04-09-2019 08:42 AM
I have a Cisco SG350-28 switch I have configured, It's the 2nd switch in line of my route switch. I used to have connectivity to it until a 3rd party installed a new piece of equipment on my VLAN.
I can ping the switch (10.2.3.3) through my firewall and through the route switch at the remote location. I have access to the route switch(10.2.3.2) via SSL, telnet, and SSH. However when I attempt to access the 10.2.3.3 switch, it get a connection time out via telnet and SSH. I also get no site available via SSL. However, if I go on site, I can access all services from within the physical realm of the VLAN just not remotely.
My firewall rules dictate I have access to the entire 10.2.3.x subnet and it's held true aside for this single switch.
Originally I thought it was an IP confliction with the new devices, but all of my clients have internet connections and can access everything they need that are on this switch within the same VLAN. I'm not quite understanding what could cause this. Any ideas? I'm just lost on how it worked until just recently, now I have no access to this switch unless I go to the physical location and either use a computer on site or serial into the switch.
My running-config
config-file-header A Terminal v2.1.0.60 / RTESLA2.1_810_055_058 CLI v1.0 set system file SSD indicator excluded @ vlan database vlan 200-201,300,402-404 exit voice vlan oui-table add 0001e3 Siemens_AG_phone________ voice vlan oui-table add 00036b Cisco_phone_____________ voice vlan oui-table add 00096e Avaya___________________ voice vlan oui-table add 000fe2 H3C_Aolynk______________ voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone voice vlan oui-table add 00d01e Pingtel_phone___________ voice vlan oui-table add 00e075 Polycom/Veritel_phone___ voice vlan oui-table add 00e0bb 3Com_phone______________ bonjour interface range vlan 1 hostname A Terminal snmp-server location "A Terminal Building" ip domain name domain.local ip telnet server ! interface vlan 1 no ip address dhcp ! interface vlan 403 ip address 10.2.3.3 255.255.255.0 ! interface gigabitethernet1 description "A - Access Port | VLAN 403" switchport access vlan 403 ! interface gigabitethernet2 description "A - Access Port | VLAN 403" switchport access vlan 403 ! interface gigabitethernet3 description "A - Access Port | VLAN 403" switchport access vlan 403 ! interface gigabitethernet4 description "A - Access Port | VLAN 403" switchport access vlan 403 ! interface gigabitethernet5 description "A - Access Port | VLAN 403" switchport access vlan 403 ! interface gigabitethernet6 description "A - Access Port | VLAN 403" switchport access vlan 403 ! interface gigabitethernet8 switchport access vlan 403 ! interface gigabitethernet10 switchport access vlan 200 ! interface gigabitethernet12 description "D Switch - Trunk Port | ALL VLANS" spanning-tree link-type point-to-point switchport mode trunk macro description switch !next command is internal. macro auto smartport dynamic_type switch ! interface gigabitethernet24 description "E Building - Trunk Port | ALL VLANS" spanning-tree link-type point-to-point switchport mode trunk macro description switch !next command is internal. macro auto smartport dynamic_type switch ! exit ip default-gateway 10.2.3.1
04-09-2019 11:30 AM
If you're able to reach your equipment locally, then the issue with connecting remotely may have to do with VLANs. The 10.2.3.3 switch seems to only be accessible with devices on switchports set to Access VLAN 403 as this is the VLAN with the set IP address 10.2.3.3. It might be wise to truncate a port on 10.2.3.3 for VLAN 1 untagged and VLAN 403 tagged and on the 10.2.3.2 switchport that 10.2.3.3 is uplinked to should also be truncated VLAN 1 untagged and VLAN 403 tagged. Link aggregation may also serve to resolve this, as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide