Keith Bui
asked on
Network setup with cisco gear unable to get out internet from edge switches
Hi ,
I am having problems getting access to outside world from edge switches, hope some can have a look and advise.
I have the following setup:
router 4400, connected to the internet on gi0/0/0 (working)
connected to lan on sfp gi0/0/1 (ip : 10.194.2.1)
can ping up to edge switches on 10.194.0.60
Core 6880 switch, connected to router on sfp te5/16 (ip: 10.194.2.5)
, connected to edge switches on range te1/11 - 16
Edge 2960 switches, connected to core on sfp gi1/0/49
can ping up to 10.194.2.1
Router config:
!
!
!
!
!
!
interface Loopback0
description Management Interface
ip address 172.16.0.101 255.255.255.255
!
interface GigabitEthernet0/0/0
ip address 203.89.212.150 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 10.194.2.1 255.255.255.248
ip nat inside
media-type sfp
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface Service-Engine0/2/2
no ip address
shutdown
!
interface Service-Engine0/4/0
no ip address
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface BRI0/2/0:0
isdn incoming-voice voice
!
interface BRI0/2/1:0
isdn incoming-voice voice
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 203.89.212.149
ip route 10.194.0.0 255.255.255.0 10.194.2.5
ip route 10.194.2.0 255.255.255.0 10.194.2.5
ip route 10.194.6.0 255.255.255.0 10.194.2.5
ip route 10.194.10.0 255.255.255.0 10.194.2.5
ip route 10.194.11.0 255.255.255.0 10.194.2.5
ip route 10.194.12.0 255.255.252.0 10.194.2.5
ip route 10.194.16.0 255.255.255.0 10.194.2.5
ip route 10.194.17.0 255.255.255.0 10.194.2.5
ip route 10.194.18.0 255.255.255.0 10.194.2.5
ip route 10.194.90.0 255.255.255.0 10.194.2.5
ip route 10.194.91.0 255.255.255.0 10.194.2.5
ip route 10.194.92.0 255.255.255.0 10.194.2.5
ip route 10.194.100.0 255.255.255.0 10.194.2.5
ip route 10.194.110.0 255.255.255.0 10.194.2.5
ip route 10.194.120.0 255.255.255.0 10.194.2.5
ip route 10.194.121.0 255.255.255.0 10.194.2.5
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
!
!
control-plane
!
!
voice-port 0/2/0
!
voice-port 0/2/1
__________________________
Core switch config:
!
no aaa new-model
platform ip cef load-sharing ip-only
clock timezone EST 10 0
clock summer-time PDT recurring
!
!
!
!
!
!
ip vrf management
!
!
no ip domain-lookup
vtp domain sjog_bk
vtp mode transparent
udld enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast edge bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause unicast-flood
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery cause link-monitor-failure
errdisable recovery cause oam-remote-failure critical-event
errdisable recovery cause oam-remote-failure dying-gasp
errdisable recovery cause oam-remote-failure link-fault
errdisable recovery cause loopback
!
redundancy
main-cpu
auto-sync running-config
mode sso
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
vlan 2
name point_2_point
!
vlan 10
name ext_bld_serv
!
vlan 11
name ext_energy_mon
!
vlan 12
name ext_sec_sys
!
vlan 13
name ext_cctv_sys
!
vlan 14
name ext_nurse_call
!
vlan 15
name ext_messaging_sys
!
vlan 16
name ext_em_lighting
!
vlan 17
name ext_iptv_sys
!
vlan 18
name vmotion
!
vlan 90
name k2ms_prod
!
vlan 91
name k2ms_test
!
vlan 92
name endobase
!
vlan 100
name asa_dmz
!
vlan 110
name serv_test
!
vlan 120
name serv_pres
!
vlan 121
name serv_terminal
!
vlan 130
name serv_ilo
!
vlan 900
name ap_management
!
vlan 990
name switch_management
!
vlan 992
name wan_services_net
!
vlan 997
name wlc_ha_keepalive
!
vlan 999
name anti-vlan-hop
!
interface TenGigabitEthernet1/1
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/2
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/3
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/4
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/5
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/6
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/7
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/8
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/9
no ip address
!
interface TenGigabitEthernet1/10
no ip address
!
interface TenGigabitEthernet1/11
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/12
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/13
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/14
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/15
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/16
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet2/1
no ip address
shutdown
!
interface TenGigabitEthernet2/2
no ip address
shutdown
!
interface TenGigabitEthernet2/3
no ip address
shutdown
!
interface TenGigabitEthernet2/4
no ip address
shutdown
!
interface TenGigabitEthernet2/5
no ip address
shutdown
!
interface TenGigabitEthernet2/6
no ip address
shutdown
!
interface TenGigabitEthernet2/7
no ip address
shutdown
!
interface TenGigabitEthernet2/8
no ip address
shutdown
!
interface TenGigabitEthernet2/9
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet2/10
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet2/11
no ip address
shutdown
!
interface TenGigabitEthernet2/12
no ip address
shutdown
!
interface TenGigabitEthernet2/13
no ip address
shutdown
!
interface TenGigabitEthernet2/14
no ip address
shutdown
!
interface TenGigabitEthernet2/15
no ip address
shutdown
!
interface TenGigabitEthernet2/16
no ip address
shutdown
!
interface TenGigabitEthernet5/1
no ip address
shutdown
!
interface TenGigabitEthernet5/2
no ip address
shutdown
!
interface TenGigabitEthernet5/3
no ip address
shutdown
!
interface TenGigabitEthernet5/4
no ip address
shutdown
!
interface TenGigabitEthernet5/5
no ip address
shutdown
!
interface TenGigabitEthernet5/6
no ip address
shutdown
!
interface TenGigabitEthernet5/7
no ip address
shutdown
!
interface TenGigabitEthernet5/8
no ip address
shutdown
!
interface TenGigabitEthernet5/9
no ip address
shutdown
!
interface TenGigabitEthernet5/10
no ip address
shutdown
!
interface TenGigabitEthernet5/11
no ip address
shutdown
!
interface TenGigabitEthernet5/12
no ip address
shutdown
!
interface TenGigabitEthernet5/13
no ip address
shutdown
!
interface TenGigabitEthernet5/14
ip address 10.194.2.5 255.255.255.248
!
interface TenGigabitEthernet5/15
no ip address
shutdown
!
interface TenGigabitEthernet5/16
no ip address
shutdown
!
interface mgmt0
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description Point to Point Link Core Switches to Routers
no ip address
shutdown
!
interface Vlan10
description Building Management System
ip address 10.194.10.1 255.255.255.0
!
interface Vlan11
description Energy Monitoring System
ip address 10.194.11.1 255.255.255.0
!
interface Vlan12
description Security System
ip address 10.194.12.1 255.255.255.0
!
interface Vlan13
description CCTV System
ip address 10.194.13.1 255.255.255.0
!
interface Vlan14
description Nurse Call System
ip address 10.194.14.1 255.255.255.0
!
interface Vlan15
description Paging System
ip address 10.194.15.1 255.255.255.0
!
interface Vlan16
description Emergency Lighting System
ip address 10.194.16.1 255.255.255.0
!
interface Vlan17
description IPTV System
ip address 10.194.17.1 255.255.255.0
!
interface Vlan18
description VMOTION
ip address 10.194.18.1 255.255.255.0
!
interface Vlan90
description K2MS Production Environment
ip address 10.194.90.1 255.255.255.0
!
interface Vlan91
description K2MS Test
ip address 10.194.91.1 255.255.255.0
!
interface Vlan92
description Endobase
ip address 10.194.92.1 255.255.255.0
!
interface Vlan100
description Firewall DMZ
ip address 10.194.100.1 255.255.255.0
!
interface Vlan110
description Server Test VLAN
ip address 10.194.110.1 255.255.255.0
!
interface Vlan120
description Server Presentation
ip address 10.194.120.1 255.255.255.0
!
interface Vlan121
description Terminal Server Presentation
ip address 10.194.121.1 255.255.255.0
!
interface Vlan130
description Server iLO
ip address 10.194.6.1 255.255.255.0
!
interface Vlan900
description AP Management Ground Floor
ip address 10.194.70.1 255.255.255.0
!
interface Vlan990
description Switch Management
ip address 10.194.0.1 255.255.255.0
!
ip default-gateway 10.194.2.1
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.194.2.3
!
ip access-list extended acl-copp-match-igmp
permit igmp any any
ip access-list extended acl-copp-match-pim-data
deny pim any host 224.0.0.13
permit pim any any
!
__________________________
Edge switch config
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
no errdisable detect cause gbic-invalid
!
vlan internal allocation policy ascending
!
vlan 2
name point_2_point
!
vlan 10
name ext_bld_serv
!
vlan 11
name ext_energy_mon
!
vlan 12
name ext_sec_sys
!
vlan 13
name ext_cctv_sys
!
vlan 14
name ext_nurse_call
!
vlan 15
name ext_messaging_sys
!
vlan 16
name ext_em_lighting
!
vlan 17
name ext_iptv_sys
!
vlan 18
name vmotion
!
vlan 90
name k2ms_prod
!
vlan 91
name k2ms_test
!
vlan 92
name endobase
!
vlan 100
name asa_dmz
!
vlan 110
name serv_test
!
vlan 120
name serv_pres
!
vlan 121
name serv_terminal
!
vlan 130
name serv_ilo
!
vlan 900
name ap_management
!
vlan 990
name switch_management
!
vlan 992
name wan_services_net
!
vlan 997
name wlc_ha_keepalive
!
vlan 999
name anti-vlan-hop
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/0/49
description Link to Core bkcswp01
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
shutdown
!
interface Vlan900
description AP Management Ground Floor
ip address 10.194.73.12 255.255.255.0
!
interface Vlan990
description Switch Management
ip address 10.194.0.61 255.255.255.0
!
ip default-gateway 10.194.2.5
ip forward-protocol nd
ip http server
ip http secure-server
!
!
!
I am having problems getting access to outside world from edge switches, hope some can have a look and advise.
I have the following setup:
router 4400, connected to the internet on gi0/0/0 (working)
connected to lan on sfp gi0/0/1 (ip : 10.194.2.1)
can ping up to edge switches on 10.194.0.60
Core 6880 switch, connected to router on sfp te5/16 (ip: 10.194.2.5)
, connected to edge switches on range te1/11 - 16
Edge 2960 switches, connected to core on sfp gi1/0/49
can ping up to 10.194.2.1
Router config:
!
!
!
!
!
!
interface Loopback0
description Management Interface
ip address 172.16.0.101 255.255.255.255
!
interface GigabitEthernet0/0/0
ip address 203.89.212.150 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 10.194.2.1 255.255.255.248
ip nat inside
media-type sfp
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface Service-Engine0/2/2
no ip address
shutdown
!
interface Service-Engine0/4/0
no ip address
shutdown
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface BRI0/2/0:0
isdn incoming-voice voice
!
interface BRI0/2/1:0
isdn incoming-voice voice
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 203.89.212.149
ip route 10.194.0.0 255.255.255.0 10.194.2.5
ip route 10.194.2.0 255.255.255.0 10.194.2.5
ip route 10.194.6.0 255.255.255.0 10.194.2.5
ip route 10.194.10.0 255.255.255.0 10.194.2.5
ip route 10.194.11.0 255.255.255.0 10.194.2.5
ip route 10.194.12.0 255.255.252.0 10.194.2.5
ip route 10.194.16.0 255.255.255.0 10.194.2.5
ip route 10.194.17.0 255.255.255.0 10.194.2.5
ip route 10.194.18.0 255.255.255.0 10.194.2.5
ip route 10.194.90.0 255.255.255.0 10.194.2.5
ip route 10.194.91.0 255.255.255.0 10.194.2.5
ip route 10.194.92.0 255.255.255.0 10.194.2.5
ip route 10.194.100.0 255.255.255.0 10.194.2.5
ip route 10.194.110.0 255.255.255.0 10.194.2.5
ip route 10.194.120.0 255.255.255.0 10.194.2.5
ip route 10.194.121.0 255.255.255.0 10.194.2.5
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
!
!
control-plane
!
!
voice-port 0/2/0
!
voice-port 0/2/1
__________________________
Core switch config:
!
no aaa new-model
platform ip cef load-sharing ip-only
clock timezone EST 10 0
clock summer-time PDT recurring
!
!
!
!
!
!
ip vrf management
!
!
no ip domain-lookup
vtp domain sjog_bk
vtp mode transparent
udld enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast edge bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause unicast-flood
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery cause link-monitor-failure
errdisable recovery cause oam-remote-failure critical-event
errdisable recovery cause oam-remote-failure dying-gasp
errdisable recovery cause oam-remote-failure link-fault
errdisable recovery cause loopback
!
redundancy
main-cpu
auto-sync running-config
mode sso
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
vlan 2
name point_2_point
!
vlan 10
name ext_bld_serv
!
vlan 11
name ext_energy_mon
!
vlan 12
name ext_sec_sys
!
vlan 13
name ext_cctv_sys
!
vlan 14
name ext_nurse_call
!
vlan 15
name ext_messaging_sys
!
vlan 16
name ext_em_lighting
!
vlan 17
name ext_iptv_sys
!
vlan 18
name vmotion
!
vlan 90
name k2ms_prod
!
vlan 91
name k2ms_test
!
vlan 92
name endobase
!
vlan 100
name asa_dmz
!
vlan 110
name serv_test
!
vlan 120
name serv_pres
!
vlan 121
name serv_terminal
!
vlan 130
name serv_ilo
!
vlan 900
name ap_management
!
vlan 990
name switch_management
!
vlan 992
name wan_services_net
!
vlan 997
name wlc_ha_keepalive
!
vlan 999
name anti-vlan-hop
!
interface TenGigabitEthernet1/1
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/2
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/3
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/4
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/5
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/6
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/7
switchport
switchport mode trunk
switchport nonegotiate
shutdown
!
interface TenGigabitEthernet1/8
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/9
no ip address
!
interface TenGigabitEthernet1/10
no ip address
!
interface TenGigabitEthernet1/11
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/12
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/13
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/14
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/15
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet1/16
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet2/1
no ip address
shutdown
!
interface TenGigabitEthernet2/2
no ip address
shutdown
!
interface TenGigabitEthernet2/3
no ip address
shutdown
!
interface TenGigabitEthernet2/4
no ip address
shutdown
!
interface TenGigabitEthernet2/5
no ip address
shutdown
!
interface TenGigabitEthernet2/6
no ip address
shutdown
!
interface TenGigabitEthernet2/7
no ip address
shutdown
!
interface TenGigabitEthernet2/8
no ip address
shutdown
!
interface TenGigabitEthernet2/9
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet2/10
switchport
switchport mode trunk
switchport nonegotiate
!
interface TenGigabitEthernet2/11
no ip address
shutdown
!
interface TenGigabitEthernet2/12
no ip address
shutdown
!
interface TenGigabitEthernet2/13
no ip address
shutdown
!
interface TenGigabitEthernet2/14
no ip address
shutdown
!
interface TenGigabitEthernet2/15
no ip address
shutdown
!
interface TenGigabitEthernet2/16
no ip address
shutdown
!
interface TenGigabitEthernet5/1
no ip address
shutdown
!
interface TenGigabitEthernet5/2
no ip address
shutdown
!
interface TenGigabitEthernet5/3
no ip address
shutdown
!
interface TenGigabitEthernet5/4
no ip address
shutdown
!
interface TenGigabitEthernet5/5
no ip address
shutdown
!
interface TenGigabitEthernet5/6
no ip address
shutdown
!
interface TenGigabitEthernet5/7
no ip address
shutdown
!
interface TenGigabitEthernet5/8
no ip address
shutdown
!
interface TenGigabitEthernet5/9
no ip address
shutdown
!
interface TenGigabitEthernet5/10
no ip address
shutdown
!
interface TenGigabitEthernet5/11
no ip address
shutdown
!
interface TenGigabitEthernet5/12
no ip address
shutdown
!
interface TenGigabitEthernet5/13
no ip address
shutdown
!
interface TenGigabitEthernet5/14
ip address 10.194.2.5 255.255.255.248
!
interface TenGigabitEthernet5/15
no ip address
shutdown
!
interface TenGigabitEthernet5/16
no ip address
shutdown
!
interface mgmt0
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description Point to Point Link Core Switches to Routers
no ip address
shutdown
!
interface Vlan10
description Building Management System
ip address 10.194.10.1 255.255.255.0
!
interface Vlan11
description Energy Monitoring System
ip address 10.194.11.1 255.255.255.0
!
interface Vlan12
description Security System
ip address 10.194.12.1 255.255.255.0
!
interface Vlan13
description CCTV System
ip address 10.194.13.1 255.255.255.0
!
interface Vlan14
description Nurse Call System
ip address 10.194.14.1 255.255.255.0
!
interface Vlan15
description Paging System
ip address 10.194.15.1 255.255.255.0
!
interface Vlan16
description Emergency Lighting System
ip address 10.194.16.1 255.255.255.0
!
interface Vlan17
description IPTV System
ip address 10.194.17.1 255.255.255.0
!
interface Vlan18
description VMOTION
ip address 10.194.18.1 255.255.255.0
!
interface Vlan90
description K2MS Production Environment
ip address 10.194.90.1 255.255.255.0
!
interface Vlan91
description K2MS Test
ip address 10.194.91.1 255.255.255.0
!
interface Vlan92
description Endobase
ip address 10.194.92.1 255.255.255.0
!
interface Vlan100
description Firewall DMZ
ip address 10.194.100.1 255.255.255.0
!
interface Vlan110
description Server Test VLAN
ip address 10.194.110.1 255.255.255.0
!
interface Vlan120
description Server Presentation
ip address 10.194.120.1 255.255.255.0
!
interface Vlan121
description Terminal Server Presentation
ip address 10.194.121.1 255.255.255.0
!
interface Vlan130
description Server iLO
ip address 10.194.6.1 255.255.255.0
!
interface Vlan900
description AP Management Ground Floor
ip address 10.194.70.1 255.255.255.0
!
interface Vlan990
description Switch Management
ip address 10.194.0.1 255.255.255.0
!
ip default-gateway 10.194.2.1
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.194.2.3
!
ip access-list extended acl-copp-match-igmp
permit igmp any any
ip access-list extended acl-copp-match-pim-data
deny pim any host 224.0.0.13
permit pim any any
!
__________________________
Edge switch config
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
no errdisable detect cause gbic-invalid
!
vlan internal allocation policy ascending
!
vlan 2
name point_2_point
!
vlan 10
name ext_bld_serv
!
vlan 11
name ext_energy_mon
!
vlan 12
name ext_sec_sys
!
vlan 13
name ext_cctv_sys
!
vlan 14
name ext_nurse_call
!
vlan 15
name ext_messaging_sys
!
vlan 16
name ext_em_lighting
!
vlan 17
name ext_iptv_sys
!
vlan 18
name vmotion
!
vlan 90
name k2ms_prod
!
vlan 91
name k2ms_test
!
vlan 92
name endobase
!
vlan 100
name asa_dmz
!
vlan 110
name serv_test
!
vlan 120
name serv_pres
!
vlan 121
name serv_terminal
!
vlan 130
name serv_ilo
!
vlan 900
name ap_management
!
vlan 990
name switch_management
!
vlan 992
name wan_services_net
!
vlan 997
name wlc_ha_keepalive
!
vlan 999
name anti-vlan-hop
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/0/49
description Link to Core bkcswp01
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
shutdown
!
interface Vlan900
description AP Management Ground Floor
ip address 10.194.73.12 255.255.255.0
!
interface Vlan990
description Switch Management
ip address 10.194.0.61 255.255.255.0
!
ip default-gateway 10.194.2.5
ip forward-protocol nd
ip http server
ip http secure-server
!
!
!
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Cisco
Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).
27K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 203.89.212.149 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 203.89.212.149
10.0.0.0/8 is variably subnetted, 18 subnets, 4 masks
S 10.194.0.0/24 [1/0] via 10.194.2.5
S 10.194.2.0/24 [1/0] via 10.194.2.5
C 10.194.2.0/29 is directly connected, GigabitEthernet0/0/1
L 10.194.2.1/32 is directly connected, GigabitEthernet0/0/1
S 10.194.6.0/24 [1/0] via 10.194.2.5
S 10.194.10.0/24 [1/0] via 10.194.2.5
S 10.194.11.0/24 [1/0] via 10.194.2.5
S 10.194.12.0/22 [1/0] via 10.194.2.5
S 10.194.16.0/24 [1/0] via 10.194.2.5
S 10.194.17.0/24 [1/0] via 10.194.2.5
S 10.194.18.0/24 [1/0] via 10.194.2.5
S 10.194.90.0/24 [1/0] via 10.194.2.5
S 10.194.91.0/24 [1/0] via 10.194.2.5
S 10.194.92.0/24 [1/0] via 10.194.2.5
S 10.194.100.0/24 [1/0] via 10.194.2.5
S 10.194.110.0/24 [1/0] via 10.194.2.5
S 10.194.120.0/24 [1/0] via 10.194.2.5
S 10.194.121.0/24 [1/0] via 10.194.2.5
172.16.0.0/32 is subnetted, 1 subnets
C 172.16.0.101 is directly connected, Loopback0
203.89.212.0/24 is variably subnetted, 2 subnets, 2 masks
C 203.89.212.148/30 is directly connected, GigabitEthernet0/0/0
L 203.89.212.150/32 is directly connected, GigabitEthernet0/0/0
__________________________
Core switch show ip route:
sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 10.194.2.3 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.194.2.3
10.0.0.0/8 is variably subnetted, 40 subnets, 3 masks
C 10.194.0.0/24 is directly connected, Vlan990
L 10.194.0.1/32 is directly connected, Vlan990
C 10.194.2.0/29 is directly connected, TenGigabitEthernet5/14
L 10.194.2.5/32 is directly connected, TenGigabitEthernet5/14
C 10.194.6.0/24 is directly connected, Vlan130
L 10.194.6.1/32 is directly connected, Vlan130
C 10.194.10.0/24 is directly connected, Vlan10
L 10.194.10.1/32 is directly connected, Vlan10
C 10.194.11.0/24 is directly connected, Vlan11
L 10.194.11.1/32 is directly connected, Vlan11
C 10.194.12.0/24 is directly connected, Vlan12
L 10.194.12.1/32 is directly connected, Vlan12
C 10.194.13.0/24 is directly connected, Vlan13
L 10.194.13.1/32 is directly connected, Vlan13
C 10.194.14.0/24 is directly connected, Vlan14
L 10.194.14.1/32 is directly connected, Vlan14
C 10.194.15.0/24 is directly connected, Vlan15
L 10.194.15.1/32 is directly connected, Vlan15
C 10.194.16.0/24 is directly connected, Vlan16
L 10.194.16.1/32 is directly connected, Vlan16
C 10.194.17.0/24 is directly connected, Vlan17
L 10.194.17.1/32 is directly connected, Vlan17
C 10.194.18.0/24 is directly connected, Vlan18
L 10.194.18.1/32 is directly connected, Vlan18
C 10.194.70.0/24 is directly connected, Vlan900
L 10.194.70.1/32 is directly connected, Vlan900
C 10.194.90.0/24 is directly connected, Vlan90
L 10.194.90.1/32 is directly connected, Vlan90
C 10.194.91.0/24 is directly connected, Vlan91
L 10.194.91.1/32 is directly connected, Vlan91
C 10.194.92.0/24 is directly connected, Vlan92
L 10.194.92.1/32 is directly connected, Vlan92
C 10.194.100.0/24 is directly connected, Vlan100
L 10.194.100.1/32 is directly connected, Vlan100
C 10.194.110.0/24 is directly connected, Vlan110
L 10.194.110.1/32 is directly connected, Vlan110
C 10.194.120.0/24 is directly connected, Vlan120
L 10.194.120.1/32 is directly connected, Vlan120
C 10.194.121.0/24 is directly connected, Vlan121
L 10.194.121.1/32 is directly connected, Vlan121