Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can't access the C2950 by IP address

Dear All

With the following config I can't access the switch by IP. Even I can't ping it by the console!

The IP address is 10.10.50.132

Configuration

Using 3219 out of 32768 bytes

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service sequence-numbers

hostname C2950_1

enable secret 5 XXXXXXXXXXXXXXXXXx.

enable password XXXX

ip subnet-zero

no ip finger

interface FastEthernet0/1

switchport access vlan 2

spanning-tree portfast

!

!

interface FastEthernet0/20

switchport access vlan 2

spanning-tree portfast

!

interface FastEthernet0/21

switchport access vlan 2

spanning-tree portfast

!

interface FastEthernet0/22

switchport access vlan 2

spanning-tree portfast

!

interface FastEthernet0/23

switchport trunk native vlan 2

switchport mode trunk

duplex full

speed 100

!

interface FastEthernet0/24

switchport trunk native vlan 2

switchport mode trunk

duplex full

speed 100

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan2

no ip address

no ip route-cache

shutdown

!

interface Vlan4

ip address 10.10.50.132 255.255.255.0

no ip route-cache

!

ip default-gateway 10.10.50.254

ip http server

snmp-server engineID local 0000000902000009B7DD6300

snmp-server community private RW

snmp-server community public RO

snmp-server location XServer Room

snmp-server contact Ann

snmp-server enable traps snmp authentication linkdown linkup coldstart

snmp-server enable traps config

snmp-server enable traps syslog

snmp-server enable traps entity

snmp-server enable traps rtr

snmp-server enable traps c2900

snmp-server enable traps vtp

snmp-server enable traps MAC-Notification

snmp-server enable traps hsrp

snmp-server enable traps cluster

snmp-server host 10.10.50.101 private config entity cluster snmp

!

line con 0

exec-timeout 0 0

transport input none

stopbits 1

line vty 0 4

password XXXX

login

line vty 5 15

password XXXX

login

!

end

IOS 12.1(6)EA2c

Thanks in advance

MPaiva

14 REPLIES
Silver

Re: Can't access the C2950 by IP address

you have no ports that are in vlan 4 you need to assign the port that connects to your default gateway to vlan 4

New Member

Re: Can't access the C2950 by IP address

How can I do want you are proposing?

Thank you in advance

MPaiva

Cisco Employee

Re: Can't access the C2950 by IP address

Since you have trunk configured on fastethernet23 and 24, you dont neccessarily have to have a port in VLAN 4.

Is your interface fastethernet 23/24 up and up? Is it trunking? Is interface VLAN 4 up/up? Do a sh ip interface brief. Also make sure you have VLAN4 in the vlan database. If not, create VLAN 4 in the VLAN database.

cs-c2950g-48-20a#vlan database

cs-c2950g-48-20a(vlan)#vtp transparent

Setting device to VTP TRANSPARENT mode.

cs-c2950g-48-20a(vlan)#vlan 4

VLAN 4 added:

Name: VLAN0004

cs-c2950g-48-20a(vlan)#exit

APPLY completed.

Exiting....

cs-c2950g-48-20a#

New Member

Re: Can't access the C2950 by IP address

Ok!

My fa23 and fa 24 are up. Yes they are trunking to a C3500XL.

I have the vlans in transparent mode, and vlan4 is created

the sh ip int vlan4 display the following:

Vlan4 is up, line protocol is down

Internet address is 10.10.50.132/24

Broadcast address is 255.255.255.255

Address determined by non-volatile memory

.....

I can't access to the switch from a telnet session , and from the console it doesn't do an ping to it self.

Thank you for your help

MP

Cisco Employee

Re: Can't access the C2950 by IP address

Interface VLAN 4 being down is the problem. can you paste the output of "show vlan 4" and "show interfaces fastEthernet 0/23 trunk"? Just want to make sure VLAN 4 is being propagated across the trunk. Check to see if VLAN 4 is being pruned on the 3500XL switch. ALso use the keyword "management" under interface VLAN 4 and see if it makes any difference

config terminal

interface VLAN4

management

no shut

end

write mem

New Member

Re: Can't access the C2950 by IP address

Hi, the keyword "management" is not accepted by the switch!

I do think that's the problem, the c2950 ios 12.1(6) doesn't accept that the managment vlan is other than the vlan1 (default)?!

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/23, Fa0/24

2 vvoice active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8 ......

Fa0/21, Fa0/22

3 vdata active

4 vgest active

c2950_32(vlan)#sh

VLAN ISL Id: 1

Name: default

Media Type: Ethernet

VLAN 802.10 Id: 1

State: Operational

MTU: 1500

Translational Bridged VLAN: 1002

Translational Bridged VLAN: 1003

VLAN ISL Id: 2

Name: vvoice

Media Type: Ethernet

VLAN 802.10 Id: 2

State: Operational

MTU: 1500

VLAN ISL Id: 3

Name: vdata

Media Type: Ethernet

VLAN 802.10 Id: 3

State: Operational

MTU: 1500

VLAN ISL Id: 4

Name: vgest

Media Type: Ethernet

VLAN 802.10 Id: 4

State: Operational

MTU: 1500

Thank you by your help

MP

Silver

Re: Can't access the C2950 by IP address

you may need to configure f0/23 & 24 to allow for vlan 4 over the trunk

New Member

Re: Can't access the C2950 by IP address

My problem is not the fo/23 & 24, but is more low level, I think I have a problem in the IP protocol stack, because through the console I can't do a simple ping to the interface that is assign

C2950_32#ping 10.10.50.132

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.50.132, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

C2950_32#

Thank you for your help

Silver

Re: Can't access the C2950 by IP address

try to allow vlan 4 across the trunk. You have to add this to the trunk on each side of the trunk.

f0/23

switchport trunk allowed vlan 2,4

f0/24

switchport trunk allowed vlan 2,4

New Member

Re: Can't access the C2950 by IP address

This IOS version doesn't let us to use your commands.

Thank you very much

New Member

Re: Can't access the C2950 by IP address

Man, what a mess.

There are a couple of things wrong here.

Typically if you are going to be doing multiple VLANs on one switch you will want to be running 802.1q or ISL. I recommend dot1Q because ISL is Cisco specific and you just never know- plus I have configured dot1q before.

First thing I would do, if you have concerns about the IP stack, is to change everything back to VLAN 1 and ping the address there. Forget about all the VLAN stuff and get back to the default config, put a basic config on it and then ping it. Then, once you ping, you know your IP stack is just fine.

Second thing is that you will need to configure some kind of VLAN trunking protocol on the switch. Like I said, dot1q is the way to go and I can help with that if you need it. We have switches configured with it right now and I can send those configs your way.

Finally, one of the tricks that I found in the latest IOS is that Cisco has made you configure Clustering on your switch in order to change management VLANs. I know, it makes no sense to me either.

Here is the current config of the switch:

Current configuration : 3844 bytes

!

version 12.1

no service pad

service timestamps debug datetime msec localtime

service timestamps log datetime localtime

service password-encryption

!

hostname itduser02

!

no logging console

enable secret 5 $1$Oukn$6xv0qRHqxM6E1feqdmIRT.

enable password 7 011D09145A1815182E5E4A

!

ip subnet-zero

no ip finger

ip domain-name lalalala

ip name-server 172.25.4.8

cluster enable itduser02 0

!

!

!

interface FastEthernet0/1

switchport access vlan 20

skipping interfaces here to save characters

interface FastEthernet0/47

switchport access vlan 20

!

interface FastEthernet0/48

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan20

ip address 172.30.17.210 255.255.255.0

no ip route-cache

!

ip default-gateway 172.30.17.200

!

ip access-list extended CMP-NAT-ACL

We had to set cluster enable to allow us to change the management VLAN to VLAN20. You will need a FastEthernet Port on your router to configure subinterfaces in order to make this all work.

Please feel free to email me with questions. Slow day here today! fraaschjm@co.monterey.ca.us

New Member

Re: Can't access the C2950 by IP address

Thanks for your help

I did manage to solve the problem. I didn't know that a needed to create an int for having a different managment vlan

with the following conf I do have access to the sw and it works ok

!

interface FastEthernet0/22

switchport access vlan 4 - this is the managment vlan

no ip address

and

interface Vlan4

ip address 10.10.50.132 255.255.255.0 - ip address of the managment vlan

no ip route-cache

the others int have this conf

interface FastEthernet0/21

switchport access vlan 2

no ip address

spanning-tree portfast

!

Thanks again for your help

MPaiva

Silver

Re: Can't access the C2950 by IP address

Sorry I supplied the wrong syntax, but I think that you need to allow vlan 4 to be allowed over the trunk

New Member

Re: Can't access the C2950 by IP address

Thanks for your help

I did manage to solve the problem. I didn't know that a needed to create an int for having a different managment vlan

with the following conf I do have access to the sw and it works ok

!

interface FastEthernet0/22

switchport access vlan 4 - this is the managment vlan

no ip address

and

interface Vlan4

ip address 10.10.50.132 255.255.255.0 - ip address of the managment vlan

no ip route-cache

the others int have this conf

interface FastEthernet0/21

switchport access vlan 2

no ip address

spanning-tree portfast

!

Thanks again for your help

MPaiva

473
Views
0
Helpful
14
Replies