0

I am hoping to get some assistance with a current issue I am facing at the moment...

I have 3 Cisco SMB Switches, (2) SG300 Managed Switches and (1) Unmanaged Switch.

SWSG1 | 172.16.1.100 | Port 24 Trunk Uplink to Cisco ASA Firewall
VLAN 1 Default !(ALL Domain Servers, AD DS, DNS, DHCP, PBX ARE LOCATED HERE)
VLAN 2 Voice | IP ADDRESS 10.10.200.1
VLAN 3 DATA | IP ADDRESS 10.10.100.1

SWSG2 | 172.16.1.200 | Port 24 Trunk Uplink to SWSG1 Switch Port 23
VLAN 1 Default
VLAN 2 Voice | NO IP ADDRESS CONFIGURED
VLAN 3 DATA | NO IP ADDRESS CONFIGURED Port 7 Configured as Access Voice VLAN 2

SG3 | UnManaged | Port 24 Trunk Uplink to SWSG2 Switch Port 23
VLAN 1 Default
All IP Phones Connected on this Switch

#1 Cisco IP Phone Connected at Port 1 IP ADDRESS 10.10.200.114
#2 Cisco IP Phone Connected at Port 2 IP ADDRESS 10.10.200.115
Workstation are connected to IP Phones.

VLAN on IP Phone is Active
VOICE is VLAN 2 and Default VLAN 1 for PC

With this current configuration I can't access any of our Cisco IP Phones or Domain Servers on VLAN 1 which is the Default VLAN.

Can someone please assist me with this? I need to access Domain & PBX Resources.

SAMPLE OF CONFIGURATION:

config-file-header SWSG1 v1.4.10.6 / R800_NIK_1_4_214_020 CLI v1.0 set system mode router file SSD indicator encrypted @ ssd-control-start ssd config ssd file passphrase control unrestricted ssd file integrity control enabled ssd-control-end #REMOVED FOR SECURITY ! time-range RT1 periodic sun 01:00 to sat 01:00 exit spanning-tree loopback-guard vlan database vlan 1,2,3 exit voice vlan id 2 voice vlan oui-table add 0001e3 Siemens_AG_phone________ voice vlan oui-table add 00036b Cisco_phone_____________ voice vlan oui-table add 00096e Avaya___________________ voice vlan oui-table add 000fe2 H3C_Aolynk______________ voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone___________ voice vlan oui-table add 00e075 Polycom/Veritel_phone___ voice vlan oui-table add 00e0bb 3Com_phone______________ port-channel load-balance src-dst-mac-ip loopback-detection enable errdisable recovery cause loopback-detection errdisable recovery cause port-security errdisable recovery cause dot1x-src-address errdisable recovery cause acl-deny errdisable recovery cause stp-bpdu-guard errdisable recovery cause stp-loopback-guard errdisable recovery cause udld green-ethernet energy-detect no ip arp proxy disable ip dhcp excluded-address ip dhcp excluded-address ip dhcp excluded-address bonjour interface range vlan 1 qos wrr-queue wrtd mac access-list extended ACL-MAC exit ip access-list extended EXTEND-ACL permit icmp any 172.16.1.50 255.255.255.0 any any ace-priority 1 log-input permit tcp any any 172.16.1.50 255.255.255.0 any ace-priority 2 log-input permit icmp any 172.16.7.1 255.255.255.0 any any ace-priority 3 log-input permit tcp any any 172.16.1.1 255.255.255.0 any ace-priority 4 log-input permit icmp any 172.16.1.0 255.255.255.0 any any ace-priority 5 log-input permit tcp any any 172.16.1.0 255.255.255.0 any ace-priority 6 log-input permit udp any 5060-5090 172.16.1.200 255.255.255.0 5060-5090 ace-priority 7 log-input permit udp any 9000-11000 172.16.1.200 255.255.255.0 9000-11000 ace-priority 8 log-input permit tcp any 2195-2196 172.16.1.200 255.255.255.0 2195-2196 ace-priority 9 log-input permit tcp any 5060-5090 172.16.1.200 255.255.255.0 5060-5090 ace-priority 10 log-input permit ip any 172.16.1.254 255.255.255.0 ace-priority 11 log-input permit tcp any 2528 172.16.1.200 255.255.255.0 2528 ace-priority 12 log-input exit hostname SWSG1 line console exec-timeout 30 exit line ssh exec-timeout 30 exit management access-list SECURITY-PROFILE permit ip-source 172.16.1.47 mask 255.255.255.0 exit management access-class SECURITY-PROFILE logging origin-id ip logging file notifications rmon event 1 log-trap community TECH description TECH-LOGS owner aaa authentication login authorization Console local none aaa authentication enable authorization Console enable none line console login authentication Console enable authentication Console password "REMOVED FOR SECURITY" encrypted exit username cisco password encrypted "REMOVED FOR SECURITY" privilege 15 username CISCO password encrypted "REMOVED FOR SECURITY" privilege 15 ip ssh server ip ssh password-auth ip ssh-client username "REMOVED FOR SECURITY" snmp-server server snmp-server location "REMOVED FOR SECURITY" snmp-server contact "REMOVED FOR SECURITY" snmp-server community "REMOVED FOR SECURITY" ro view Default ip http timeout-policy 1800 clock timezone " " -4 clock summer-time web recurring usa sntp anycast client enable ipv4 sntp broadcast client enable ipv4 clock source sntp clock source browser sntp authenticate sntp unicast client enable sntp unicast client poll sntp server 172.16.1.59 poll sntp server time-a.timefreq.bldrdoc.gov poll sntp server time-b.timefreq.bldrdoc.gov poll sntp server time-c.timefreq.bldrdoc.gov poll ip domain name "REMOVED FOR SECURITY" ip name-server "REMOVED FOR SECURITY" security-suite enable security-suite dos protect add stacheldraht security-suite dos protect add invasor-trojan security-suite dos protect add back-orifice-trojan ! interface vlan 1 ip address 172.16.1.254 255.255.255.0 no ip address dhcp service-acl input ACL default-action permit-any ! interface vlan 1 name MANAGEMENT ip address 172.16.100.1 255.255.255.0 ! interface vlan 2 name "VOICE VLAN" ip address 172.16.200.1 255.255.255.0 service-acl input ACL ! interface vlan 3 name DATA shutdown ! interface gigabitethernet1 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable spanning-tree link-type point-to-point switchport forbidden vlan add 400 macro description switch !next command is internal. macro auto smartport dynamic_type switch ! interface gigabitethernet2 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable spanning-tree link-type point-to-point switchport forbidden vlan add 400 macro description switch !next command is internal. macro auto smartport dynamic_type switch ! interface gigabitethernet3 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet4 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet5 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet6 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet7 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard spanning-tree link-type point-to-point switchport mode access switchport forbidden vlan add 400 macro description switch !next command is internal. macro auto smartport dynamic_type switch ! interface gigabitethernet8 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet9 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet10 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet11 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet12 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet13 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet14 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet15 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet16 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet17 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet18 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet19 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet20 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet21 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet22 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet23 negotiation preferred master ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet24 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet25 negotiation preferred master description "TRUNK UP-LINK-2 | SWSG2" ip arp inspection trust ip source-guard storm-control broadcast enable spanning-tree link-type point-to-point switchport trunk allowed vlan add 1-3 switchport forbidden vlan add 400 macro description switch switchport default-vlan tagged !next command is internal. macro auto smartport dynamic_type switch ! interface gigabitethernet26 negotiation preferred master description "TRUNK UP-LINK-2 | PoE SW" ip arp inspection trust ip source-guard spanning-tree link-type point-to-point switchport trunk allowed vlan add 1-3 switchport forbidden vlan add 400 macro description switch !next command is internal. macro auto smartport dynamic_type switch ! interface gigabitethernet27 negotiation preferred master description "TRUNK UP-LINK-1 | ACCESS POINT" ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! interface gigabitethernet28 negotiation preferred master description "REMOVED FOR SECURITY" ip arp inspection trust ip source-guard storm-control broadcast enable switchport forbidden vlan add 400 ! exit banner login macro auto processing type host enabled macro auto processing type router enabled ip dhcp snooping ip dhcp snooping database ip arp inspection ip arp inspection validate ip arp inspection vlan 1 ip arp inspection vlan 2 ip arp inspection vlan 3 ip source-guard "REMOVED FOR SECURITY" encrypted ip ssh-client key rsa key-pair ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Comment: RSA Private Key "REMOVED FOR SECURITY" ---- END SSH2 PRIVATE KEY ---- ---- BEGIN SSH2 PUBLIC KEY ---- Comment: RSA Public Key "REMOVED FOR SECURITY" ---- END SSH2 PUBLIC KEY ---- . encrypted ip ssh-client key dsa key-pair ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Comment: DSA Private Key "REMOVED FOR SECURITY" ---- END SSH2 PRIVATE KEY ---- ---- BEGIN SSH2 PUBLIC KEY ---- Comment: DSA Public Key "REMOVED FOR SECURITY" ---- END SSH2 PUBLIC KEY ---- . encrypted crypto key import rsa ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Comment: RSA Private Key "REMOVED FOR SECURITY" ---- END SSH2 PRIVATE KEY ---- ---- BEGIN SSH2 PUBLIC KEY ---- Comment: RSA Public Key "REMOVED FOR SECURITY" ---- END SSH2 PUBLIC KEY ---- . encrypted crypto key import dsa ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Comment: DSA Private Key "REMOVED FOR SECURITY" ---- END SSH2 PRIVATE KEY ---- ---- BEGIN SSH2 PUBLIC KEY ---- Comment: DSA Public Key "REMOVED FOR SECURITY" ---- END SSH2 PUBLIC KEY ---- . encrypted crypto certificate 1 import -----BEGIN RSA ENCRYPTED PRIVATE KEY----- "REMOVED FOR SECURITY" -----END RSA PRIVATE KEY----- -----BEGIN RSA PUBLIC KEY----- "REMOVED FOR SECURITY" -----END RSA PUBLIC KEY----- -----BEGIN CERTIFICATE----- "REMOVED FOR SECURITY" -----END CERTIFICATE----- . encrypted crypto certificate 2 import -----BEGIN RSA ENCRYPTED PRIVATE KEY----- "REMOVED FOR SECURITY" -----END RSA PRIVATE KEY----- -----BEGIN RSA PUBLIC KEY----- "REMOVED FOR SECURITY" -----END RSA PUBLIC KEY----- -----BEGIN CERTIFICATE----- "REMOVED FOR SECURITY" -----END CERTIFICATE----- . config-file-digest "REMOVED FOR SECURITY"
Improve this question
2
  • 2
    You need to add the (sanitized) switch configurations to your question (using the {} function). As it is we can't see the port/VLAN configs. Commented Jul 18, 2019 at 4:42
  • Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can provide and accept your own answer. Commented Dec 15, 2019 at 4:59

1 Answer 1

Reset to default
3

Your unmanaged switch does not understand VLANs, so you can't trunk VLANs to it. You should not use it in a network with multiple VLANs.

Also, in your "sample config," you have two entries for interface vlan 1. Which one is it?

Improve this answer
2
  • Hi Ron, Thanks for your assistance- The x.1.254 is the Device IP... The x.100.1 is the VLAN IP Address for Management configured on the device for VLAN 100. I made a mistake during the edits for the Sample Config... – I will replace the non-managed switch with a Managed Switch. Is there anything else I need to do inorder to access resources on the Domain which is located in VLAN 1? All AD DS, DNS, PBX, and other Domain Resources reside on VLAN 1. The IP Phones are located on VLAN 2 and need access to Resources in VLAN 1. Commented Jul 20, 2019 at 18:31
  • Assuming you have routing between your VLANs, you should be good. If you still have problems, we’ll need to see the full configurations of all switches. Commented Jul 20, 2019 at 19:49

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.