1

I'm working on a Cisco Configuration for the first time and I've run into a problem where the Vlans do not appear to be working correctly, the ports on the switch should be configured to the appropriate Vlans however when I do show vlan private-vlan all i get is

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
10      11        isolated
10      20        community
10      30        community
10      50        community
10      60        community
        12        isolated
        40        isolated

The appropriate ports show no where else either not even vlan 1

The firmware version is c3750-ipservicesk9-mz.150-2.SE11

  • The basic idea is:
  • Vlan 10 is where the Router/Modem connects to Vlan
  • Vlan 11 is for Network Devices like Printers that most other Vlans need to access
  • Vlan 12 is for Guests
  • Vlan 20 is for File servers that all other Vlans other than 11 and 12 need to access
  • Vlans 30 - 50 are for their own respective rooms
  • Vlan 60 is for Admin Access

This is my config and would appreciate any help that could be offered, thanks

!--- Basic Security
no service password-recovery
no service tcp-small-servers
no service udp-small-servers
no ip finger
ip dhcp bootp ignore
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
exception memory ignore overflow io
exception memory ignore overflow processor
no vstack
ip scp server enable
snmp-server community public RO
snmp-server community private RW

interface range GigabitEthernet 1/0/1 - 52
  !-- Disable Unused Ports
  switchport protected
  no ip address
  shutdown

  !-- Secure Native Vlan
  switchport trunk allowed vlan remove 1

  no cdp enable
  no udld port
  spanning-tree portfast
  spanning-tree bpduguard enable
  spanning-tree guard root

  switchport nonegotiate

  duplex full
  speed 1000

  !service-policy input LAN-INCOMING-QOS-POLICY
exit

!--- Secure Native Vlan
interface vlan 1
  no ip address
exit

!--- Secure Switch
vtp domain turing.local
vtp password **************** secret
vtp mode server
vtp version 2
vtp pruning

!--- Drop Packet Fragments
ip access-list extended ACL-INFRASTRUCTURE-IN
deny tcp any any fragments
deny udp any any fragments
deny icmp any any fragments
deny ip any any fragments
permit ip any any

!--- HTTP Login Security
no ip http server
no ip http secure-server
ip http authentication local

!--- NTP Server
ntp authenticate
ntp authentication-key 5 md5 ciscotime
ntp trusted-key 5

!--- DHCP Server
service dhcp
no ip dhcp conflict logging
ip dhcp-server 192.168.10.254
ip dhcp ping packets 3
ip dhcp ping timeout 500

!--- Base DNS Server Setup
ip domain lookup

ip host router.turing.local 192.168.10.1
ip host printer.turing.local 192.168.11.1
ip host server1.turing.local 192.168.20.1
ip host server2.turing.local 192.168.20.2
ip host server3.turing.local 192.168.20.3
ip host server4.turing.local 192.168.20.4
ip host office.turing.local 192.168.30.254
ip host trainee.turing.local 192.168.40.254
ip host workshop.turing.local 192.168.50.254

!--- Forwarding Security for LAN Traffic (@TODO ReCheck)
ip forward-protocol udp 37
ip forward-protocol udp 49
ip forward-protocol udp 53
ip forward-protocol udp 69
ip forward-protocol udp 137
ip forward-protocol udp 138

!--- Quality of Service
!policy-map LAN-INCOMING-QOS-POLICY
!  class VOICE-MARKING
!    set ip precedence 7
!  exit
!  class class-default
!    set ip precedence 0
!  exit
!exit

!--- MUST HAVE AT LEAST 1 EXCLUDED ADDRESS FOR DHCP SERVER!
!--- This ip address must not be assigned to DHCP clients.
ip dhcp excluded-address 192.168.10.1 192.168.10.254
ip dhcp excluded-address 192.168.11.1 192.168.11.100
ip dhcp excluded-address 192.168.12.254
ip dhcp excluded-address 192.168.20.254
ip dhcp excluded-address 192.168.30.254
ip dhcp excluded-address 192.168.40.254
ip dhcp excluded-address 192.168.50.254
ip dhcp excluded-address 192.168.60.254

!--- Global Settings
ip igmp limit 100
ip igmp snooping
ip dhcp snooping
system mtu routing 1500

ip dhcp pool Turing
  network 192.168.0.0 /16
  default-router 192.168.0.1
  dns-server 9.9.9.9 149.112.112.112 1.1.1.1 1.0.0.1

  !-- Common DHCP Settings --
  !dns-server 192.168.10.254
  domain-name turing.local
  lease 0 0 5

  !-- Wins Configuration
  netbios-node-type h-node
  netbios-name-server 192.168.20.1 192.168.20.3 192.168.20.2

  !-- NTP / TimeZone Configuration
  option 2 hex 0000.0000
  option 42 ip 85.199.214.98 94.236.98.105 46.101.50.70 134.0.16.1

  !-- PXE Configuration
  bootfile pxelinux.0
  next-server 192.168.20.1
  option 43 hex 010400000000FF
  option 60 ascii PXEClient
  option 66 ascii server1
  option 150 ip 192.168.20.1
exit

!--- IP Pools
ip dhcp pool Servers
  network 192.168.20.0 /24
exit

ip dhcp pool Office
  network 192.168.30.0 /24
exit

ip dhcp pool TraineeRoom
  network 192.168.40.0 /24
exit

ip dhcp pool PortaKabin
  network 192.168.50.0 /24
exit

ip dhcp pool Authorised
  network 192.168.60.0 /24
exit

ip dhcp pool Guests
  network 192.168.11.0 /24
  default-router 192.168.10.1
  dns-server 9.9.9.9 149.112.112.112
  lease 1

  no netbios-node-type
  no netbios-name-server
  no option 2
  no option 42
  no bootfile
  no next-server
  no option 43
  no option 60
  no option 66
  no option 150
exit

ip dhcp pool LAN-Devices
  network 192.168.12.0 /24
  lease 7

  no default-router
  no dns-server
  no netbios-node-type
  no netbios-name-server
  no option 2
  no option 42
  no bootfile
  no next-server
  no option 43
  no option 60
  no option 66
  no option 150
exit

!--- Static IP Addresses
!ip dhcp pool Server1
!  host 192.168.20.1 255.255.255.0
!  hardware-address INPUT PROPER MAC HERE
!  client-name Server1
!exit

ip dhcp pool Server2
  host 192.168.20.2 255.255.255.0
  hardware-address 002655E3720C
  client-identifier 01002655E3720C
  client-name Server2
exit

ip dhcp pool Server3
  host 192.168.20.3 255.255.255.0
  hardware-address D46E0E00ABE8
  client-identifier 01D46E0E00ABE8
  client-name Server3
exit

ip dhcp pool Server4
  host 192.168.20.4 255.255.255.0
  hardware-address 001CC0898850
  client-identifier 01001CC0898850
  client-name Server4
exit

ip dhcp pool LinuxServer
  host 192.168.20.50 255.255.255.0
  hardware-address 001CC4AE6158
  client-identifier 01001CC4AE6158
  client-name LinuxServer
exit

ip dhcp pool OfficePrinter
  host 192.168.11.1 255.255.255.0
  hardware-address 0011F526516B
  client-identifier 010011F526516B
  client-name Printer
exit

ip dhcp pool Ronald-Laptop
  host 192.168.60.1 255.255.255.0
  hardware-address E09467E84671
  client-identifier 01E09467E84671
  client-name Ronald-Laptop
exit

!--- Vlan Options
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id

!--- Setup Private Vlans
vtp mode transparent

vlan 11,12,40
  private-vlan isolated
vlan 20,30,50,60
  private-vlan community
vlan 11
  name Network-Devices
vlan 12
  name Guests
vlan 20
  name Servers
vlan 30
  name Office
vlan 40
  name Trainee-Room
vlan 50
  name PortaKabin
vlan 60
  name Administrators
vlan 10
  name WAN
  private-vlan primary
  private-vlan association 11-12,20,30,40,50,60
exit

!--- Setup VLans

interface Vlan10
  description WAN Port
  ip address 192.168.10.254 255.255.255.0
  private-vlan mapping 11-12,20,30,40,50,60
  no ip directed-broadcast
  no shutdown
exit

interface Vlan11
  description Network Connected Devices
  ip address 192.168.11.254 255.255.255.0
  ip helper-address 192.168.10.254
  no ip directed-broadcast
  no shutdown
exit

interface Vlan12
  description Isolated Guest Network
  ip address 192.168.12.254 255.255.255.0
  ip helper-address 192.168.10.254
  no ip directed-broadcast
  no shutdown
exit

interface Vlan20
  description File Servers
  ip address 192.168.20.254 255.255.255.0
  ip helper-address 192.168.10.254
  no ip directed-broadcast
  no shutdown
exit

interface Vlan30
  description Office
  ip address 192.168.30.254 255.255.255.0
  ip helper-address 192.168.10.254
  no ip directed-broadcast
  no shutdown
exit

interface Vlan40
  description Trainee Room
  ip address 192.168.40.254 255.255.255.0
  ip helper-address 192.168.10.254
  no ip directed-broadcast
  no shutdown
exit

interface Vlan50
  description PortaKabin
  ip address 192.168.50.254 255.255.255.0
  ip helper-address 192.168.10.254
  no ip directed-broadcast
  no shutdown
exit

interface Vlan60
  description Administrator Devices
  ip address 192.168.60.254 255.255.255.0
  ip helper-address 192.168.10.254
  no ip directed-broadcast
  no shutdown
exit

!--- Setup Interfaces

!--- Port for connecting to the WAN
interface GigabitEthernet 1/0/1
  description WAN
  !switchport host
  !switchport access vlan 10
  switchport private-vlan mapping 10 12,20,30,40,50,60
  switchport mode private-vlan promiscuous
  no shutdown
exit

!--- Ports for Connecting Servers (1-4 + Linux)
interface range GigabitEthernet 1/0/3 - 8
  description Server 1-4 & Linux Ports
  !switchport host
  !switchport access vlan 20
  switchport private-vlan host-association 10 20
  switchport mode private-vlan host
  no shutdown
exit

!--- Ports to Wall Sockets in Trainee Room
interface range GigabitEthernet 1/0/17 - 28
  description Trainee Room Ports
  !switchport host
  !switchport access vlan 40
  switchport private-vlan host-association 10 40
  switchport mode private-vlan host
  no shutdown
exit

!--- Port to connect to Office Switch
interface GigabitEthernet 1/0/47
  description Office
  spanning-tree portfast disable
  switchport trunk native vlan 30
  switchport trunk allowed vlan 30
  switchport trunk encapsulation dot1q
  switchport mode trunk
  ip dhcp snooping trust
  no shutdown
exit

!--- Port to connect to PortaKabin Switch
interface GigabitEthernet 1/0/48
  description PortaKabin
  spanning-tree portfast disable
  switchport trunk native vlan 30
  switchport trunk allowed vlan 30
  switchport trunk encapsulation dot1q
  switchport mode trunk
  ip dhcp snooping trust
  no shutdown
exit

!--- Default Routes
ip default-gateway 192.168.10.1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 1/0/1 192.168.10.1
Cyber Axe
  • 11
  • 2
  • "_MUST HAVE AT LEAST 1 EXCLUDED ADDRESS FOR DHCP SERVER_" No, the IOS DHCP server automatically excludes the interface address. You are also excluding ever address in the `192.168.10.0/24` network. the addresses on the exclude are starting and ending addresses. You cannot have the same default gateway for all the scopes because the gateway for a host must be on the same network as the host. – Ron Maupin Jul 10 '18 at 15:42

0 Answers0