Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cannot manage one switch via network

I have three 4506 switches with vlan 4 set as the management vlan. Switch 1 is connected to switch 2 and switch 3.

I can access switch 1 and 2 using telnet from the management vlan and both switches reply to pings. But from switch 1 or 2 I cannot ping or telnet switch 3. If I plug into switch 3 and I can ping and telnet switch 3 but not switches 1 or 2.

It is as if the management vlan 4 is not being passed to/from switch 1 and 3. The configs for the uplinks from switch 1 to 2 and 3 are the same. And the configs for switches 2 and 3 look the same apart from the port settings.

I have over 40 vlans running all that work fine between all the switches.

any ideas??

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cannot manage one switch via network

Well, I'm almost 99.999% sure once that vlan interface comes up, you should be good to go.

What happens if you kill the vlan4 interfac and recreate it and do a 'no shut' ?

28 REPLIES
Bronze

Cannot manage one switch via network

Hi Kevin,

2 things to look at initially...

1) Do a "show vlan id 4" on each switch and check to ensure that the vlan is showing up on all your trunk ports.

2) Go onto each of the 4 switches, and do a "show span vlan 4" and compare the outputs?

They should all report the same Root Bridge, and if  they don't then there's something wrong with your spanning tree config.   There may even be a switching loop somewhere, which you will need to  track down.

Nick

Cannot manage one switch via network

Do a 'show int trunk' on Swtich 3 and make sure the vlan is accepted on the trunk. Also what NicNac suggested, make sure that the vlan is actually on Switch 3. If these are L2 switches only, then you might have to include the 'ip default-gateway x.x.x.x' command in order for you to access this beyond the management vlan if that's something you want to do. But if your goal is just to access from the management vlan then you shouldn't have to worry about doing that, since you will basically be arping for the ip address on the L2 switch anyway.

New Member

Cannot manage one switch via network

Thanks I will get someone to site in the morning to get the results from all the switches - Kevin

New Member

Cannot manage one switch via network

Below are the results. I'm guess it does not work because vlan 4 is missing from the spanning tree on switch 3

Port Vlans in spanning tree forwarding state and not pruned

Po10 8-11,16,19-110,210-279,300-400,410-465

*************************************** SWITCH 1

4507_Dare_01>sh int trunk
Port        Mode             Encapsulation  Status        Native vlan
Gi4/6       on               802.1q         trunking      1
Po10        on               802.1q         trunking      1
Po20        on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi4/6       1-500
Po10        1-500
Po20        1-500

Port        Vlans allowed and active in management domain
Gi4/6       1-110,123,210-279,300-400,410-465
Po10        1-110,123,210-279,300-400,410-465
Po20        1-110,123,210-279,300-400,410-465

Port        Vlans in spanning tree forwarding state and not pruned
Gi4/6       1-110,123,210-279,300-400,410-465
Po10        1-110,123,210-279,300-400,410-465
Po20        1-110,123,210-279,300-400,410-465

4507_Dare_01>sh vlan id 4
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
4    VLAN0004                         active    Gi3/7, Gi3/46, Gi4/6, Gi5/47
                                                Po10, Po20

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
4    enet  100004     1500  -      -      -        -    -        0      0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

4507_Dare_01>sh span vlan 4

VLAN0004
  Spanning tree enabled protocol ieee
  Root ID    Priority    24580
             Address     001a.a1d6.4580
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    24580  (priority 24576 sys-id-ext 4)
             Address     001a.a1d6.4580
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi3/7            Desg FWD 4         128.135  P2p Edge
Gi3/46           Desg FWD 19        128.174  P2p
Gi4/6            Desg FWD 4         128.198  P2p
Gi5/47           Desg FWD 4         128.303  P2p Edge
Po10             Desg FWD 3         128.650  P2p
Po20             Desg FWD 3         128.660  P2p


*************************************** SWITCH 2

4507_Dare_02>sh int trunk
Port        Mode             Encapsulation  Status        Native vlan
Po10        on               802.1q         trunking      1

Port        Vlans allowed on trunk
Po10        1-500

Port        Vlans allowed and active in management domain
Po10        1-110,210-279,300-400,410-465

Port        Vlans in spanning tree forwarding state and not pruned
Po10        1-110,210-279,300-400,410-465

4507_Dare_02>sh vlan id 4

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
4    VLAN0004                         active    Po10

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
4    enet  100004     1500  -      -      -        -    -        0      0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

4507_Dare_02>sh span vlan 4

VLAN0004
  Spanning tree enabled protocol ieee
  Root ID    Priority    24580
             Address     001a.a1d6.4580
             Cost        3
             Port        650 (Port-channel10)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32772  (priority 32768 sys-id-ext 4)
             Address     001a.a18b.ce40
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10             Root FWD 3         128.650  P2p

*************************************** SWITCH 3
4507_Dare_03#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Po10        on               802.1q         trunking      1

Port        Vlans allowed on trunk
Po10        1-500

Port        Vlans allowed and active in management domain
Po10        1-110,210-279,300-400,410-465

Port        Vlans in spanning tree forwarding state and not pruned
Po10        8-11,16,19-110,210-279,300-400,410-465

4507_Dare_03#sh vlan id 4
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
4    VLAN0004                         active    Gi6/1, Po10

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
4    enet  100004     1500  -      -      -        -    -        0      0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

4507_Dare_03#sh span vlan 4
VLAN0004
  Spanning tree enabled protocol ieee
  Root ID    Priority    24580
             Address     001a.a1d6.4580
             Cost        3
             Port        650 (Port-channel10)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32772  (priority 32768 sys-id-ext 4)
             Address     001a.a1d6.45c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10             Root FWD 3         128.650  P2p

Cannot manage one switch via network

Port        Vlans in spanning tree forwarding state and not pruned
Po10        8-11,16,19-110,210-279,300-400,410-465

This is under Switch 3, it appears that vlan4 is not allowed across the trunk. It looks like

you need to manually map it.

New Member

Cannot manage one switch via network

The running config for the truck is below which I guess shows that all vlans 1-500 are allowed over the trunk ?

interface Port-channel10

description Etherchannel Link to Comms Room Floor4507 ports 1/1 & 2/1

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-500

switchport mode trunk

!

interface GigabitEthernet1/1

description Link to Comms Room port 1/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-500

switchport mode trunk

channel-group 10 mode desirable

!

interface GigabitEthernet1/2

shutdown

!

interface GigabitEthernet2/1

description Link to Comms Room port 2/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-500

switchport mode trunk

channel-group 10 mode desirable

!

interface Port-channel10

description Etherchannel Link to Comms Room Floor4507 ports 1/1 & 2/1

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-500

switchport mode trunk

!

interface GigabitEthernet1/1

description Link to Comms Room port 1/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-500

switchport mode trunk

channel-group 10 mode desirable

!

interface GigabitEthernet1/2

shutdown

!

interface GigabitEthernet2/1

description Link to Comms Room port 2/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-500

switchport mode trunk

channel-group 10 mode desirable

!

Cannot manage one switch via network

Are you running VTP by any chance? It looks like vlan 4 is being pruned.

Bronze

Re: Cannot manage one switch via network

Yep, you've got it...

Switch off VLAN pruning on switch 3 to test.

New Member

Cannot manage one switch via network

Thanks, I'll check monday morning, I've checked switch 1 and 2 and pruning is off. Have a good weekend.

Cannot manage one switch via network

To make the issue easier, can you post/attach the config of the switches?

New Member

Re: Cannot manage one switch via network

I've checked the switch and pruning is switched off ?

Hall of Fame Super Gold

Cannot manage one switch via network

Sounds like the management interface of Switch 3 has the wrong subnet mask.

Purple

Re: Cannot manage one switch via network

  Does switch 3 have a default gateway defined for vlan 4 or a default static route for vlan 4 if you have ip routing turned on for switch 3 ?  Who is doing the routing for vlan 4 , the mgt vlan ?

Cannot manage one switch via network

From looking at the following it doesn't appear that vlan 4 is allowed on the trunk link from Switch 3 to Switch 1.

Port          Vlans in spanning tree forwarding state and not prund

po10         8-11,16,19-110,210-279,300-400,410,465

New Member

Re: Cannot manage one switch via network

If I show the trunk settings I get the following, which if I'm correct shows vlan 4 in the allowed but not on the spanning tree.

4507_Dare_03#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Po10        on               802.1q         trunking      1

Port        Vlans allowed on trunk
Po10        1-500

Port        Vlans allowed and active in management domain
Po10        1-110,210-279,300-400,410-465

Port        Vlans in spanning tree forwarding state and not pruned
Po10        8-11,16,19-110,210-279,300-400,410-465

Re: Cannot manage one switch via network

Are there any ports in vlan4 besides the vlan interface if there is on on Switch 3?

Re: Cannot manage one switch via network

It's allowed on the trunk, it's just not going to go across the trunk, because there are no ports with vlan 4 assigned to it.

Switch 3 will not get broadcasts or multicats for vlan4.

New Member

Re: Cannot manage one switch via network

Yes, as I thought at first it was an tcp/ip issue, so I set a port on vlan 4 and I can ping/telnet the switch from this port, if I manually set an ip address on the pc.

New Member

Re: Cannot manage one switch via network

If I do a show int I get, is this correct ?

Vlan4 is down, line protocol is down

  Hardware is Ethernet SVI, address is 001a.a1d6.45ff (bia 001a.a1d6.45ff)

  Description: Management_VLAN

  Internet address is 172.25.254.3/24

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 2w5d, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

  L3 in Switched: ucast: 55 pkt, 2359 bytes - mcast: 0 pkt, 0 bytes

  L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes

     587 packets input, 56563 bytes, 0 no buffer

     Received 532 broadcasts (48 IP multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     77 packets output, 5538 bytes, 0 underruns

     0 output errors, 1 interface resets

     0 output buffer failures, 0 output buffers swapped out

But on switch 2 that is working I get

Vlan4 is up, line protocol is up

  Hardware is Ethernet SVI, address is 001a.a18b.ce7f (bia 001a.a18b.ce7f)

  Description: Management_VLAN

  Internet address is 172.25.254.2/24

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

  L3 in Switched: ucast: 837226 pkt, 61024700 bytes - mcast: 0 pkt, 0 bytes

  L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes

     5265830 packets input, 694497826 bytes, 0 no buffer

     Received 4428604 broadcasts (597 IP multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     831605 packets output, 78038957 bytes, 0 underruns

     0 output errors, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

Re: Cannot manage one switch via network

Try to do a 'no shut' on vlan 4. As long as vlan 4 is actually created locally or discovered via VTP, then that should be good.

New Member

Re: Cannot manage one switch via network

just tried no shut on vlan 4 and no joy.

Re: Cannot manage one switch via network

Is vlan4 still shown as down? Can u verify that vlan 4 is created again and a port is assigned to it.

Does the vlan4 int have an ip assign?

New Member

Re: Cannot manage one switch via network

Yes vlan 4 is still down and down (note there is nothing in int 6/1)

Below parts of the config

vlan 2-9

!

vlan 10

  private-vlan primary

  private-vlan association 11-110

!

interface GigabitEthernet6/1

description MgtNetwork

switchport access vlan 4

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

!

interface Vlan4

description Management_VLAN

ip address 172.25.254.3 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 172.25.254.1

ip http server

ip http access-class 10

ip http authentication local

no ip http secure-server

!

Re: Cannot manage one switch via network

Well, I'm almost 99.999% sure once that vlan interface comes up, you should be good to go.

What happens if you kill the vlan4 interfac and recreate it and do a 'no shut' ?

New Member

Re: Cannot manage one switch via network

I'm not sure what is the best way to kill a vlan ?

New Member

Re: Cannot manage one switch via network

Found the commands.

And the vlan has come back up/up and has been added to the trunk. All is well. Thanks you very much this one has been a pain for ages.

Kevin

Cannot manage one switch via network

So I am curious, what fixed it (if the sh/no sh didnt)?

New Member

Re: Cannot manage one switch via network

I did (or there abouts)

conf t

no vlan 4

end

wr mem

conf t

vlan 4

no shut

end

wr mem

then pinged the switch from switch 1 and it replied.

Kevin

726
Views
0
Helpful
28
Replies
CreatePlease to create content