ā11-15-2018 02:52 AM - edited ā03-05-2019 11:03 AM
Hi all!
I have multiple 2960's and connected their dedicated management port to a switch (2960X) for easier access.
Each management port on the 2960's have a IP in the 10.32.3.0/24 network.
I'm able to connect to all the management ports via SSH from a operations client (other VLAN).
Currently I have the issue that I can't connect to the management port of the switch where all the management ports are connected to.
The management port of the switch (10.32.3.16) is connected to the switch itself.
However I can't SSH into this management port.
I've a included a small mock-up of the network infrastructure below
ā11-15-2018 04:02 AM
ā11-15-2018 05:07 AM
I did not set access-lists yet, I need to create one?
ā11-15-2018 05:13 AM
ā11-15-2018 06:12 AM
ā11-15-2018 06:25 AM
If it is ok please put core switch and the switch here , i hope can help in that way
ā11-15-2018 06:33 AM
ā11-15-2018 07:42 AM
ā11-15-2018 08:16 AM
Running config from the Core:
version 16.6 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption no platform punt-keepalive disable-kernel-core ! hostname SERVER ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! no aaa new-model switch 1 provision ws-c3850-24p switch 2 provision ws-c3850-24p ! ip routing ! ip domain name *.corp ! cpp system-default ! diagnostic bootup level minimal spanning-tree mode rapid-pvst spanning-tree extend system-id ! username admin privilege 15 password 7 ****************** ! redundancy mode sso ! interface Port-channel1 description PFSense Master LACP switchport mode trunk ! interface Port-channel2 description DHCP-Server LACP switchport mode access ! interface Port-channel3 description PFSense Slave LAPC switchport mode trunk ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf ip address 10.32.3.11 255.255.255.0 speed 1000 negotiation auto ! interface GigabitEthernet1/0/1 switchport access vlan 22 switchport mode access ! interface GigabitEthernet1/0/2 switchport mode trunk ! interface GigabitEthernet1/0/9 switchport mode access channel-group 2 mode active ! interface GigabitEthernet1/0/23 switchport access vlan 21 switchport mode access ! interface GigabitEthernet1/1/1 switchport mode trunk channel-group 1 mode active ! interface GigabitEthernet1/1/2 switchport mode trunk channel-group 3 mode active ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet2/0/1 switchport access vlan 21 switchport mode access ! interface GigabitEthernet2/0/2 switchport mode trunk ! interface GigabitEthernet2/0/9 switchport mode access channel-group 2 mode active ! interface GigabitEthernet2/1/1 switchport mode trunk channel-group 1 mode active ! interface GigabitEthernet2/1/2 switchport mode trunk channel-group 3 mode active ! interface Vlan1 description SERVER no ip address ! interface Vlan21 description MANAGEMENT no ip address ! interface Vlan22 description OPERATIONS no ip address ! interface Vlan68 description Alarm VLAN no ip address ! interface Vlan900 description VoIP VLAN no ip address ! ip default-gateway 10.32.1.1 ip forward-protocol nd ip http server ip http authentication local no ip http secure-server ip http secure-client-auth ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.32.3.1 ip ssh version 2 ! control-plane service-policy input system-cpp-policy ! line con 0 privilege level 15 stopbits 1 line aux 0 stopbits 1 line vty 0 4 privilege level 15 login local transport input ssh line vty 5 15 privilege level 15 login local transport input ssh ! ! wsma agent exec ! wsma agent config ! wsma agent filesys ! wsma agent notify ! ! end
Running config from the Switch:
version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SWITCH ! boot-start-marker boot-end-marker ! enable secret 5 *********************** enable password ********************** ! username admin privilege 15 password 0 *********************** username web privilege 15 password 0 ************************* aaa new-model ! aaa session-id common switch 1 provision ws-c2960x-24ts-l ip routing ! ip domain-name *.corp ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0 ip address 10.32.3.16 255.255.255.0 no ip route-cache ! interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/0/3 ! interface GigabitEthernet1/0/4 ! interface GigabitEthernet1/0/5 ! interface GigabitEthernet1/0/6 ! interface GigabitEthernet1/0/7 ! interface GigabitEthernet1/0/8 ! interface GigabitEthernet1/0/9 ! interface GigabitEthernet1/0/10 ! interface GigabitEthernet1/0/11 ! interface GigabitEthernet1/0/12 ! interface GigabitEthernet1/0/13 ! interface GigabitEthernet1/0/14 ! interface GigabitEthernet1/0/15 ! interface GigabitEthernet1/0/16 ! interface GigabitEthernet1/0/17 ! interface GigabitEthernet1/0/18 ! interface GigabitEthernet1/0/19 ! interface GigabitEthernet1/0/20 ! interface GigabitEthernet1/0/21 ! interface GigabitEthernet1/0/22 ! interface GigabitEthernet1/0/23 ! interface GigabitEthernet1/0/24 ! interface GigabitEthernet1/0/25 ! interface GigabitEthernet1/0/26 ! interface GigabitEthernet1/0/27 ! interface GigabitEthernet1/0/28 ! interface Vlan1 no ip address ! ip default-gateway 10.32.3.1 ip http server ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.32.3.1 ! no vstack ! line con 0 line vty 0 4 privilege level 15 transport input telnet ssh line vty 5 15 privilege level 15 transport input telnet ssh ! ntp server pool.ntp.org ! pnp profile pnp_cco_profile transport https host devicehelper.cisco.com port 443 end
ā11-15-2018 10:24 AM - edited ā11-15-2018 10:29 AM
Hi again , does your int gig0/0 on core connect to fastethernet 0 , doesn't it? if the answer is yes , i think the problem is because of vrf , you put vrf on one side
if the answer is no , please tell me from which port you need to reach to the destination
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.32.3.11 255.255.255.0
speed 1000
negotiation auto
!
interface FastEthernet0
ip address 10.32.3.16 255.255.255.0
ā11-16-2018 01:20 AM
Port Gi0/0 (10.32.3.11) from the core connects to port a port on the "Switch" eg. Gi1/0/3
Port Fa0 (10.32.3.16) from the "Switch" connects to a port on the "Switch" eg. Gi1/0/7
The "Switch" has an direct uplink to the PFSense on port Gi1/0/24
ā11-16-2018 09:36 AM - edited ā11-16-2018 09:40 AM
Hi , do you config vrf on both side ? another thing in your line vty config where is login local?
ā11-16-2018 09:56 AM
ā11-19-2018 01:33 AM
ā11-19-2018 05:07 AM
L01_01(config)#arp ?
A.B.C.D IP address of ARP entry
vrf Configure static ARP for a VPN Routing/Forwarding instance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide