I'm working on a Cisco Configuration for the first time and I've run into a problem where the Vlans do not appear to be working correctly, the ports on the switch should be configured to the appropriate Vlans however when I do show vlan private-vlan all i get is
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
10 11 isolated
10 20 community
10 30 community
10 50 community
10 60 community
12 isolated
40 isolated
The appropriate ports show no where else either not even vlan 1
The firmware version is c3750-ipservicesk9-mz.150-2.SE11
- The basic idea is:
- Vlan 10 is where the Router/Modem connects to Vlan
- Vlan 11 is for Network Devices like Printers that most other Vlans need to access
- Vlan 12 is for Guests
- Vlan 20 is for File servers that all other Vlans other than 11 and 12 need to access
- Vlans 30 - 50 are for their own respective rooms
- Vlan 60 is for Admin Access
This is my config and would appreciate any help that could be offered, thanks
!--- Basic Security
no service password-recovery
no service tcp-small-servers
no service udp-small-servers
no ip finger
ip dhcp bootp ignore
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
exception memory ignore overflow io
exception memory ignore overflow processor
no vstack
ip scp server enable
snmp-server community public RO
snmp-server community private RW
interface range GigabitEthernet 1/0/1 - 52
!-- Disable Unused Ports
switchport protected
no ip address
shutdown
!-- Secure Native Vlan
switchport trunk allowed vlan remove 1
no cdp enable
no udld port
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
switchport nonegotiate
duplex full
speed 1000
!service-policy input LAN-INCOMING-QOS-POLICY
exit
!--- Secure Native Vlan
interface vlan 1
no ip address
exit
!--- Secure Switch
vtp domain turing.local
vtp password **************** secret
vtp mode server
vtp version 2
vtp pruning
!--- Drop Packet Fragments
ip access-list extended ACL-INFRASTRUCTURE-IN
deny tcp any any fragments
deny udp any any fragments
deny icmp any any fragments
deny ip any any fragments
permit ip any any
!--- HTTP Login Security
no ip http server
no ip http secure-server
ip http authentication local
!--- NTP Server
ntp authenticate
ntp authentication-key 5 md5 ciscotime
ntp trusted-key 5
!--- DHCP Server
service dhcp
no ip dhcp conflict logging
ip dhcp-server 192.168.10.254
ip dhcp ping packets 3
ip dhcp ping timeout 500
!--- Base DNS Server Setup
ip domain lookup
ip host router.turing.local 192.168.10.1
ip host printer.turing.local 192.168.11.1
ip host server1.turing.local 192.168.20.1
ip host server2.turing.local 192.168.20.2
ip host server3.turing.local 192.168.20.3
ip host server4.turing.local 192.168.20.4
ip host office.turing.local 192.168.30.254
ip host trainee.turing.local 192.168.40.254
ip host workshop.turing.local 192.168.50.254
!--- Forwarding Security for LAN Traffic (@TODO ReCheck)
ip forward-protocol udp 37
ip forward-protocol udp 49
ip forward-protocol udp 53
ip forward-protocol udp 69
ip forward-protocol udp 137
ip forward-protocol udp 138
!--- Quality of Service
!policy-map LAN-INCOMING-QOS-POLICY
! class VOICE-MARKING
! set ip precedence 7
! exit
! class class-default
! set ip precedence 0
! exit
!exit
!--- MUST HAVE AT LEAST 1 EXCLUDED ADDRESS FOR DHCP SERVER!
!--- This ip address must not be assigned to DHCP clients.
ip dhcp excluded-address 192.168.10.1 192.168.10.254
ip dhcp excluded-address 192.168.11.1 192.168.11.100
ip dhcp excluded-address 192.168.12.254
ip dhcp excluded-address 192.168.20.254
ip dhcp excluded-address 192.168.30.254
ip dhcp excluded-address 192.168.40.254
ip dhcp excluded-address 192.168.50.254
ip dhcp excluded-address 192.168.60.254
!--- Global Settings
ip igmp limit 100
ip igmp snooping
ip dhcp snooping
system mtu routing 1500
ip dhcp pool Turing
network 192.168.0.0 /16
default-router 192.168.0.1
dns-server 9.9.9.9 149.112.112.112 1.1.1.1 1.0.0.1
!-- Common DHCP Settings --
!dns-server 192.168.10.254
domain-name turing.local
lease 0 0 5
!-- Wins Configuration
netbios-node-type h-node
netbios-name-server 192.168.20.1 192.168.20.3 192.168.20.2
!-- NTP / TimeZone Configuration
option 2 hex 0000.0000
option 42 ip 85.199.214.98 94.236.98.105 46.101.50.70 134.0.16.1
!-- PXE Configuration
bootfile pxelinux.0
next-server 192.168.20.1
option 43 hex 010400000000FF
option 60 ascii PXEClient
option 66 ascii server1
option 150 ip 192.168.20.1
exit
!--- IP Pools
ip dhcp pool Servers
network 192.168.20.0 /24
exit
ip dhcp pool Office
network 192.168.30.0 /24
exit
ip dhcp pool TraineeRoom
network 192.168.40.0 /24
exit
ip dhcp pool PortaKabin
network 192.168.50.0 /24
exit
ip dhcp pool Authorised
network 192.168.60.0 /24
exit
ip dhcp pool Guests
network 192.168.11.0 /24
default-router 192.168.10.1
dns-server 9.9.9.9 149.112.112.112
lease 1
no netbios-node-type
no netbios-name-server
no option 2
no option 42
no bootfile
no next-server
no option 43
no option 60
no option 66
no option 150
exit
ip dhcp pool LAN-Devices
network 192.168.12.0 /24
lease 7
no default-router
no dns-server
no netbios-node-type
no netbios-name-server
no option 2
no option 42
no bootfile
no next-server
no option 43
no option 60
no option 66
no option 150
exit
!--- Static IP Addresses
!ip dhcp pool Server1
! host 192.168.20.1 255.255.255.0
! hardware-address INPUT PROPER MAC HERE
! client-name Server1
!exit
ip dhcp pool Server2
host 192.168.20.2 255.255.255.0
hardware-address 002655E3720C
client-identifier 01002655E3720C
client-name Server2
exit
ip dhcp pool Server3
host 192.168.20.3 255.255.255.0
hardware-address D46E0E00ABE8
client-identifier 01D46E0E00ABE8
client-name Server3
exit
ip dhcp pool Server4
host 192.168.20.4 255.255.255.0
hardware-address 001CC0898850
client-identifier 01001CC0898850
client-name Server4
exit
ip dhcp pool LinuxServer
host 192.168.20.50 255.255.255.0
hardware-address 001CC4AE6158
client-identifier 01001CC4AE6158
client-name LinuxServer
exit
ip dhcp pool OfficePrinter
host 192.168.11.1 255.255.255.0
hardware-address 0011F526516B
client-identifier 010011F526516B
client-name Printer
exit
ip dhcp pool Ronald-Laptop
host 192.168.60.1 255.255.255.0
hardware-address E09467E84671
client-identifier 01E09467E84671
client-name Ronald-Laptop
exit
!--- Vlan Options
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!--- Setup Private Vlans
vtp mode transparent
vlan 11,12,40
private-vlan isolated
vlan 20,30,50,60
private-vlan community
vlan 11
name Network-Devices
vlan 12
name Guests
vlan 20
name Servers
vlan 30
name Office
vlan 40
name Trainee-Room
vlan 50
name PortaKabin
vlan 60
name Administrators
vlan 10
name WAN
private-vlan primary
private-vlan association 11-12,20,30,40,50,60
exit
!--- Setup VLans
interface Vlan10
description WAN Port
ip address 192.168.10.254 255.255.255.0
private-vlan mapping 11-12,20,30,40,50,60
no ip directed-broadcast
no shutdown
exit
interface Vlan11
description Network Connected Devices
ip address 192.168.11.254 255.255.255.0
ip helper-address 192.168.10.254
no ip directed-broadcast
no shutdown
exit
interface Vlan12
description Isolated Guest Network
ip address 192.168.12.254 255.255.255.0
ip helper-address 192.168.10.254
no ip directed-broadcast
no shutdown
exit
interface Vlan20
description File Servers
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.10.254
no ip directed-broadcast
no shutdown
exit
interface Vlan30
description Office
ip address 192.168.30.254 255.255.255.0
ip helper-address 192.168.10.254
no ip directed-broadcast
no shutdown
exit
interface Vlan40
description Trainee Room
ip address 192.168.40.254 255.255.255.0
ip helper-address 192.168.10.254
no ip directed-broadcast
no shutdown
exit
interface Vlan50
description PortaKabin
ip address 192.168.50.254 255.255.255.0
ip helper-address 192.168.10.254
no ip directed-broadcast
no shutdown
exit
interface Vlan60
description Administrator Devices
ip address 192.168.60.254 255.255.255.0
ip helper-address 192.168.10.254
no ip directed-broadcast
no shutdown
exit
!--- Setup Interfaces
!--- Port for connecting to the WAN
interface GigabitEthernet 1/0/1
description WAN
!switchport host
!switchport access vlan 10
switchport private-vlan mapping 10 12,20,30,40,50,60
switchport mode private-vlan promiscuous
no shutdown
exit
!--- Ports for Connecting Servers (1-4 + Linux)
interface range GigabitEthernet 1/0/3 - 8
description Server 1-4 & Linux Ports
!switchport host
!switchport access vlan 20
switchport private-vlan host-association 10 20
switchport mode private-vlan host
no shutdown
exit
!--- Ports to Wall Sockets in Trainee Room
interface range GigabitEthernet 1/0/17 - 28
description Trainee Room Ports
!switchport host
!switchport access vlan 40
switchport private-vlan host-association 10 40
switchport mode private-vlan host
no shutdown
exit
!--- Port to connect to Office Switch
interface GigabitEthernet 1/0/47
description Office
spanning-tree portfast disable
switchport trunk native vlan 30
switchport trunk allowed vlan 30
switchport trunk encapsulation dot1q
switchport mode trunk
ip dhcp snooping trust
no shutdown
exit
!--- Port to connect to PortaKabin Switch
interface GigabitEthernet 1/0/48
description PortaKabin
spanning-tree portfast disable
switchport trunk native vlan 30
switchport trunk allowed vlan 30
switchport trunk encapsulation dot1q
switchport mode trunk
ip dhcp snooping trust
no shutdown
exit
!--- Default Routes
ip default-gateway 192.168.10.1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 1/0/1 192.168.10.1