I have done a search for management problems with a 2950 and have read through all of the posted questions and answers.
The problem Im having doesn't appear in what I have searched for so far so I would like to ask if anyone can confirm the following queries I have;
1.On a 2950 with IOS 12.1(9) EA1 can you definatly change the management Interface from VLAN1 to another i.e VLAN10.
2. If the answer to the above is yes can anyone tell me if they have then had problems getting into the management IP address on another VLAN other than 1?
The particular problem I have is I can intially ping and telnet to the switch on the IP address I give it on VLAN10 but after approx 1 hour and 45 minutes I lose my TCP/IP connection. If I console into the switch I see VLAN10 as being UP UP ok and all layer 2 functionality is working fine. However it just affects me being able to see the management assigned IP address. The only solution is to restart or schedule a reload on the switch.
Any pointers appreciated.
You most definately can...
I have had a quick look for bugs and nothing do be found that sounded convincing, howeever do have a look here.
Thanks for your reply. At least I now know that changing the management interface is possible. .
I can't actually access the URL's you posted though due to my profile only being of guest privilige at this time. Like you also say I have looked hard and can find no documentation at all on the particular problem Im having and its a real head scratcher!
I don't suppose you know of any timers to do with TCP/IP that would cause the managment interface to be consistently unavailable after being up and working for 1 hour 45 minutes? I just can't think of anything that would cause this at all.
There is a default logout period on the VTY line's and depending on whether you are serving TCP keepalives might also affect this..
a sh line # might help or a sh tcp vty #, these commands might not be supported but i have not got a device to test it on.
This does not require a login
Thankyou again for your reply. I have seen the URLS's before that you posted but appreciate you taking the time with them. The switch isn't actually enabled as a cluster command switch since its in a cable cabinet on its own so I haven't really looked into the cluster command issues, its not a feature we really need.
I will have a look at the default logout period though I would understand that kicking my telnet session out but I seem to lose complete TCP connection altogether. i.e once my session is kicked out, or after a period of 1 hour 45 minutes without doing anything on the switch I can't ping or telnet to the assigned IP address. I've stripped the switch down to a most basic config so now it just has a management interface, IP address, default gateway and a Dot1q trunk on its gig0/1 interface to a 4000 series catalyst. All layer 2 functionality works without any problems, I remain logged into the network if plugged into a fastethernet port on the switch itself. Im just unable to reach the IP address of the switch until I restart it, then the 1 hour 45 minute countdown begins again!! I've tried with another 2950 which originally was on IOS version 12.1(6)EA2 and I have exactly the same problem. I've never seen anything like it in my many years of installing cisco products and it really has me stumped!! A friend has quite a lot of 2950 in his campus network and we have compared configs and apart from obvious things like IP address he has no problems. The only thing we noted was his management interface is VLAN1 and that is what has an IP address, mine is VLAN10. But from what I have read this should not make a difference as I can bring up VLAN10 as long as VLAN1 is shutdown (which it is).
Well Im going to get back to some more testing but Im begining to think that I have a couple of faulty switches, these are new and the first time I have attempted to install them on our LAN.
Thanks again for your reply, it is much appreciated and useful to know someone is listening!
Do you have any switch ports defined for VLAN 10? If not, perhaps vtp pruning is removing the VLAN from the 2950. How is VLAN 10 getting defined in the 2950?
Thanks for your message. I have switch ports defined in VLAN10 yes, fastethernet ports 1 - 48 are all switchport access VLAN10 configured. They do work ok as I have verified connectivity with my laptop and logging into our windows NT network ok.
We use VTP to maintain a vlan database and the switch is added as a VTP client into our VTP domain. I can verify this as working as the VLAN database and VTP counters and version number are all accurate and up to date. When I reconfigured the switch all VLANS were deleted, I setup the VTP side, plugged the switch back into the network via fibre optic and the VLAN database was copied across from our VTP server again with no problems.
I did check pruning and there are no VLAN's being pruned at all on the trunk interface, its configured to allow all VLAN's as we only have 2 VLANS configured (apart from the standard cisco batch).
I will repeat again, its a very strange one! I really can see nothing wrong. Even when I lose connection to the IP address of the switch, via the console port everything seems ok, no ports blocked, no VLAN interfaces down etc.
The only thing I have noted is that I can ping the switches own IP address when consoled in as if to prove the IP stack is still functioning, however I cannot ping out to any other device on our LAN and no device on our LAN can ping into the switch, until its restarted. It is though exactly 1 hour 45 minutes until it drops off the network, pointing to some timer somewhere but one I cannot find!
The simple solution is u setup your managemnt VLAN to Vlan 1 on 2950 as it is the native vlan on ur 1Gig port on 4000 too. Still you can have your 48 FE ports on 2950 to be on vlan 10.
Try it.You should be able to telnet into it evern after 1hr45min and also after 24hrs too :)
Many thanks for you message and taking the time to read through my post.
You are quite correct in stating that the Native VLAN at both ends of the trunk is VLAN1. I think Im going to have to try what you suggest next.
Im just a bit puzzled as to why I have the problem with the interface up as VLAN10. If I get VLAN1 up as management with the IP address then Its non-standard compared with the rest of our network switches management interfaces which are all in VLAN10. Not a big issue I know but I wanted to try and avoid a mix of slightly different configurations. Not too big a deal though
And if it works for 24 hours or more I will be smiling................!!!!!
I'll try and post back my results - many thanks again
RESULTS - NOT TOO GOOD!!
Well I've tried the obvious configuration and shutdown interface VLAN10 and removed the IP address. I have bought up VLAN1, assigned it the IP address and it has come UP UP with no problem. However I cannot ping the IP address at all now from another LAN device, even after a restart of the switch. This is indeed strange since VLAN1 traffic is permitted on all trunks in our network. However on closer inspection I think I would expect to see the above because on our MSFC card on our 6500 catalyst (router module and all our switches default gateway) , VLAN10 is configured with the 2 x IP subnets (primary and secondary) of our 2 VLAN's we use here on our LAN. So as Im guessing the switch is encapsulating the frame with a VLAN1 i.d now, this would be the reason why Im unable to ping the switch as the VLAN i.d doesn't tie in with the IP range. Would this be correct, is this the expected results?
I guess I could test this by assigning an IP range to VLAN1, putting the interface back into VLAN1 with a relevant IP address from the assigned range and then attempting IP connection.
Thanks for any advice again
As soon as I shutdown VLAN1, assigned the IP address back over to VLAN10 Im able to ping and telnet again no problem.