Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Telnet access

Hi Group,

I'm having problems accessing remote switches. Example: In site A, I have three switches--switch1, switch2, switch3--and all are setup with a management interface and a default route. Switch1 has a mgt interface of 10.255.102.1 and the default route is 10.20.102.10, which belongs to the local router. I have a similar setup on switch2 and switch3--10.255.102.2 & 10.255.102.3 are the mgt interfaces with the same default route setup. The router is plugged into switch1. I can access these switches through the first switch only, but I need to access them directly to make changes/update software through mgt software. Below is the code I use to setup the default route. Any thoughts would be appreciated.

I've tried both of the following:

ip default-gateway 10.20.102.1

and

ip route 0.0.0.0 0.0.0.0 10.20.102.1

18 REPLIES

Re: Telnet access

Chris,

All 3 switches are acting as Layer2 switch. Right? If so I would use this command,ip default-gateway 10.20.102.10 . Is IP,10.20.102.10 on the router?

How are they(3 Switches) connecting? Trunk? Access?

Please provide more information.

Toshi

Community Member

Re: Telnet access

Yes, Layer 2. VTP is setup with switch1 being the server. Connected physically with fiber cables. The IP 10.20.102.10 is the router IP. 24-bit mask.

Re: Telnet access

Chris,

Which vlan are you using for managing all switches?

please post SW1's configuration.

Well, all switches should have "ip default-gateway 10.20.102.10"

Edit: Jon made a good point about the IP addresses.

Toshi

Hall of Fame Super Blue

Re: Telnet access

Christopher

If the mask is /24 then the network is 10.20.102.0/24

How can this be the default-gateway for 10.255.102.x addresses ?. What is the subnet mask for this network ie. 10.255.102.x ?

Jon

Community Member

Re: Telnet access

Jon,

The mask is the same: /24. Over the past, year, we've replaced HP switches with Cisco and have added VoIP. The switches were setup by our vendor, so not sure what the logic is on the IP address.

Hall of Fame Super Blue

Re: Telnet access

Okay this is a bit confusing.

If the default-gateway is 10.20.102.10 then you need to give the switches an address from the 10.20.102.x network.

Jon

Hall of Fame Super Blue

Re: Telnet access

Christopher

What is the subnet mask for the 10.255.102.x addresses and the subnet mask for 10.20.102.10 ?

Jon

Community Member

Re: Telnet access

Hi Jon,

The mask is 24-bit.

Chris

Re: Telnet access

Chris,

Please post the configuration on Sw1. Just to make sure that it's acting like L2 switch.

Toshi

Community Member

Re: Telnet access

see attached

Hall of Fame Super Gold

Re: Telnet access

Chris

The config that you posted is helpful. First, most of us have been assuming that we are talking about layer 2 switches. But the config clearly shows that this is a layer 3 switch with IP routing enabled (see the command ip routing).

Since it is layer 3 enabled with routing then the command ip default-gateway is not doing anything (having it does not hurt but it also does not help).

I believe that the issue is that the management address in VLAN 1 is in subnet 10.255.102. And while the switch has several other active VLANs (2, 3, 10, and 172) and while it has several ports configured as trunks, it has no other SVIs (other VLAN interfaces) and so the only subnet that the switch knows about is the 10.255.102 subnet. Therefore the default route of ip route 0.0.0.0 0.0.0.0 10.20.102.10 is not working because the switch has no idea of how to get to the next hop of 10.20.102.10.

Does the router have an interface/subinterface configured for VLAN 1? If so the easy solution would be to change the next hop address in the static route to use the router address in VLAN 1. If that is not possible then I would suggest moving the management address of the switch from VLAN 1 to whatever VLAN is subnet 10.20.102.

Note that the way the switch is working, it is pretty much functioning as a traditional layer 2 switch (having multiple VLANs but only having 1 VLAN interface configured). In that case enabling ip routing does not accomplish much.

HTH

Rick

Re: Telnet access

Chris,

Rick has explained very well. It's a good idea to see how they(routers and switches) are connecting including configuration of them.

5P! for Rick

Toshi

Community Member

Re: Telnet access

Hi Rick,

Wanted to quickly acknowledge your post. I'm going to digest this a bit, but it does bring up other questions. I'll post back later today.

Thanks everybody.

Chris

Community Member

Re: Telnet access

Hi Rick,

Thanks for the response, which has brought up various other questions.

Considering that the switch config that I posted is a VTP client with VLANs 10 & 172 configured on a VTP server (another 3560 with IP routing enabled)

directly connected to this switch, would the management address of VLAN1 effect traffic flow on VLAN 10 & 172? Such as TCP out-of-order, duplicate

acknowledgements and retransmissions? I've seen this quite a bit while running wireshark on switches in a couple locations.

I looked at the router configuration and it does NOT have an interface/subinterface configured for VLAN 1, but it does have the following routing statement:

ip route 10.255.102.0 255.255.255.0 10.20.102.1

I've used the switches at my location as an example. The switches I have problems connecting to are in several other remote locations, but the setup is

similar (and appears to be consistent). In 'my' location, the switch that is configured as the VTP server also has ip routing enabled and it appears that

others do as well. This switch has a lot of information about our network on it, so I'm reluctant to post the whole config, but do want to include necessary

information. Here's the VLAN 1 & VLAN 172 interfaces and some config info on the other switch.

hostname SW00-3560-02

interface Vlan1

description OPS_Switch_Mgmt

ip address 10.255.102.2 255.255.255.0

no ip redirects

!

interface Vlan10

description OPS_Data_Network

ip address 10.20.102.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

!

interface Vlan172

description OPS_Voice_Network

ip address 172.20.102.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

If more info is needed, let me know.

Thanks,

Chris

Hall of Fame Super Gold

Re: Telnet access

Chris

I do not believe that your issue has anything to do with VTP which is concerned with how to learn layer 2 VLAN information. Your issue appears to be a layer 3 issue which is independent of VTP. I also note that you comment about VLANs 10 and 172 in VTP. The switch also has some ports assigned to VLANs 2 and 3. I am not clear whether that is significant or not.

You ask whether the management address of VLAN1 would affect traffic flows of VLANs 10 and 172. I do not see any way that the management address in VLAN 1 could affect traffic flows in VLAN 10 and 172. If there are TCP out of order, duplicate acknowledgement, and retransmissions in those VLANs you need to look for some other cause.

You also tell us that the router does not have any interface/subinterface configured for VLAN 1. The follow up question would then be whether there is any layer 3 device active in VLAN 1 which might be routing from that subnet to other subnets? If there is no other layer 3 device routing for that subnet then this is the crux of your problem.

The route that you mention may have a clue to follow up:

ip route 10.255.102.0 255.255.255.0 10.20.102.1

so what is at 10.20.102.1? Is this perhaps a layer 3 device which could be routing for subnet 10.255.102.0?

I had written this before I looked closely at the switch config in this post. And now I realize that this config gives much of the answer of how you could fix your problem about access to the other switches. Change the default route and the default gateway to use 10.255.102.2 as the next hop. That would at least make the switches reachable from VLAN 10 and 172.

HTH

Rick

Community Member

Re: Telnet access

Thanks Rick. I'm assuming that changing the default route and gateway to use 10.255.102.2 is due to the routing statement ip route 10.255.102.0 255.255.255.0 10.20.102.1. Would that be correct?

Chris

Hall of Fame Super Gold

Re: Telnet access

Chris

My suggestion to change the default route and gateway was not based on the routing statement ip route 10.255.102.0 255.255.255.0 10.20.102.1.

To avoid potential confusion, let me be very specific. I am suggesting that on the switch for which you posted the original complete config (SW00-3560-01) that you change these two statements:

ip default-gateway 10.20.102.10

ip route 0.0.0.0 0.0.0.0 10.20.102.10

and that you make them into:

ip default-gateway 10.255.102.2

ip route 0.0.0.0 0.0.0.0 10.255.102.2

the reason for suggesting this is that the original switch (SW00-3560-01) needs to have these routing statements point to some device that has layer 3 capabilities and that has an active IP address in VLAN 1 and subnet 10.255.102. Your switch SW00-3560-02 fits these criteria. There may be other devices that could also meet these criteria, but this is the one that we know about.

HTH

Rick

Community Member

Re: Telnet access

Thanks again.

185
Views
15
Helpful
18
Replies
CreatePlease to create content