SSH or Telnet not working

Answered Question
Feb 9th, 2010

I have a 3750 (layer 2) switch hanging off core swich 4. A trunk connection  is running between the two.


In order to access core swi4 we use SSH from my workstation .


My question is i cannot telnet  or ssh to 3750 which has an ip of 192.168.21.11 (vlan 21) from my workstation.

The only way i can access 3750 is by ssh to core 4 and then telneting it to 192.168.21.11 (3750)


ospf network 192.168.21.0  0.0.0.255 is on core 4


transport input ssh telnet  is configured on vty lines of 3750

Correct Answer by Jon Marshall about 7 years 1 week ago

gurkamal01 wrote:




As general practice if closet has an SVI for my PC's  vlan and  the connected core switch also an SVi for same vlan what do i use as my default gateway?? closet SVI or Core SVI


With the traceroutes you need to go onto the device where it stopped and work out why it cannot go any further. If in the case of the 3750 the traceroute only produced stars from the start then you need to logon onto the 3750 and work out why it has not route to your host. Is this 3750 acting as a L2 switch ?. If so check it's default-gateway, if it has one because it sounds like it might not.


As for which SVI to use i covered this in the other thread. If the closet switch is L2 then use the core SVI as default-gateway.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Tue, 02/09/2010 - 16:26

gurkamal01 wrote:


I have a 3750 (layer 2) switch hanging off core swich 4. A trunk connection  is running between the two.


In order to access core swi4 we use SSH from my workstation .


My question is i cannot telnet  or ssh to 3750 which has an ip of 192.168.21.11 (vlan 21) from my workstation.

The only way i can access 3750 is by ssh to core 4 and then telneting it to 192.168.21.11 (3750)


ospf network 192.168.21.0  0.0.0.255 is on core 4


transport input ssh telnet  is configured on vty lines of 3750


Which vlan is your client in ?


Which switch is your workstation connected to ?


Have you set an "ip default-gateway" on the 3750 switch ?


Where is the L3 interface for vlan 21 that routes traffic for that vlan ?


Where is the L3 interface for your workstation vlan if it is a different vlan than 21 ?


As you can see we need a lot more information to help you out.


Jon

gurkamal01 Tue, 02/09/2010 - 17:32

  Thanks for askng the information i am just learning


  1. My client is in vlan 31
  2. My workstation is connected to closet floor switch vwhich is connected to core 2. L3 interface for vlan 31 is on the closet swi and on core Swi2
  3. 3750  default gateway is pointing to 192.168.21.1 which is  Swi6 . Swi6 has  a trunk connecton   to core 4 .

        Also core 4 as an SVI for vlan 21 as 192.168.21.2.

  4. L3 interface for vlan 21 is on core 4 as mentioned above.

  5. L3 interface for vlan 31 is on the closet swi and on core Swi2


Vlan 31 and and vlan 25 are production subnets which are common vlans on all 4 core switches

Ganesh Hariharan Wed, 02/10/2010 - 00:44

Thanks for askng the information i am just learning


  1. My client is in vlan 31
  2. My workstation is connected to closet floor switch vwhich is connected to core 2. L3 interface for vlan 31 is on the closet swi and on core Swi2
  3. 3750  default gateway is pointing to 192.168.21.1 which is  Swi6 . Swi6 has  a trunk connecton   to core 4 .

        Also core 4 as an SVI for vlan 21 as 192.168.21.2.

  4. L3 interface for vlan 21 is on core 4 as me  ntioned above.

  5. L3 interface for vlan 31 is on the closet swi and on core Swi2


Vlan 31 and and vlan 25 are production subnets which are common vlans on all 4 core switches


Hi,


All vlans are permitted in trunk in all switches and are you able ping the 3750 switch from client if not where is traceroute goes to 3750 from your client end.


Ganesh.H

Jon Marshall Wed, 02/10/2010 - 01:03

gurkamal01 wrote:


  Thanks for askng the information i am just learning


  1. My client is in vlan 31
  2. My workstation is connected to closet floor switch vwhich is connected to core 2. L3 interface for vlan 31 is on the closet swi and on core Swi2
  3. 3750  default gateway is pointing to 192.168.21.1 which is  Swi6 . Swi6 has  a trunk connecton   to core 4 .

        Also core 4 as an SVI for vlan 21 as 192.168.21.2.

  4. L3 interface for vlan 21 is on core 4 as mentioned above.

  5. L3 interface for vlan 31 is on the closet swi and on core Swi2


Vlan 31 and and vlan 25 are production subnets which are common vlans on all 4 core switches


I think if we are going to help properly we may need a topology diagram showing all the interconnections as it seems a bit confusing at the moment.


Your answer to question 2  & 5, you have an SVI for vlan 31 on both closet switch and core switch2. Which of these SVI IP addresses are you using as your default-gateway on the workstation ?


Jon

gurkamal01 Wed, 02/10/2010 - 13:06

Thanks for the Reply as always


I attached a visio diagram for the Core design


Vlans and switches are marked red in the diagram pertaining to my question


I am sorry for the confusion vlan 5 exists on the closet floor swi 5 to which my workstation is attached

my ip is in .70 subnet (207.42.70.X ). Closet swi 5 has an SVI of 207.46.70.5 and default route to 207.42.70.1(core 2 SVI)


Core 2 has SVi for vlan 5  as 207.42.70.1 and also has a route to 192.168.202.0 network via Core 4


Q1. The 3750 is hanging off Core4 having ip of 192.168.202.11 which is not reachable thru telnet or ssh


IQ2. s having 2 SVI for the same vlan 5 as mentioned above in core 2 and floor swi5 a good design or should this practice be avoided

Attachment: 
Jon Marshall Wed, 02/10/2010 - 13:27

Apologies but can't read Visio files as i don't have visio - could you save it as a .jpg and post that ?


Jon

Jon Marshall Thu, 02/11/2010 - 04:23

gurkamal01 wrote:



I am sorry for the confusion vlan 5 exists on the closet floor swi 5 to which my workstation is attached

my ip is in .70 subnet (207.42.70.X ). Closet swi 5 has an SVI of 207.46.70.5 and default route to 207.42.70.1(core 2 SVI)


Core 2 has SVi for vlan 5  as 207.42.70.1 and also has a route to 192.168.202.0 network via Core 4


Q1. The 3750 is hanging off Core4 having ip of 192.168.202.11 which is not reachable thru telnet or ssh


IQ2. s having 2 SVI for the same vlan 5 as mentioned above in core 2 and floor swi5 a good design or should this practice be avoided


  Q2 - Not really because the 3750 is acting as a L2 device. You definitely do not want to use the 3750 SVI ip address as a gateway or any devices such as your host. For your host the default-gateway should be the vlan 5 SVI on core 2.


If the 3750 is hanging off core 4 then why is the default-gateway on that 3750 not set to core 4 SVI for that vlan. You say it is pointing to sw6 ?


Can you do a traceroute from


1) your host to the 3750 switch

2) the 3750 switch to your host


The design of your network is not suited to having the same vlan on multiple different switches connecting to different core switches which comes back to the problem you are having in your other thread. Your design effectively isolates vlans to the access-layer and relevant core switch so you are not spanning vlans across all switches. This is fine but then you have to work within those limitations.


Chaining 4 core switches or distribution switches is however a bit "different" and it's not entirely clear what the original design goals were although that is not to say it is a bad design, can't really say without knowing the reasoning behind it.


Jon

gurkamal01 Thu, 02/11/2010 - 10:57

Hi


Thanks


I did a traceroute from 3750 to core 4 (trunk conection) and had no results only 3 stars and it kept on running 5- 6 times.


I tried  a traceroute from core 4 to my PC it just hit core 2  and stopped. It did'nt reach the closet switch of my PC


I am not at the workstaton today so can't perform a traceroute but i did  a traceroute from closet switch  to 3750  and it hitted a core 2 and core 4 and then stopped.


As general practice if closet has an SVI for my PC's  vlan and  the connected core switch also an SVi for same vlan what do i use as my default gateway?? closet SVI or Core SVI


Please advice

gurkamal01 Thu, 02/11/2010 - 02:31

Hi all,


Any advice on this problem

Is ther any info i can provide in order to resolve this problem.



Regards

gurkamal01 Thu, 02/11/2010 - 18:41

Hi


I did a traceroute from 3750 to core 4 (trunk conection) and had no results only 3 stars and it kept on running 5- 6 times.


I tried  a traceroute from core 4 to my PC it just hit core 2  and stopped. It did'nt reach the closet switch of my PC


I am not at the workstaton today so can't perform a traceroute but i did  a traceroute from closet switch  to 3750  and it hitted a core 2 and core 4 and then stopped.


As general practice if closet has an SVI for my PC's  vlan and  the connected core switch also an SVi for same vlan what do i use as my default gateway?? closet SVI or Core SVI

Correct Answer
Jon Marshall Fri, 02/12/2010 - 03:39

gurkamal01 wrote:




As general practice if closet has an SVI for my PC's  vlan and  the connected core switch also an SVi for same vlan what do i use as my default gateway?? closet SVI or Core SVI


With the traceroutes you need to go onto the device where it stopped and work out why it cannot go any further. If in the case of the 3750 the traceroute only produced stars from the start then you need to logon onto the 3750 and work out why it has not route to your host. Is this 3750 acting as a L2 switch ?. If so check it's default-gateway, if it has one because it sounds like it might not.


As for which SVI to use i covered this in the other thread. If the closet switch is L2 then use the core SVI as default-gateway.


Jon

gurkamal01 Fri, 02/12/2010 - 14:08

Hi,



The 3750 was acting as L3 switch  as ip ruting was enabled on it.


I first added a default route to network 202.0 and telnet  worked.


But then i decided to make 3750 a L2 switch so i disabled IP routing which fixed the problem.



Please explain why adding the default route to 202.0 network fixed the telnet issue?

I will really apprecaite any responses


Thanks

Ganesh Hariharan Fri, 02/12/2010 - 23:52

Hi,



The 3750 was acting as L3 switch  as ip ruting was enabled on it.


I first added a default route to network 202.0 and telnet  worked.


But then i decided to make 3750 a L2 switch so i disabled IP routing which fixed the problem.



Please explain why adding the default route to 202.0 network fixed the telnet issue?

I will really apprecaite any responses


Thanks


Hi ,


This is because whenever the  packet comes to 3750 for destination subnet it was not having a route for the destination packet in its routing table so as soon as when you have configured default route to wards the mentioned ip addres then packets are routed to default gateway where it has got the destination network.


Hopr to help


Ganesh.H

Actions

This Discussion