cannot ping two devices through remote access-SSH

Mar 15th, 2007

one of our gold partner called me and advised that he cannot ping or SSh to two of the 4948 switch.however if he logged to the core switch the 6500 he can sub telnet to the 4900.but he cannot telnet directly through SSH to the 4900.i have checked the config for SSH on both device and this is configure correctly.can any one help and tell me why we cant ping or SSH to these two devices directly rather than telneting to the core device it self before telneting to the 4900s.This is very urgent

Jon Marshall Thu, 03/15/2007 - 02:04


Is the core device sharing a common management vlan with the 4948 switches ?. If so and you can ping/telnet from the core device but not from remote devices have you checked the routing setup.

What is the default gateway on your 4948 switches ?.

A bit of explanation about how our switches are connected and some IP addressing would help.



aaberdeen Thu, 03/15/2007 - 03:24

Thanks for yr reply Jon,

we can ping and telnet from the core device to the 4900 but we cannot directly connect to the 4900 from SSh

Should the default gateway be that of the 6500 core switch?

I have added more information 4 u

The 4848 switches are connected to the 6509s via Etherchannel links. All our other edge switches are also connected to the core. All these devices are in the same management VLAN. We have a problem remotely managing the 4848?s from other VLANS but all other devices can be accessed. The 4848s don?t respond to ping either from these other VLANs.

We?ve had a look at the firewall but cant see anything that points towards a firewall issue. We could be wrong tho

Jon Marshall Thu, 03/15/2007 - 03:34


the default gateway on the 4948 switches should be the layer 3 interface for the management vlan.

Can you ping this interface from the 4948 switches ?

You mentioned a firewall - where does this sit in your topology ?


aaberdeen Thu, 03/15/2007 - 04:35

Thanks 4 yr prompt reply

no we cannot ping the ip addr on the manegement vLAN.when you said to ping the layer3 ip addr from the management VLAN wat do u mean? we have to bear in mind that we want and be able to telnet and ping the 4900 through SSH rather than log in to the core and then log in again to the 4900.

we have now eliminated firewall

the default gateway on the 4900 is

aaberdeen Thu, 03/15/2007 - 04:48

CAn you tell me wat i should look four in the routing set-up we are trying to ping and telnet to VLAN 10 with an ip addr of

info attached:

Interface IP-Address OK? Method Status Protocol

Vlan1 unassigned YES NVRAM down down

Vlan10 YES NVRAM up up

GigabitEthernet1/1 unassigned YES unset up up

Jon Marshall Thu, 03/15/2007 - 05:04


Just to clarify. This is how i understand what you have set up

You have a management vlan for the switches. The layer 3 SVI for this vlan is on your core switch.

The other switches you have all have IP addresses for management from the same management vlan.

Each switch should have a default gateway set and this default gateway should be the Layer 3 SVI on your core switch. (If you are running a pair of core switches you may well be using HSRP so your switches default gateway would be the virtual IP.

The vlan that your switch layer 3 management is in, is this the same vlan as the management vlan ie.

what vlan interface is the default gateway in ?

if you cannot ping the default gateway from the switch this sounds like you have your vlans messed up.

Could you provide configs of the 4948, the core switch and another switch that works


aaberdeen Thu, 03/15/2007 - 05:17

Thanks for yr reply i have attched the config of the 4948 thats havin problems with ssh and i have attached the config of another switch that can SShsuccessfully if u need more information pleasle let me know

The 3600 switch works successfully.please let me know if u want the core config as well




Jon Marshall Thu, 03/15/2007 - 06:34


The default gateway on your 3560 is

You have said in one of your previous replies that the default gateway of the 4900 was

They are both in vlan 10. Why is the 4900 switch pointing to a different gateway. Have you tried changing it to point to the same gateway - ?



aaberdeen Fri, 03/16/2007 - 07:20

Sorry but both devices ie the 3560 and the 4900 are using the same default gateway of

aaberdeen Fri, 03/16/2007 - 07:22

i also want to mention on the 4900 and the 3600 we can ping and respoce time are ok

aaberdeen Fri, 03/16/2007 - 07:23

No i am afraid we are still owkring on this and more suggestions

aaberdeen Fri, 03/16/2007 - 10:23

Any suggestion at all still cant SSHed to the 4900 directly i have checked the config and the default gateway ip addr is configured


