VLANs with DHCP on SG 200-50 switches

Similar Messages

• Black hole VLAN with DHCP

  I'd like to create a blackhole VLAN (maybe not a good name for it) for two reason.s 1 assign it to unused ports and turn them off. 2 so when a tech goes to install a device and the port is enabled they would pull an unrouted DHCP ip address.
  My questions what is the best way to create the unrouted DHCP scope for this blackhole VLAN. From my testing I have to create an SVI on the blackhole VLAN to assign it a DHCP scope. I don't want the devices that pull an address to be able to talk to anything. Is there a better way to do this? Would I have to put a ACL on the VLAN to stop all network traffic on this VLAN?

        Just create a layer 2 vlan  and "do not"  create an SVI.  It cannot be routed anywhere because there is no SVI associated with the L2 vlan.   All the devices will do is eventually get a default microsoft address of 169.x.x.x .   You should not even need to define any scope for the created vlan .

• Guest VLAN with SG-200

  I'd like to use the SG-200 to create an isolated guest VLAN that cannot access the secure LAN, except of course for the router. This post discusses the necessary ACE's to use with an SG-300, but it's not clear that this level of access control exists on the SG-200. Is it possible to isolate a guest VLAN with the SG-200? My network is a roaming (bridged) network that looks like this:
  [Modem] — [AE Router] — [Switch] — [Roaming Wifi]

  Thank you very much for the pointers. I found a way to use the router as my VLAN, keeping the SG-200 as a simple switch. This turns out to be the best option because my router doesn't support ACL's or multiple VLANs that would be used for isolating VLANs on my level 2 switch.
  This router-based solution involved resolving a simple DNS issue. My router gets DNS from the server, which the router's VLAN guests cannot see. Configuring DNS by hand on guest clients (e.g. Google DNS 8.8.8.8, 4.4.4.4) provides guest internet access, isolated from the LAN, all with roaming. And I'm using one less piece of hardware by using the router's VLAN. Thanks again.

• Series 200 Smart Switch not communicating, DHCP blocked

  I have a small, simple small business network.  There are 2 switches - an 8-port switch connected to my main Windows server (which is the DHCP provider for the network), and a 24-port switch which is plugged into the 8-port switch.
  I replaced these switches (Dell unmanaged switches) with the Cisco 200 series smart switches (the 8-port and 26-port models).  When I plug the 26-port switch into the 8-port switch, it is unable to get its DHCP address from the Windows server.  Also, any device plugged into the 26-port switch cannot communicate with any other device, and all of the ethernet port lights flash at the same time at the same frequency - quite a light show!
  If I plug the Windows server DIRECTLY into the 26-port switch it receives a DHCP address.
  I have tried a 2nd Cisco 26-port swtich and it does the same thing, so I assume it is not a hardware issue.
  What is the solution to this problem?

  Louis,
  Try this, go into the first 200 series switch that is connected to the server and go to the spanning tree tab. 
  Under the spanning tree tab properties, set the bridge priority to 0.  This makes this switch the spanning tree root.
  Try this and see if the second switch passes traffic and receives and ip address.

• Can not connect with dhcp - renew dhcp lease will switch directly to manuel

  If have the following problem
  I us apple Airport extreme to connect to internet.
  I have 5 Macs, all connecting with airport . They work fine with DHCP. Since 2 weeks I have a problem that one computer – a mac book pro with 10.5.6 will not connect.
  When I switch to dhcp and select renew dhcp lease it switch directly back to manuell. I have no chance to connect with dhcp.
  Has anyone a suggestion?
  Thanks

  Wonder why Apple hasn't chimed in on this one...
  Whenever you have an issue like this where it's fine, then DHCP stops working for any reason.... Reset the PRAM.
  How to:
  Apple Logo -> Restart.
  After the screen goes black -> Hold down all 4 keys until you hear the third Bong.
  "Option"+[Apple Logo OR key to the left of the space bar]"P""R"
  After the third BONG or Apple Chime whatever you want to call it. The system's Parameter Ram or to the PC Crowd the CMOS has been reset. This resets your clock, brightness, volume, etc.... So things will get reset along the way but it also resets the IRQ and DMA stats on the logic board. Ala, reseting your Airport's Connection to the logic board, Controllers, etc.

• VLAN with 2 switch ESW - 520

  For test I used 2 Switch that name "ESW X" and "ESW Y"
  I have 2 network that I named "Network A" and "Network B"
  I build 2 VLAN for each network that named Vlan 2 for Network A and Vlan 3 for Network B, I don't use Vlan 1 because it's the default Vlan
  Configuration ESW X:
  port e1 : ACCESS PORT on UNTTAGGED Vlan 2
  port e2 : ACCESS PORT on UNTTAGGED Vlan 2
  port e3 : ACCESS PORT on UNTTAGGED Vlan 3
  port e4 : ACCESS PORT on UNTTAGGED Vlan 3
  port g3 : TRUNK PORT with UNTTAGGED Vlan 1(default) and TAGGED Vlan 2 and Vlan 3
  Configuration ESW Y:
  port e1 : ACCESS PORT on UNTTAGGED Vlan 2
  port e2 : ACCESS PORT on UNTTAGGED Vlan 2
  port e3 : ACCESS PORT on UNTTAGGED Vlan 3
  port e4 : ACCESS PORT on UNTTAGGED Vlan 3
  port g3 : TRUNK PORT with UNTTAGGED Vlan 1(default) and TAGGED Vlan 2 and Vlan 3
  I Use for test 2 computer with the same IP class adress.
  Test Result :
  Communication between ESW X e1 and ESW x e2 =>OK
  Communication between ESW X e3 and ESW x e4 =>OK
  Communication between ESW Y e1 and ESW Y e2 =>OK
  Communication between ESW Y e3 and ESW Y e4 =>OK
  Communication between ESW X e1 and ESW Y e1 or e2 =>NOK
  Communication between ESW X e2 and ESW Y e1 or e2 =>NOK
  Communication between ESW X e3 and ESW Y e3 or e4 =>NOK
  Communication between ESW X e4 and ESW Y e3 or e4 =>NOK
  Each Vlan can't communicate between the two switch, I think they're a problem in my vlan/port configuration, can you help me.

  Hi Thibaud,
  Thank you for the purchase of the ESW switches.
  Just out of interest, are you using the latest  firmware on your ESW switch version 2.1.19 
  But you sure sound like you have a great understanding of Tagged and untagged VLANs  from you posting description..great stuff.
  I just tried your configuration, I can communicate between ESW540-24P switch and a SF300-48P switch.
  Sorry,  I don't have two ESW switches handy. But it should not matter. Standards based  Ethernet is hopefully just standards based ethernet
  My vlan configuration below for my ESW540-24P,  and it's working just fine.
  I  just connected switch ports 24 between the two switches together, that's why port 24 is tagged in each of the screen shots below.
  I would really really doubt you would have a problem, unless there is something fundimental or basic you have done such as not saving the running configuration to the startup configuration.  Obviously not backing up tjhe configuration before a power down will kill the configuration.
  ( saved your configuration within each switch)
  Here is a copy of a section of my switch running  configuration, that resulted from me playing with the ESW configuration utility.
  (note that my switch has all Gigabit ethernet ports;)
  interface range ethernet g(1-2)
  switchport trunk native vlan 2
  exit
  interface ethernet g24
  switchport trunk allowed vlan add 2
  exit
  interface range ethernet g(3-4)
  switchport trunk native vlan 3
  exit
  interface ethernet g24
  switchport trunk allowed vlan add 3
  exit
  If you are still having issue, here is the contact URL  for the Small Business Support Center, maybe a fresh set of eyes can spot the issue;
  http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  regards Dave

• VLAN with 1700 router and Linksys switch

  I am trying to use a 1700 router to route between to IP subnets on two different VLANs setup on a Linksys switch. I do not have access to the switch so I am working with another tech that handles the switch. I setup two subinterfaces on the FE port of the router. Int Fa0.1 uses IP 1.1.1.1 and VLAN 1 native using 802.1q. Int Fa0.2 uses IP 2.2.2.2 and VLAN 2. I asked the switch tech to setup his switch accordingly. My problem right now is that the router will only ping IPs on the native VLAN. Meaning if I make Fa0.1 VLAN 1 native I can ping devices on 1.1.1.0/24 and if I make Fa0.2 VLAN 2 native then I can ping on 2.2.2.0/24. When I passed this along to the tech he explains something about setting up his ports for tagged or untagged but I don't know who this would apply to the router but he doesn't have a solution either. Is there anythin I can do on the router side to fix this?
  Thanks,
  Diego

  hi,
  I've tried connecting cisco to non cisco devices.Tagged ports simply means allowing different vlan to pass to that port and Untagged is passing only the native vlan.For your case since you want that two VLAN will communicate,port should be tagged.Tagged is simply trunking in terms to cisco.So that the 802.1q frames will pass that port.

• Wrvs4400n vlans/ssid/dhcp issue

  Hi all,
  it will be great if someone will help me with my problem.
  the problem is : our wrvs4400n  wifi router configuration.
  network description: we need 2 separated wifi networks one for guests and one for internal access, and i configured them on router, and also configured each one of them to different vlan, guests to vlan 200 and internal use default vlan 1.
  vlan 1 configured as dhcp relay and its working pritty well.
  vlan 200 configured as dhcp and the problem begins here.
  somehow  on vlan 200 i get dhcp from our externam dhcp server,
  wrvs4400n conected  as follow> lan port1/vlan 200 connected to firewall port(configured as vlan 200) and lan port 4/vlan1 conected to our main switch wich connected to firewall also.
  i guess that my knowlege in networking its not so good......
  how can i prevent from our internal dhcp to comunicate with vlan 200 ,
  any help will be very appreciated.

  Hi Rich,
  You cannot have different L3 VLANs sharing the same subnet.
  Each VLAN must have it's own subnet and then you have a routing device routing between both VLANs.
  You should have a DHCP pool also for VLAN 111 configured on the DHCP server.
  Even if you have ip helper address configured and this should be done on the VLAN111 interface of the switch, you still need a DHCP pool for VLAN 111 because the DHCP discovery is coming on VLAN 111.
  Please take a look into this document:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a0080665ceb.shtml.
  Here it explains how to configure 2 ssids on 2 vlans and dhcp pool (on the switch itself) for each vlan.
  HTH,
  Tiago
  If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

• Can I use DHCP snooping and IOS DHCP server on the same switch stack

  Hello,
  I am shortly going to be deploying a Cisco CallManager solution for a customer whose network comprises stacks of Catalyst 3850 switches.
  There is no separate core/server farm switch so the CallManager servers, voice gateways and IP phones will all plug into the same stack and be in the same VLAN (not my choice!).
  For security we want to enable DHCP snooping and were planning on using the IOS DHCP server on the Catalyst switch stack.
  Will this work? - when I enable DHCP snooping in networks with separate access layer switches I set the uplinks to the core as trusted links.
  I am not sure whether DHCP snooping will work in this case. Do I need to set the VLAN interface on the switch as trusted, is this even possible?
  Unfortunately I do not have access to a layer 3 switch to test this at the moment.
  Thanks

  Nope.  That's the issue.
  They'll sync on a third device acting as a hotspot, but the device sending a signal is not "on" the network it creates so the airport is all by itself on that network.  At least that is what it looks like to me.  Anyone have another take on it?  Seems pretty silly that an iPad can put out a wifi signal, an Airport Express can receive a wifi signal, and yet there is no simple way to get them to communicate under this particular condition.

• How do I add a Subnet and vlan with a catalyst 3550 and RV120

  Hello Friends.
  I have a scenario that i'm hoping i can get some help with. I'll be as detailed and descriptive as i can.
  This is for a business with 100 employees nodes and 100 camera nodes all needing IP internet through private addressing and public gateway.
  I have a business class gateway with a private range of 12 public addresses. Ther modem does nothing but act as a gateway since i have disabled the firewall and DHCP.
  In place of the firewall and DCHP from the modem i have installed a RV120 Firewall with VPN. When installing i replicated the IP scheme of the modem as to not disturb and distrup the devices assigned addresses from that scheme from the modem. I did this because the owner could not have any down time or any disruption to the business operations.
  The RV120 now acts as firewall , DHCP , and VPN. I'll address the subnet first. I's using 10.0.0.0/24 subnet range.
  DHCP is assigning 10.1.10.50 - 10.1.10.100 the rest are static and i plan to use static DHCP with the IP and MAC assigned to each static DHCP address.
  There are 100 cameras with static IP addresses in the range of 10.1.10.11 - 10.1.10.40, and 10.1.0.1.101 - 10.1.10.170.
  VPN uses PPTP assigned address 10.1.10.6 - 10.1.10.10.
  There are no layer 3 switches that i know of. Just a layer two that is the primary swith and ports have run out, and various out of the box switches and wireless access points connected to the primary switch.
  I want to implement subnets into the network and VLANS as well on a new Layer 3 switche from cisco. Thinking 3550 from Cisco or one of the older layer 2 switches with layer three capabilities.
  I also want to introduce a 192.168.0.0/24 IP range for the existing wireless network and segment the traffic from the rest of the traffic on other ranges.
  I want to replace the 10.0.0.0/24 DHCP alltogether and the static addresses for end user nodes on the same network, but keep that range just for camera nodes segmented.
  I want to implement a NEW end user IP range and VLAN for employee/guest networks using the 172.16.0.0/24 range.
  Iv'e thought of replacing all the wireless nodes with RV120's and use VLAN. Dont know if that strategy works. Need to think it through.
  I want the 192.168.0.0/24 IP range comunicate to with the 172.16.0.0/24 and possibly the 10.0.0.0/24 range.
  Any advice on how to do this?
  As a side note the next step after this is to install a server domain controller as all the computers are all stand alones in their own workgroups. It's a simultaneous project that will introdue a DCHP, WINS, DNS server.

  Hi Omid, it sounds like you're proposing the 3550 switch but you're not decided yet. The 3550 switch is a pretty old device and needs enhanced multilayer image. It may be more prudent to use a more current switch such as small business SG300 or SG500 as the feature set is more rich and it supports around 480 LAN connections.
  To answer the inquiry, the RV120W, when you create a VLAN it will automatically create an IP interface. From this you may assign subnet as you like along with 'enable or disable' for inter vlan routing. Since the RV120W has this feature, a layer 3 switch is not required unless you are looking to keep the routing load smaller by routing locally with the switch.
  With Catalyst or a small business switch you would need to create a VLAN. After creating the VLAN, on a Catalyst you can simply issue "switchport trunk encapsulation dot1q" on the desired interface and all VLAN will passage without issue. For a port connecting a user "switchport mode access" "native vlan xx" This will assign the port as untag member of the desired VLAN.
  If using a small business switch, it is slightly different, you still create the VLAN but the command issue is a bit different  "switchport trunk allowed vlan add xx" for the link to the router, where xx = the VLAN ID to tag to the router. For access client it remains the same as Catalyst.

• Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

  Hello,
  I have an Spanning tree problem when i conect  2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior  like one switch  for redundancy, with one IP of management)
  In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
   I dont know but do you like this solutions i want to try on sunday?:
   Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
  Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
  Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
  ¿could you help me to control the root? ¿Do you think its better another solution? thanks!
   CONFIG WITH PROBLEM
  ======================
  3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
  interface GigabitEthernet2/0/28
   description VIRTUAL SNMP2
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   logging event trunk-status
   shutdown
  interface GigabitEthernet1/0/43
   description VIRTUAL SNMP1
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   shutdown
  DELL M6220: (its only one swith)
  interface Gi3/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit
  interface Gi4/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• Configure vlan with SG 300-10P and SA 520

  Hi All,
  Forgive my ignorance but i need some help for basic configuration.
  I bought for a little office  a SA520 Security appliance (for future VPN with another distant office) and a SG 300-10P switch for connect 3 PC and 3 IP PHONE. THe SA 520 is the router. I must configure 2 VLANs on the switch :
  VLAN2 : DATA (for PC)
  VLAN3 : VOICE (for IP PHONE)
  VLAN1 : DEFAULT.
  How can i simply configure all ports ?
  I would like to configure ports 1-4 on VLAN2 and ports 5-8 on VLAN3 and port G10 is reserved for the router SA520.
  I want to divise network DATA/VOICE.
  I think i must create a trunk on G10 for SA520 ...
  Does anyone can help me?

  Hi Julien,
  Ok sounds like you are using the default vlan for management on the network  and vlan 2 for data  and vlan3 for voice.
  I am using a simulator for this, my SA520 is loaned out at the moment.
  Step 1   On the SA520  add vlan 2 and vlan 3  and label them data and voice respectively. 
  Step 2. Lets use switch port 4 on the SA520 as a trunked port to the SG-300.
              (my intention is to use untagged vlan1, tagged vlan 2 and tagged vlan 3 on  the uplink from the switch and the SA500.)
            To do this I have to tell the SA520 that switch port 4 will be in trunking mode and not access mode.
  You will have to tick off the membership of vlan 2 and vlan 3 on switch port 4.
  Step 3.  Now add some IP addresses for VLAN2 and VLAN3
  Step 4.  Create some DHCP scopes if that is what is needed on the SA520
  So by now hopefully we have the SA520 with  IP addresses associated with VLAN1, VLAN2 and VLAN3
  We also have switch port 4 as a trunk interface
  We are propogating untagged vlan1 and tagged vlan2 and tagged  vlan3 to the SG-300 switch.
  We have to do the opposite on the SG-300 switch.
  If you are using G10 as the uplink to the SA520 you will note by default  port 10 should already be in trunk mode.
  switch port G10 should be tagged for vlan 2 and tagged for vlan3.  By default Gi10  it will be untagged for vlan1.
  Make sure you set up the rest of the switch ports appropriately. 
  regards Dave

• VLAN with Cisco WAP4410N an Cisco SG300-28

  Hi,
  I am trying to configure my WAP410N with two SSID's on two different VLAN.
  SSID 1 should be using VLAN ID 1 and SSID 2 should be using VLAN ID 20
  I have a Cisco SG 300-28 switch wich I have configured with to VLAN, ID 1 and 20. ID 20 has port 20 and 21 assigned to it.
  I also have a firewall with a DMZ-port and a DHCP server running on the DMZ-port.
  Cabling OK.When I connect a PC to port 21 on the switch and my DMZ-port on the firewall to port 20 everything works fine - I get IP from the firewall and i can access internet from the PC with a DMZ adress.
  Wireless problem. When I connect to SSID 1 on the AP I get IP from my server on the LAN wich is correct, but when I connect to SSID 2 I get nothing. It seems like the DHCP from the firewall does not travel trough the AP.Although the fact that I'm not getting any adress from my LAN server probely means that I am on the VLAN in some way.
  Anyone has any idea?
  Regards
  Mikael

  Hi David,
  Thanks for your answer.
  I have tried to set up the wirelesscard with a static IP - it does not work. I can not ping anything execpt myself.
  It seems to me that i am on the VLAN 20 when i connect to SSID 2 but I am not able to find VLAN 20 in the switch. It is just as the AP is not attached to any network.
  I will look at the DHCP relay options on the switch and try that.
  regards
  Mikael

• Voice VLAN with SRW224G4P

  Hi all,
  I have been trying to config a voice vlan into this switchs for the last 3 hours and for me this is impossible... I know how to do in a IOS switch but with this switchs is a nightmare...
  I have this topology,
  PC ---- IP phone ----- SW1 SRW224G4P -------- SWCORE SRW2024 --------- Router 2921 CME
  I have this config in my router,
  interface GigabitEthernet0/0
  no ip address
  duplex auto
  speed auto
  interface GigabitEthernet0/0.1
  description LAN
  encapsulation dot1Q 1 native
  ip address 192.168.5.95 255.255.255.0
  ip virtual-reassembly in
  interface GigabitEthernet0/0.100
  description Voice VLAN
  encapsulation dot1Q 100
  ip address 192.168.251.1 255.255.255.0
  ip virtual-reassembly in
  SW1 has created the VLAN 100 and enabled as VOICE VLAN
  The first 3 octes of the mac of my phone is inserted into Telephony OUI Table
  The Auto Voice VLAN Membership is enabled in the port where phone is attached.
  The port that is conected to SWCORE has the vlan 100 configured as tagged.
  SWCORE has created the VLAN 100 and enabled as VOICE VLAN
  The port that is conected to SW1 has the vlan 100 configured as tagged.
  The port that is conected to router CME has the vlan 100 configured as tagged.
  If I config other port into SWCORE with VLAN 100 tagged I can ping from CME to that host.
  Could be the problem a vlan propagation error?
  Somebody could help me? I am desperate...
  Thank you in advance.

  Hi David,
  Thank you for the purchase of the switch.
  .Like anything,  even riding a bike,  the switch is actually very easy to configure, if you have a little bit of practice on it.. 
  You mentioned you are using the " Telephony OUI Table" i guess you have a SF300-24P or ordering p/n SRW224G4P-K9-NA.  Please be specific with the switch models you are using. 
  Are you using the older SRW series or the refreshed SRWxxx-K9 (300 series) switch in the core?
  Firstly, make sure you are using version 1.1.0.73 of the switch firmware. Do that change now or verify that 1.1.0.73 is the active image on the switch.
  The switch has two areas for storing firmware images.  It stores the new firmware in the unused image area.  Check the administration guide for how to upgrade firmware and select new firmware for the next reboot.
  CDP is enabled on the switch when you use the new software, it was not there with older firmware, hence my insistance at upgrading firmware.
  ( Personally  i would prefer you to have a catalyst switch for your ISRG2 CME application, for tech support purposes. But this is the land of the free..)
  I found the following when I added my SG300-28P  to a VLAN aware UC500.
  The UC500  was advertising vlan100 as a voice vlan, configured that by Cisco Configuration Assistant, you might try CCP on your ISR.
  I had a IP phone plugged into switch port G7 and a uplink to my UC500 via port Gig27. 
  The following in blue is a screen copy from my 300 series switch CLI interface.
  You will note the switch automatically populated both VLAN and port information, the only command I added was "no passwords complexity enable," and some usernames,  which  removed from the screen capture below.
  the switch basically configured itself.
  ------------------ show system ------------------
  System Description:                       28-port Gigabit PoE Managed Switch
  System Up Time (days,hour:min:sec):       00,00:12:04
  System Contact:                          
  System Name:                              switch4cf17c
  System Location:                         
  System MAC Address:                       d0:d0:fd:4c:f1:7c
  System Object ID:                         1.3.6.1.4.1.9.6.1.83.28.2
  Fans Status:                              OK
  ------------------ show version ------------------
  SW version   1.1.0.73 ( date  19-Jun-2011 time  18:10:49 )
  Boot version  1.0.0.4 ( date  08-Apr-2010 time  16:37:57 )
  HW version    V01
    Gateway IP Address        Activity status       Type  
  192.168.10.1            Active                  dhcp    
      IP Address         I/F       Type       Status   
  192.168.10.17/24    vlan 1    DHCP        Valid      
  ------------------ show ipv6 interface ------------------
  IPv6 is disabled on all interfaces
  ------------------ show running-config ------------------
  interface gigabitethernet7
  storm-control broadcast level 10
  exit
  interface gigabitethernet7
  storm-control include-multicast
  exit
  interface  gi27
  spanning-tree link-type point-to-point
  exit
  vlan database
  vlan 100
  exit
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  hostname switch4cf17c
  no passwords complexity enable
  no snmp-server server
  interface gigabitethernet7
  macro description ip_phone_desktop
  exit
  interface gigabitethernet27
  macro description "switch | no_switch | switch"
  exit
  interface gigabitethernet7
  !next command is internal.
  macro auto smartport dynamic_type ip_phone_desktop
  switchport trunk allowed vlan add 100
  exit
  interface gigabitethernet27
  !next command is internal.
  macro auto smartport dynamic_type switch
  switchport trunk allowed vlan add 100
  exit
  switch4cf17c#sh cdp nei
  Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                    S - Switch, H - Host, I - IGMP, r - Repeater, P - VoIP Phone
                    M - Remotely-Managed Device, C - CAST Phone Port,
                    W - Two-Port MAC Relay
    Device ID        Local      Adv  Time To Capability   Platform     Port ID
                     Interface  Ver. Live
  SEP503De50F133A      gi7      2     158      H P     CISCO IP        eth0
                                                       Phone
                                                       SPA525G2
  68bdab0fdcfd        gi27      2     169      S I     Cisco SG         gi9
                                                       300-10P
                                                                                             (PID:SRW2008P-K9)-VSD
  switch4cf17c#sh vlan
  Vlan       Name                   Ports                Type     Authorization
  1           1                gi1-28,Po1-8           Default      Required
  100         100                 gi7,gi27            permanent    Required
  Switch automatically figures which ports should be tagged into VLAN 100.
  I did not tell the switch it was connected to VLAN100. I did not add vlan100 to the VLAN database.
  So get the ISR router to advertise VLAN100 as a voice vlan.
  regards Dave

• NICs with the same MAC on one switch

  Hi all,
  Presuming that we connect 2 NICs with the same MAC to one switch (port1 and port2), what would a switch handle such condition? Will the MAC table be messed up?
  Actually, in a cloud computing environment, different VMs from different customer might connect with the same virtual switch and both VM could have the same MAC and/or IP address.
  I just wondering how could a switch handle this.
  thank you!

  Alain's answer is a good one..
  It breaks the fundamentals of switching to have TWO separate physical ports registering the same MAC address in the CAM table. As he mentioned, the switch would have to constantly rewrite the CAM entry each time a frame appears from a different physical interface.
  If the two identical MAC addresses appeared on the same physical port, that does not break any "rules" of switching - all you would see is 1 entry in the switch for that physical interface.
  As for your follow-up question regarding the cloud environment. I can't say I have any experience in that type of environment, but I would say that Private VLANs might be one of the potential answers.