cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11017
Views
0
Helpful
6
Replies

can't telnet to cisco 3750 switch (at vlan 1 ip-address)

mzokov_vit
Level 1
Level 1

Hi, all..

At my Cisco 3750 switch I have 2 vlans...vlan1 and vlan 100. In both vlans the switch has an IP-addresses..

I can succesfully Telnet to the vlan100's ip-address.

Trouble exists if I try Telnel to the vlan1 ip-address.

Sure, I use a router for intervlan routing. But no one ACLs exist on a router.

Is there any hidden rules at 3750 that prevent Telnet to the Switch from NON-NATIVE vlans??

1 Accepted Solution

Accepted Solutions

Vitaliy

If you do not change the login local or configure a user ID and password, then I do not see how telnet will work to this switch.

And another aspect of the issue became apparent when I reviewed the configuration. The switch config does not enable ip routing. This means that the switch is operating as a layer 2 switch. And one characteristic of layer 2 switches is that they have only a single active VLAN interface. Try enabling ip routing on the switch and see if it changes the symptom of telnet to the switch VLAN 1 interface.

HTH

Rick

HTH

Rick

View solution in original post

6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

Vitaliy

I do not believe that there are "hidden" rules that prevent telnet on the 3750.

My first question would be to verify whether interface VLAN 1 is up/up? If the interface is not up/up then telnet will fail. Could you post the output of show ip interface brief to verify this?

My second question would be to verify whether the IP address of VLAN 1 is reachable from the PC? Can the PC ping the address of VLAN 1?

If the interface is up/up and if the PC has good IP connectivity then we may need to look at how the 3750 is configured.

HTH

Rick

HTH

Rick

Rick

Vlan1 interface is UP.

PC is in vlan100 "subnet". IP connectivity is OK. From my PC I can ping vlan1 interface on 3750 switch.

SH run and Sh ip int brief are in attachment.

According to my config, my PC is in vlan301. PC connected to the cisco 2960 switch. 2960 also has ip-adderss in vlan1. It amazing, but I can telnet to 2960, but can't telnet to 3750.

Vitaliy

I have looked at what you posted and have these comments about it:

- your original post talks about having VLAN 100 and being able to telnet to it. But there is no VLAN 100 in either the show ip interface brief or in the config. Why is there this inconsistency? Am I looking at the right switch config?

- this post describes your PC as in VLAN 301. But the config has no ports assigned to VLAN 301. Perhaps we need some clarification about the topology.

- The way this switch is configured there is a problem with telnet. The vty ports specify login local:

line vty 0 4

login local

transport input all

line vty 5 15

login local

!

and login local will authenticate using locally configured user ID and password. But there is no user ID configured on this switch. So authentication will always fail.

HTH

Rick

HTH

Rick

Rick

I was wrong about vlan100...sure a PC is connected to the port in vlan301. PC connected to the Cisco 2960 Switch...and at 2960 port is in vlan301. 2960 connected to 3750 through trunck link.

vlans 1 and 301 are exist at both 3750 and 2960 switches.

PC can telnet to the 2960 by the ip-address in vlan1. But can't telnet to 3750.

I will say again, that PC can ping ip-address in vlan1 at the 3750.

The topology is classical...I use "router-on-a-stick" for intervlan routing. I sure that routing works correct, because of availability to telnet to the 2960 by the ip-address in vlan1.

If it is necessary to post topology overciew, I can do it.

Vitaliy

If you do not change the login local or configure a user ID and password, then I do not see how telnet will work to this switch.

And another aspect of the issue became apparent when I reviewed the configuration. The switch config does not enable ip routing. This means that the switch is operating as a layer 2 switch. And one characteristic of layer 2 switches is that they have only a single active VLAN interface. Try enabling ip routing on the switch and see if it changes the symptom of telnet to the switch VLAN 1 interface.

HTH

Rick

HTH

Rick

Rick, great thanks !!!

You are right.

If PC connected to the port in vlan301 (for example), so I can telnet only to the IP-address of the 3750 in the vlan310, but not in any other vlan.

Could you explain me why is that?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: