Re: Catalyst 3560G telnet help

soklamarhy · ‎08-21-2006

I am unable to telnet, ping, or http into a switch. Although I am able to telnet within switch to switch and ping within also.

I've bounced the switch, made sure I hade enable secret, config line vty, login, password.

I dont know what I am missing on this switch. Any suggs?

glen.grant · ‎08-21-2006

could be almost anything , may have to post configs .

soklamarhy · ‎08-21-2006

Current configuration : 7761 bytes

!

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname SWITCHXXX

!

enable secret xxx

enable password xxx

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

ip subnet-zero

ip routing

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

switchport access vlan 36

switchport mode access

spanning-tree portfast

spanning-tree bpdufilter enable

!

interface GigabitEthernet0/2

switchport access vlan 36

switchport mode access

spanning-tree portfast

spanning-tree bpdufilter enable

!

interface GigabitEthernet0/3

switchport access vlan 36

switchport mode access

spanning-tree portfast

spanning-tree bpdufilter enable

..

interface Vlan1

ip address 10.121.X.XXX 255.255.255.0

!

ip classless

ip http server

!

control-plane

!

line con 0

password xxx

login

line vty 0 4

password xxx

login

line vty 5 15

password xxx

login

!

end

Edison Ortiz · ‎08-21-2006

From your partial config, it seems all switchports are placed on VLAN36, however I don't see a SVI with VLAN36 on this switch.

VLAN1 contains the only SVI. You need to create a SVI for VLAN36 and assign an IP within the VLAN36 subnet.

Please rate helpful posts

Thanks

soklamarhy · ‎08-21-2006

What is SVI?

I have the same setup every where else on my network. I have compared this configuration and I even have a second switch connected to this one who is the secondary link and I am able to telnet, ping it.

Edison Ortiz · ‎08-21-2006

SVI = Switch Virtual Interface

You have one created for VLAN1, per your config:

interface Vlan1

ip address 10.121.X.XXX 255.255.255.0

It seems you aren't using VLAN1 SVI anywhere so do the following:

conf t

int vlan 1

shut

int vlan 36

ip address [enter VLAN1 IP here]

exit

you should be able to ping now.

Do this from the switch while connected via console.

mheusinger · ‎08-21-2006

Hi,

SVI means Switched Virtual Interface. The config

interface Vlan1

ip address ...

f.e. is a SVI. It might be a routing issue. Did you define a default gateway in the switch providing you a headache? It might just be, that the switch does not "know" how to send IP packets back to the senders IP (likely not on the same subnet as VLAN1?).

Can you simply check, whether you are able to ping any IP outside the VLAN1 subnet from the switch?

Hope this helps! Please rate all posts.

Regards, Martin

soklamarhy · ‎08-22-2006

I've defined a gateway:

!

interface Vlan1

ip address 10.121.X.XX 255.255.255.0

no ip route-cache

!

ip default-gateway 10.121.X.X

ip classless

ip http server

!

I am still unable to ping it or anyone else from it. BTW: The switch is running fine. Everyone is still connected and operating.

mheusinger · ‎08-22-2006

Hi,

use "ip default-gateway x.x.x.x" and no ip routing to define the gateway IP. The gateway IP must be within the subnet of your switch.

Details for static configuration can be found at "Configuring a Gateway of Last Resort Using IP Commands"

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml

A second option is to enable dynamic routing protocols like RIPv2 or EIGRP.

A third option is to create a separate SVI for each VLAN you have.

Hope this helps! Please rate all posts.

Regards, Martin

Edison Ortiz · ‎08-22-2006

Did you try my suggestion ?

conf t

int vlan 1

shut

int vlan 36

ip address [enter IP that is under VLAN 1 here]

exit

you should be able to ping now.

Do this from the switch while connected via console.

mheusinger · ‎08-22-2006

Hi,

where is your IP routing implemented to get traffic between the different VLANs back and forth? Anyhow, as you have a Layer3 switch it can do the IP routing itself; you can try:

ip routing

interface Vlan1

ip address 10.121.1.1 255.255.255.0

interface Vlan46

ip address 10.121.46.1 255.255.255.0

Adjust IP addresses and VLAN interfaces to your environment.

At the moment I suppose either packets are not reaching the switch, or the way back is not known.

Regards, Martin

soklamarhy · ‎08-22-2006

I'm pretty sure, not 100% but this is a Layer2 switch.

We have our core router routing all IP's.

VLAN 46 is already defined in the core router.

Is it safe to erase running-config and start all over? Is it possible there is something hidden?

sundar.palaniappan · ‎08-22-2006

Hi,

You have 'ip routing' enabled but you aren't routing any user traffic and switch is acting as a mere layer2 switch.

All the users are on vlan 36. Your management vlan appears to be vlan 1. If you want this switch to forward traffic for both VLANs to your core switch then you need to have a trunk connection core switch. It doesn't appear that you have a trunk to your core based on the posting.

Hence, your choices are,

1. create a trunk to core switch - thus forward traffic for both vlan 1 and vlan 36

(or)

2. configure vlan 36 interface in the switch and assign it an IP address from vlan 36 IP range to get IP connectivity to manage this switch.

Hope that helps!

Regards,

Sundar

soklamarhy · ‎08-22-2006

Hi everyone,

thank you for all replying I have found the answer!

I had ip routing in the configuration, as soon as I took that command line out I was able to ping the switch and telnet.

jackyoung · ‎08-22-2006

Do you have a backdoor for the VLAN1 to connect to the router ? e.g. a switch port configured with VLAN 1 and connect to the router. Please advise how VLAN36 can forward the IP w/o require the SVI.... Thx.