Telnet/SSH Cisco SG350-28 issues

gmcclain63 · ‎04-09-2019

I have a Cisco SG350-28 switch I have configured, It's the 2nd switch in line of my route switch. I used to have connectivity to it until a 3rd party installed a new piece of equipment on my VLAN.

I can ping the switch (10.2.3.3) through my firewall and through the route switch at the remote location. I have access to the route switch(10.2.3.2) via SSL, telnet, and SSH. However when I attempt to access the 10.2.3.3 switch, it get a connection time out via telnet and SSH. I also get no site available via SSL. However, if I go on site, I can access all services from within the physical realm of the VLAN just not remotely.

My firewall rules dictate I have access to the entire 10.2.3.x subnet and it's held true aside for this single switch.

Originally I thought it was an IP confliction with the new devices, but all of my clients have internet connections and can access everything they need that are on this switch within the same VLAN. I'm not quite understanding what could cause this. Any ideas? I'm just lost on how it worked until just recently, now I have no access to this switch unless I go to the physical location and either use a computer on site or serial into the switch.

My running-config

config-file-header
A Terminal
v2.1.0.60 / RTESLA2.1_810_055_058
CLI v1.0
set system
file SSD indicator excluded
@
vlan database
vlan 200-201,300,402-404
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname A Terminal
snmp-server location "A Terminal Building"
ip domain name domain.local
ip telnet server
!
interface vlan 1
 no ip address dhcp
!
interface vlan 403
 ip address 10.2.3.3 255.255.255.0
!
interface gigabitethernet1
 description "A - Access Port | VLAN 403"
 switchport access vlan 403
!
interface gigabitethernet2
 description "A - Access Port | VLAN 403"
 switchport access vlan 403
!
interface gigabitethernet3
 description "A - Access Port | VLAN 403"
 switchport access vlan 403
!
interface gigabitethernet4
 description "A - Access Port | VLAN 403"
 switchport access vlan 403
!
interface gigabitethernet5
 description "A - Access Port | VLAN 403"
 switchport access vlan 403
!
interface gigabitethernet6
 description "A - Access Port | VLAN 403"
 switchport access vlan 403
!
interface gigabitethernet8
 switchport access vlan 403
!
interface gigabitethernet10
 switchport access vlan 200
!
interface gigabitethernet12
 description "D Switch - Trunk Port | ALL VLANS"
 spanning-tree link-type point-to-point
 switchport mode trunk
 macro description switch
 !next command is internal.
 macro auto smartport dynamic_type switch
!
interface gigabitethernet24
 description "E Building - Trunk Port | ALL VLANS"
 spanning-tree link-type point-to-point
 switchport mode trunk
 macro description switch
 !next command is internal.
 macro auto smartport dynamic_type switch
!
exit
ip default-gateway 10.2.3.1

JHille · ‎04-09-2019

If you're able to reach your equipment locally, then the issue with connecting remotely may have to do with VLANs. The 10.2.3.3 switch seems to only be accessible with devices on switchports set to Access VLAN 403 as this is the VLAN with the set IP address 10.2.3.3. It might be wise to truncate a port on 10.2.3.3 for VLAN 1 untagged and VLAN 403 tagged and on the 10.2.3.2 switchport that 10.2.3.3 is uplinked to should also be truncated VLAN 1 untagged and VLAN 403 tagged. Link aggregation may also serve to resolve this, as well.