cos-map queue 1 threshold 3 6 7
mls qos srr-queue input cos-map queue 2 threshold 1 4
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue input dscp-map queue 2 threshold 3 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
crypto pki trustpoint TP-self-signed-1229112064
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1229112064
 revocation-check none
 rsakeypair TP-self-signed-1229112064
!
!
crypto pki certificate chain TP-self-signed-1229112064
 certificate self-signed 01
  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 31323239 31313230 3634301E 170D3933 30333031 30303236 
  30375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32323931 
  31323036 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100ABE6 C11BD378 1296BBC2 480E4C52 B2E1C92F B58E395E 58BA60F6 7F339049 
  289DCD77 2A55AFE0 4A903F92 F546538E C1EB37EA 6AEFD6C2 06F08D18 9724A261 
  B3A0C5D9 4C1E212A 5531082C B3DD66C4 B74E943C DB364A0A 9A09AB25 96548B7E 
  F602FBA9 887217A4 6F669E9B 0E74B112 B5B438BE FA8D3ED0 32EE40EF 2B7AC60A 
  11FF0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 
  551D1104 13301182 0F426F74 746F6D2E 4C696E78 2E636F6D 301F0603 551D2304 
  18301680 14D8170F 117D0752 D2734B3C F96939E1 CA642D67 08301D06 03551D0E 
  04160414 D8170F11 7D0752D2 734B3CF9 6939E1CA 642D6708 300D0609 2A864886 
  F70D0101 04050003 81810092 1D90EBC9 61C40043 E5205152 A4CA9979 00751CF3 
  B73BAA61 3630DEE4 215A4409 8070E09F FC327665 BD4FE626 C5630B5A 33A5AA98 
  1A275AD2 35680690 66864614 4D9C9A46 B23F7108 42C961DF 171D6434 6360B581 
  44912AF1 D6698EB8 C37AA11E 14C15FA4 B64CFC7C F69EB692 D2DE7B85 10BA59B8 
  7CDE8615 20A685CC 1A3A72
  	quit
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 90
auto qos srnd4
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 36
 name User_Vlan
!
vlan 37
 name Wireless_Vlan
!
vlan 39
 name Phone_Vlan
!
vlan 42
 name Video_Vlan
!
vlan 255
 name Firewall_Vlan
!
!
class-map match-all AUTOQOS_VOIP_DATA_CLASS
  match ip dscp ef 
class-map match-all AUTOQOS_DEFAULT_CLASS
  match access-group name AUTOQOS-ACL-DEFAULT
class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS
  match ip dscp cs3 
!
policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY
 class AUTOQOS_VOIP_DATA_CLASS
   set dscp ef
  police 128000 8000 exceed-action policed-dscp-transmit
 class AUTOQOS_VOIP_SIGNAL_CLASS
   set dscp cs3
  police 32000 8000 exceed-action policed-dscp-transmit
 class AUTOQOS_DEFAULT_CLASS
   set dscp default
  police 10000000 8000 exceed-action policed-dscp-transmit
!
!
!
!
!
!
interface Port-channel1
 description ***Port-Channel to CSW-LNX-2960-2***
 switchport mode trunk
!
interface GigabitEthernet0/1
 description *** To Firewall Port 0/2 ***
 switchport access vlan 255
 switchport mode access
!
interface GigabitEthernet0/2
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/3
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/4
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/5
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/6
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/7
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/8
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/9
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/10
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/11
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/12
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/13
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/14
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/15
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/16
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/17
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/18
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/19
 description ***Data Port***
 switchport access vlan 36
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/20
 description ***Phone Port***
 switchport access vlan 39
 switchport mode access
 srr-queue bandwidth share 1 30 35 5
 srr-queue bandwidth shape 10 0 0 0
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust cos
 storm-control broadcast level 10.50
 storm-control action trap
 auto qos voip cisco-phone 
 spanning-tree portfast
 service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
!
interface GigabitEthernet0/21
 description ***Phone Port***
 switchport access vlan 39
 switchport mode access
 srr-queue bandwidth share 1 30 35 5
 srr-queue bandwidth shape 10 0 0 0
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust cos
 storm-control broadcast level 10.50
 storm-control action trap
 auto qos voip cisco-phone 
 spanning-tree portfast
 service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
!
interface GigabitEthernet0/22
 description ***Phone Port***
 switchport access vlan 39
 switchport mode access
 srr-queue bandwidth share 1 30 35 5
 srr-queue bandwidth shape 10 0 0 0
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust cos
 storm-control broadcast level 10.50
 storm-control action trap
 auto qos voip cisco-phone 
 spanning-tree portfast
 service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
!
interface GigabitEthernet0/23
 description ***Phone Port***
 switchport access vlan 39
 switchport mode access
 srr-queue bandwidth share 1 30 35 5
 srr-queue bandwidth shape 10 0 0 0
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust cos
 storm-control broadcast level 10.50
 storm-control action trap
 auto qos voip cisco-phone 
 spanning-tree portfast
 service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
!
interface GigabitEthernet0/24
 description ***Phone Port***
 switchport access vlan 39
 switchport mode access
 srr-queue bandwidth share 1 30 35 5
 srr-queue bandwidth shape 10 0 0 0
 priority-queue out 
 mls qos trust device cisco-phone
 mls qos trust cos
 storm-control broadcast level 10.50
 storm-control action trap
 auto qos voip cisco-phone 
 spanning-tree portfast
 service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
!
interface GigabitEthernet0/25
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/26
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/27
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/28
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/29
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/30
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/31
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/32
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/33
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/34
 description ***Wireless Port***
 switchport access vlan 37
 switchport mode access
 mls qos trust dscp
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/35
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/36
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/37
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/38
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/39
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/40
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/41
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/42
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/43
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/44
 description ***Video Port***
 switchport access vlan 42
 switchport mode access
 storm-control broadcast level 10.50
 storm-control action trap
 spanning-tree portfast
!
interface GigabitEthernet0/45
 description *** To CSW-LNX-2960-2 G0/45 ***
 switchport mode trunk
 mls qos trust dscp
 channel-group 1 mode desirable
!
interface GigabitEthernet0/46
 description *** To CSW-LNX-2960-2 G0/46 ***
 switchport mode trunk
 mls qos trust dscp
 channel-group 1 mode desirable
!
interface GigabitEthernet0/47
 description *** To CSW-LNX-2960-2 G0/47 ***
 switchport mode trunk
 mls qos trust dscp
 channel-group 1 mode desirable
!
interface GigabitEthernet0/48
 description *** To CSW-LNX-2960-2 G0/48 ***
 switchport mode trunk
 mls qos trust dscp
 channel-group 1 mode desirable
!
interface Vlan1
 no ip address
 shutdown 
!
interface Vlan36
 description *** User_Vlan ***
 ip address 192.168.36.2 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan37
 description *** Wireless_Vlan ***
 ip address 192.168.37.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan39
 description *** Phone_Vlan ***
 ip address 192.168.39.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan42
 description *** Wireless_Vlan ***
 ip address 192.168.42.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan255
 description *** Firewall_Vlan ***
 ip address 192.168.255.2 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
ip default-gateway 192.168.255.1
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.36.1
!
ip access-list extended AUTOQOS-ACL-DEFAULT
 permit ip any any
logging esm config
logging facility local6
banner exec ^CCCC
  Device Name: CSW-LNX-2960-1
      Company: Linx
         Site: Wellesley
      Address: 141 Linden Street
         City: Wellesley, MA 02482
       Switch: WS-C2960G-48TC-L
Serial Number: FOC1144Z784
^C
banner motd ^CCCC
 * * * AUTHORIZED ACCESS ONLY * * *
Individuals using this system with or without proper authority
are subject to having all of their activities on this system
monitored and recorded.  Anyone using this system expressly
consents to such monitoring and to all appropriate disclosure
of any evidence of violation of the Firm's rules including,
but not limited to, criminal activity.
 * * * AUTHORIZED ACCESS ONLY * * *
^C
!
line con 0
 login local
line vty 0 4
 login local
 length 0
 transport input ssh
 transport output ssh
line vty 5 15
 login local
 transport input ssh
 transport output ssh
!
end

Open in new window

0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 40012421
Everything appears to be in good order, however I do not know the current status of your network, as in is everything currently working. Among the VLANs that are listed in the output above, are the two VLANs that you are looking to add among them? As for tagging VLANs, everything as far as current VLANs look to have a path of some sort, whether in access mode or trunk mode.

Can you tell me if you still need to add VLANs or if they're there currently?
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 40012428
Also, your trunk ports are all part of an etherchannel (Port-channel interface), where they're "bonded" to be seen as 1 logical path, and frames are load-balanced in some method across 4 different interfaces. According to the configuration, these ports, Gi0/45-48, are all connecting to a CSW-LNX-2960-2, which I assume is the other switch in your network.
0
 

Author Comment

by:mcioffi209
ID: 40012535
Hello Jordan,

Yes there is a second switch in the network.

What I need to do is ensure that the switches are passing the traffic properly so that my Sonicwall firewall can see the traffic from the VLANS.  

The only VLANS we have are the ones that are already built, but the problem I was having is that when I connected the firewall to the switch nothing worked properly.  It looked like the traffic was not getting tagged properly for the firewall to see it coming out of the switch.  

I setup sub interfaces on the firewall for each vlan according to the proper practices for vlans but only one vlan worked.  The 36.x seemed to be ok, but none of the others seemed to work properly.

So what I need to figure out is:
Do we have a proper trunk port setup?  If so which one is it?  Could I remove port 2 from the 36.x vlan and set that up as the trunk port passing the traffic and have the VLANS properly tagged so that the sonicwall will see them?  Right now I have to do most of this remotely.  I can connect remotely and change the switches and the firewall.  If I can change the trunk port then I do not need to be onsite.

Does that make sense?

Thanks very much.
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 40013259
I would make port 2 a trunk port with the following configuration...

interface GigabitEthernet0/1
 description *** To Firewall Port 0/2 ***
 switchport mode trunk
 
...then I would make sure that the devices on your network are using the firewall as their gateways. Trying to make this 2960 switch perform inter-VLAN routing, I just don't see the need for it when you have a device that will provide that functionality, as well as a point of access control.
0
 

Author Comment

by:mcioffi209
ID: 40013340
Thank you. I will see about trying that.

Can you tell me if the switch is set to tag the vlans properly?

Also, if I change port 2 to the trunking port will I need to alter ip settings for the firewall?   Right now port 2 from the switch is connected to the LAN port on the firewall as 192.168.36.1 on the firewall side.  Would this need to be different?
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 40013388
The VLANs are all allowed across the trunk links, as is default. There should be no need to do anything past configuring port 2 as a trunk port.

As for the firewall, you'll need to configure an IP address on each VLAN sub-interface on the sonicwall device.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 40013391
Alternatively, based on your current configuration, you can leave the switch alone entirely, change the firewall to have IP address 192.168.255.1/24 on the LAN interface, with no sub interfaces or VLAN configurations, connect it to port 2 on the switch. You will need to add routes for the rest of your LAN subnets on the firewall though so that it knows how to get to each. You may also need to modify your NAT configurations on the sonicwall to allow the rest of the subnets to be NAT'd.
0
 

Author Comment

by:mcioffi209
ID: 40018228
Hi Jordan,

I have routes right now and it is causing issues.  We have to reboot the firewall every day to "clear" it out.  Performance suffers greatly in about 18 - 24 hours.  A reboot clear it up and it works fine for a short time.

Can you tell from the details I sent that I have the proper VLAN ID's?  To me it looks like they should be 37, 39 and 42.  The sonicwall only allows 4 characters in the VLAN TAG window.

Is this the proper details I should be looking at, where VLAN 1,36,37,39,42 are the id's that are tagged?  

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/45
36   User_Vlan                        active    Gi0/2, Gi0/3, Gi0/4, Gi0/5
                                                Gi0/6, Gi0/7, Gi0/8, Gi0/9
                                                Gi0/10, Gi0/11, Gi0/12, Gi0/13
                                                Gi0/14, Gi0/15, Gi0/16, Gi0/17
                                                Gi0/18, Gi0/19
37   Wireless_Vlan                    active    Gi0/25, Gi0/26, Gi0/27, Gi0/28
                                                Gi0/29, Gi0/30, Gi0/31, Gi0/32
                                                Gi0/33, Gi0/34
39   Phone_Vlan                       active    Gi0/20, Gi0/21, Gi0/22, Gi0/23
                                                Gi0/24
42   Video_Vlan                       active    Gi0/35, Gi0/36, Gi0/37, Gi0/38
                                                Gi0/39, Gi0/40, Gi0/41, Gi0/42
                                                Gi0/43, Gi0/44
0
 
LVL 10

Expert Comment

by:Rafael
ID: 40018319
That seems to be right. Why do you have to reboot your FW to "Clear it out" are you running in DEBUG mode or have logging turned all the way up? You might want to check that as well.
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 40018329
That does look accurate. You should have VLANs 1,36-37,39,42 configured on your firewall, with IP addresses as the gateways, and just configure port 2 as a trunk port, as posted above. Make sure to remove the IP addresses from the SVI interfaces ("interface vlan xx") so that there is no conflict, and that the switch is no longer acting as the gateway.
0
 

Author Comment

by:mcioffi209
ID: 40018348
Interesting idea about debugging mode and logging. I don't think so, but i will check.

It was pretty much a default build that we had to change very little on.

I Don't know yet why we need to reboot it. But that solves the problem and restores performance.
0
 

Author Comment

by:mcioffi209
ID: 40018353
Hi Jordan,
I want to be sure, we're do I remove IP addresses from the SVI?  Sorry if this is a basic question,  I just need to resolve this.

Thanks Again.
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 40018375
You would remove as such...


interface vlan 36
 no ip address
interface vlan 37
 no ip address
interface vlan 39
 no ip address
interface vlan 42
 no ip address

Just make sure to do this during off hours, as well ensure that those IP addresses get configured on your firewall, and allow traffic on those segments to pass to others unimpeded if necessary, on your firewall as well. This is not something to do during production hours.
0
 

Author Comment

by:mcioffi209
ID: 40018447
Thank you very much.  

We are doing this during a "maintenance" window today.

So to sum up here for the switch:

copy running-config flash:/backup.cfg

interface vlan 36
 no ip address
interface vlan 37
 no ip address
interface vlan 39
 no ip address
interface vlan 42
 no ip address

interface GigabitEthernet0/1
 description *** To Firewall Port 0/2 ***
 switchport mode trunk

in looking at the trunk port setting, should that GigabitEthernet0/2 and not 0/1?

Does that look right?
0
 
LVL 6

Expert Comment

by:Jordan Medlen
ID: 40019943
The VLAN's look correct, however I am confused. I was under the impression that Gi0/2 was connecting to your firewall. However the trunk configuration is correct for whichever port is to connect to your firewall.
0
 

Accepted Solution

by:
mcioffi209 earned 0 total points
ID: 40032792
Ok, so we found a bug in the Sonicwall firmware that was causing me the issues that I was trying to work around by re-programming the switch.

All the information was really helpful, but the resolution to the issue was a patch from Sonicwall.

I'm open to suggestions on how to close this question.

I would like to award points as everyone was really helpful, but the resolution is not in any of the answers.
0
 
LVL 10

Expert Comment

by:Rafael
ID: 40032840
Take the number of people who contributed and divide by 500 :)
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now