Remote management of Cisco 4948 Switches

rjrii · ‎01-09-2009

What is the easiest way of putting an IP on my 4948s so that I can manage them over the network remotely. Here's my setup:

Switch A - 6509, vtp server, contains all vlan interfaces for all vlans.

Switch B - 4948, vtp client, trunked to switch A and Switch C, no configured vlan interfaces (with the exception of the default vlan 1 with no ip address)

Switch C - Cisco 4948, vtp client, trunked to switch A and B, same config as switch B.

I can easily manage my 6509 because all of my vlan interfaces are there and I can just telnet to one of them. Should I create a vlan interface on Switch B and C to do the same?

Jon Marshall · ‎01-09-2009

Randy

"Should I create a vlan interface on Switch B and C to do the same?"

Yes. Cisco recommendation is to use a dedicated vlan for managing devices ie. not vlan 1, not the native vlan and not any vlan that is used for servers/clients.

1) Create a vlan for management on the 6500.

2) Create a Layer 3 SVI interface on the 6500 for this vlan.

2) Create a L3 SVI for this vlan on each 4948 switch and then set the ip default-gateway on each 4948 switch to be the ip address on the 6500 L3 SVI of the management vlan.

Jon

rjrii · ‎01-09-2009

Ok, so I created vlan 92 on my 6500 and created vlan interface 92 on the 6500 as well with an IP of 192.168.92.252 255.255.255.0

I then created vlan interface 92 on each 4948 switch giving switch b the ip 192.168.92.251 and switch c the ip 192.168.92.250. I then set the ip default-gateway on both switch b and c to 192.168.92.252. The results were:

- All switches can see one another

- The rest of my network can see 192.168.92.252 on the 6500 but cannot see 192.168.92.251 or 92.250.

- I can use 192.168.92.252 as my point of entry for access to switch b and c - but is this the expected result or should the rest of my devices on the network be able to see the IPs setup on switches B and C as well?

Jon Marshall · ‎01-09-2009

No, the rest of your network should be able to see this network as well.

Are you advertising 192.168.252.0/24 into your routing protocol so remote networks know how to get to it ?

Jon

rjrii · ‎01-09-2009

well, my 6509 performs the route advertisment and if I do a show ip route, it defintely shows the 192.168.92.0/24 network being advertised to the rest of the network. (see below)

SwitchA-6509#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.26.1 to network 0.0.0.0

C 192.168.25.0/24 is directly connected, Vlan25

C 192.168.24.0/24 is directly connected, Vlan24

C 192.168.92.0/24 is directly connected, Vlan92

C 192.168.26.0/24 is directly connected, Vlan26

C 192.168.21.0/24 is directly connected, Vlan21

S 10.0.0.0/8 [1/0] via 192.168.26.1

C 192.168.23.0/24 is directly connected, Vlan23

C 192.168.22.0/24 is directly connected, Vlan22

S* 0.0.0.0/0 [1/0] via 192.168.26.1

Jon Marshall · ‎01-09-2009

Okay, so are all the remote networks connected to the 6500 switch ?

Can you

1) post output of "sh ip route" off one of the 4948 switches

2) From a remote address can you traceoute to 192.168.92.250 and 251 ?

What is the IP address you are using to try and connect from ?

Jon