Re: IP Telnet source-interface help please

m-abooali · ‎06-03-2005

Hello,

I am kind of new to the Cisco IOS on the switches and need help with the below question:

I have this switch CAT 3550 and ihvae configured VLAN on it as well as my other swithes. I have given a private IP address (we use private ip addressing) to the VLAN 2 interface and that IP address has become the systems's IP address and I use it for Telent but ssometime when I make changes my telnet session gets disconnected.

I have also created a Loopback interface under the fa0/1 interface whichis the access port for that switch and connects this switch to a CAT 4006, the iP address is :192.168.1.1/24, but this cannot be used for telnet and cannot be pinged.

I wanted to used the following command to give it the Loopback interface for telnetas well but I don't know if I can have two ip addresses on two diffferent interfaces for telnet or not:

ip telnet source-interface

this was under the loopback 0 interface.

Canyou please shed a light on this issue.

Thanks for your help.

Regards,

Masood

Kevin Dorrell · ‎06-03-2005

Masood,

Your switch should respond to telnet on any of the IP addresses you have given it, provided the interface corresponding to the IP address is up. In the case of a loopback interface, it is always up. In the case of a VLAN interface, you have to have at least one switch port active on the VLAN.

However it is quite easy to cut your telnet session off accidentally, because not only must the interface be up, but it must also be reachable from the the PC you are telnetting from. Take a really simple example, if you shut down the port where your PC is connected, then the telnet session will be cut. If you shut down a trunk that is carrying your telnet, the session will hang until STP finds another way to it. If you start an access list on an interface that is carrying the telnet etc.

I'm not sure what you mean by "a Loopback interface under the fa0/1 interface". How is the loopback "under" the Fa interface? Could you post a clip from your config please? If you have put the IP address on a switchport, i.e. a port in layer-2 mode, then it will not work - it will only work if you have no switchport, and then the behaviour of the port is completely different as regards the network.

As for the ip telnet source-interface command, this only affects telnet going out from the box. Normally, if you are on the command line and you telnet to somewhere else, the source of the telnet is the IP address of the outgoing interface, whichever it is. By using the command, you specify the interface to use to determine the source IP address for all telnets. But if the source interface is down, the box goes back to the default behaviour.

Hope this helps.

Kevin Dorrell

Luxembourg

m-abooali · ‎06-03-2005

Thanks for your response. Here is an the config, please advice of what I have done wrong or can be modified.

Device Configuration Viewer

10.1.1.4: Running: Ver 2

Global

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

hostname edgeswitch_3550

enable secret

enable password

username

vlan dot1q tag native

vlan 2

vtp interface fa0/1

vtp domain Name

vtp mode transparent

cluster enable name

spanning-tree extend system-id

monitor session 1 source interface Fa0/13

monitor session 1 destination interface Fa0/2

IP

IP-IP Global

ip subnet-zero

ip routing

ip telnet source-interface Vlan2

ip default-gateway 10.1.1.251

ip classless

ip http server

IP-IP AccessList extended CMP-NAT-ACL

ip access-list extended CMP-NAT-ACL

dynamic Cluster-HSRP deny ip any any

dynamic Cluster-NAT permit ip any any

Interface

Interface-Interface Loopback0

interface Loopback0

ip address 192.168.1.1 255.255.255.0

Interface-Interface FastEthernet0/1

interface FastEthernet0/1

description Connected to CAT-12 switch

switchport access vlan 2

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

no ip address

spanning-tree portfast trunk

Interface-Interface Vlan1

interface Vlan1

no ip address

Interface-Interface Vlan2

interface Vlan2

ip address 10.1.1.4 255.255.255.0

SNMP

snmp-server engineID local 800000090300000BBE046B81

snmp-server community Name RW

snmp-server host 10.1.1.139 255.255.255.0

Line

Line-Line con 0

line con 0

password*****

login

Line-Line vty 0 4

line vty 0 4

password*****

login

Line-Line vty 5 6

line vty 5 6

password*****

login

Line-Line vty 7 14

line vty 7 14

password*****

login

Line-Line vty 15

line vty 15

login

Basically my switch access port is fa0/1 connected to another switch CAT 4006 port 2/1

and VLAN 2 is the VLAN interface they are suppose to communicate. I see the VTP domains in the campus manager of the Ciscoworks.

Thanks,

Masood

Kevin Dorrell · ‎06-04-2005

There are a few comment to be made here.

The first is that I cannot tell from this config whether the F0/1 is acting as a trunk or as an VLAN 2 access port. There is no switchport mode command, so the mode is "auto". This means that it is tha 4006 that will decide whether the link is a trunk or an access. If the 4006 is "auto", which is the default, then there will be no trunk, and only VLAN 2 will pass. If the 4006 is "desirable", then a trunk will be formed, and all the VLANs will pass.

The second thing to notice is that you have the loopback, you have VLAN 2, and you have IP routing, so the two VLANs will communicate. You are trying to get to the loopback interface, but from where? If it is from something on VLAN 2 on the 4006, then you will have to use the 3550's VLAN 2 address as a default gateway, OR at least ensure that the default gateway for VLAN 2 has a route to 192.168.1.1 via 10.1.1.4.

I presume you have a router on 10.1.1.251 that is doing your routing. It seems to me that the complication of making the 192.168.1.1 address reachable is more trouble than it is worth. Unless you are going to use the 3550 as your main router, I would switch off the ip routing and use it as a layer-2 switch, and telnet to it on the VLAN 2 interface. Escpecially as VLAN 2 is your native on the (supposed) trunk.

Kevin Dorrell

Luxembourg

m-abooali · ‎06-04-2005

Thanks. your comments were very useful. I have justtaken over this network and there is a lots of things that need to be addressesd and changed.

Regards,

Masood

m-abooali · ‎06-04-2005

As mentioned earlier, I have just taken over this network and there is a lot to be done. This VLAN 2 have been setup on all the switches but I really don't know why? since the default VLAN, i.e. VLAN 1 would have done the same thing.

I am now trying to create 6 VLANs, each for a specific department but i need a little help in doing so.

I have three CAT 4006 switches, one CAT 3550 (soon to be replaced with two 3560 switch) and a 2948G-TX switch. there is a Router 2621 for the routing and two firewalls for firewall, routing and VPNs between our network and some partners networks.

My question is now is:

what would be a good course of action to start this project goven the devices I listed above? I have also install and configure CiscoWorks LMS and VMS recently that were not there before but i like to use the command line CLI to have these VLANs created and have them talk to each other.

I will appreciate if you guys give me some help sonce this would be the first time I am actualy creating VLANs like this. I have always worked at the ISP/Provider's Backbone network, i.e purely WAN and Internet.

I thank you in advance for your help and support.

I have no problem with the theory behind it and the commands and have a good understanding of what is involved but have not done something like this before and certainly can used some help.

Regards,

Masood