cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


197
Views
0
Helpful
1
Replies
Highlighted
Beginner

SGE2000 (Layer 3 Mode/Stack) - Assigning IP address to VLAN renders device inaccessible

I have two SGE2000 switches - one PoE, one not - in a stack configured for Layer 3 mode. On the stack, I have a VLAN (5) configured and tagged for all ports on both switches. I want to assign an IP address to the VLAN interface that I can use for routing traffic appropriately for my VoIP phone system to replace the two ancient HP ProCurve 10/100 switches that our phone vendor installed, but when I try to assign the desired (or, really, any) IP address in the VLAN's address range, the entire stack becomes totally inaccessible, whether through WebUI, Telnet, SSH, or even PING. If I assign an IP address to the VLAN, I have to then completely power cycle the switch - I usually power cycle both switches in the stack, just to be sure - to once again gain access to it via the default LAN IP address, and it, of course, loses the configuration changes I attempted to make.

I've tried a variety of things to try to make this work, including:

  • Assign the IP to VLAN 5 via the WebUI
  • Assign the IP to VLAN 5 via the console (Telnet)
  • Assign the IP to VLAN 5 via the CLI (lcli)
  • Use a different IP address on the VLAN (last octet differs from the last octet of the default VLAN/management IP)

Each of these attempts results in my not being able to connect to the switch for management until I power cycle. Of course, since I hadn't had a chance to save the running configuration to the boot configuration, all of those changes are lost once the stack is up again. However, even when the management interface is inaccessible, there is a device that's physically connected to the SGE2000 that I can still PING, so I know that it's still passing traffic.

To be fair, I'm not terribly knowledgeable about switching, VLAN's, or even the specifics of the OSI model. I know just enough to be dangerous and to more or less understand what someone is telling me. At this point, I'm honestly at a complete loss as to what I could be doing wrong or simply overlooking as the current running configuration works great up until I try to assign the IP address to the VLAN.

For reference, here's some of the info from the switch obtained from lcli:

sh version

       Unit             SW version         Boot version         HW version
------------------- ------------------- ------------------- -------------------
         1               3.0.0.18            2.0.0.03            00.00.01
         2               3.0.0.18            2.0.0.03            00.00.01

sh running-config

port jumbo-frame
interface range ethernet 1/g(1-11,13-23),2/g(1-11,13-23)
switchport mode general
exit
vlan database
vlan 5
exit
interface range ethernet 1/g(1-11,13-23),2/g(1-11,13-23)
switchport general allowed vlan add 5
exit
interface vlan 5
name Voice
exit
interface vlan 5
dot1x auth-not-req
exit

sh ip interface

Proxy ARP is disabled

      IP Address                I/F            Type     Directed   Precedence
                                                        Broadcast
----------------------- -------------------- --------- ----------- -----------
XXX.XXX.XXX.254/24        vlan 1               Default   disable     No

sh vlan

Vlan       Name                   Ports                Type     Authorization
---- ----------------- --------------------------- ------------ -------------
 1           1         1/g(1-48),2/g(1-48),           other       Required
                       3/g(1-48),4/g(1-48),
                       5/g(1-48),6/g(1-48),
                       7/g(1-48),8/g(1-48),ch(1-8)
 5      Voice          1/g(1-11,13-23),2/g(1-11,    permanent   Not Required
                       13-23)

sh ip route

Maximum Parallel Paths: 1 (1 after reset)

Codes: C - connected, S - static

C  XXX.XXX.XXX.0/24   is directly connected                        vlan 1

Since this is in Layer 3 mode and there apparently isn't a default gateway address tied to VLAN 1, I tried adding a static route for VLAN 1 to our firewall through the WebUI:

Destination IP: 0.0.0.0
Network Mask: 0.0.0.0
Prefix Length: /0
Next Hop: XXX.XXX.XXX.253
Route Type: Remote
Metric: 1

This gives me an error: "Adding a route over default IP interface is not allowed. Change the interface to Static first.." so I went back to the VLAN Management -> Properties to try to change the Type of VLAN 1, but it gives me the error: "Default VLAN cannot be edited." I also tried setting the Metric value to "2" (just in case) but got the same error.

What I want is for VLAN 5 to be in the XXX.XXX.155.0/24 address space and the switch to respond on XXX.XXX.155.254 as it does on XXX.XXX.XXX.254 (unless, of course, I try to add this interface IP and have to power cycle it again). Does anyone have any suggestions or tips that can help me to achieve my goals? If you require additional information, please let me know. Thank you.


EDIT:

My Google-fu turned up this page for configuring VLAN's on Catalyst switches, so I reviewed what it had to say to see if I could find a specific problem with my method, but either I'm being dense or I'm just too tired of looking at this to find the issue. Since I'm wanting to be able to access VLAN 5 from VLAN 1, and vice-versa, I figured this was as good a place to start as any.

https://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html

Everything appears to be correct (as far as I can tell) up to step 5 where I actually assign the IP address. As I stated above, I tried doing it this way and ended up in the exact same situation - unable to access the switch/stack until it was power cycled.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: SGE2000 (Layer 3 Mode/Stack) - Assigning IP address to VLAN renders device inaccessible

I believe we've found the problem. Because we started this whole journey with the intention of replacing the HP ProCurve switches (which were already L3-capable), we had to put the Cisco SGE2000 into L3 mode. We've had these SGE2000 switches in the rack for a couple of years already, but they've always operated in L2 mode because we didn't need them to do anything else at the time.

Once we put the SGE2000 stack into L3 mode, it defaulted the address to what it had been in L2 mode - XXX.XXX.XXX.254. I was able to access the stack through that address for management without any apparent issues, but it seems there was one additional step we needed to take before any of the interfaces would accept the routing and IP assignments we need. That step was to explicitly add a separate IP address to the default VLAN (1). We added XXX.XXX.XXX.175 to the default VLAN interface and, once that was added, we could finally start adding the static routes and IP we need to the appropriate VLAN interfaces. Now our configuration looks like this:

sh running-config

port jumbo-frame
interface range ethernet 1/g(1-11,13-23),2/g(1-11,13-23)
switchport mode general
exit
vlan database
vlan 5
exit
interface range ethernet 1/g(1-11,13-23),2/g(1-11,13-23)
switchport general allowed vlan add 5
exit
interface vlan 5
name Voice
exit
interface vlan 5
dot1x auth-not-req
exit
interface vlan 1
ip address XXX.XXX.XXX.175 255.255.255.0
exit
interface vlan 5
ip address XXX.XXX.155.175 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.253
logging XXX.XXX.XXX.10
ip ssh server
clock timezone -6
clock summer-time recurring first Sun Apr 02:00 last Sun Oct 02:00
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp broadcast client enable
sntp server 139.78.97.128 poll
ip domain-name my.domainname.com
ip name-server  XXX.XXX.XXX.143 XXX.XXX.XXX.152

sh ip interface

Proxy ARP is disabled


      IP Address                I/F            Type     Directed   Precedence
                                                        Broadcast
----------------------- -------------------- --------- ----------- -----------
XXX.XXX.XXX.175/24      vlan 1               Static    disable     No
XXX.XXX.155.175/24      vlan 5               Static    disable     No

sh vlan

Vlan       Name                   Ports                Type     Authorization
---- ----------------- --------------------------- ------------ -------------
 1           1         1/g(1-48),2/g(1-48),           other       Required
                       3/g(1-48),4/g(1-48),
                       5/g(1-48),6/g(1-48),
                       7/g(1-48),8/g(1-48),ch(1-8)
 5      Voice          1/g(1-11,13-23),2/g(1-11,    permanent   Not Required
                       13-23)

sh ip route

Maximum Parallel Paths: 1 (1 after reset)

Codes: C - connected, S - static

S  0.0.0.0/0          [1/1] via  XXX.XXX.XXX.253  1:9:27           vlan 1
C  XXX.XXX.XXX.0/24   is directly connected                        vlan 1
C  XXX.XXX.155.0/24   is directly connected                        vlan 5

Once the explicit assignment of VLAN 1's address was set, the rest of the VLAN and routing configuration was a breeze. I can now access the stack through either VLAN and it appears that the entire network is doing exactly what it's supposed to. Yes, we had to change the IP address we had been using to access the stack before enabling L3 mode, but that's a tiny price to pay in our environment. My next step will be to physically remove the HP ProCurve switches from the network and edit our firewall rules that were pointing to those old devices, but I think we can finally have a completely Gigabit network.

 

View solution in original post

1 REPLY 1
Highlighted
Beginner

Re: SGE2000 (Layer 3 Mode/Stack) - Assigning IP address to VLAN renders device inaccessible

I believe we've found the problem. Because we started this whole journey with the intention of replacing the HP ProCurve switches (which were already L3-capable), we had to put the Cisco SGE2000 into L3 mode. We've had these SGE2000 switches in the rack for a couple of years already, but they've always operated in L2 mode because we didn't need them to do anything else at the time.

Once we put the SGE2000 stack into L3 mode, it defaulted the address to what it had been in L2 mode - XXX.XXX.XXX.254. I was able to access the stack through that address for management without any apparent issues, but it seems there was one additional step we needed to take before any of the interfaces would accept the routing and IP assignments we need. That step was to explicitly add a separate IP address to the default VLAN (1). We added XXX.XXX.XXX.175 to the default VLAN interface and, once that was added, we could finally start adding the static routes and IP we need to the appropriate VLAN interfaces. Now our configuration looks like this:

sh running-config

port jumbo-frame
interface range ethernet 1/g(1-11,13-23),2/g(1-11,13-23)
switchport mode general
exit
vlan database
vlan 5
exit
interface range ethernet 1/g(1-11,13-23),2/g(1-11,13-23)
switchport general allowed vlan add 5
exit
interface vlan 5
name Voice
exit
interface vlan 5
dot1x auth-not-req
exit
interface vlan 1
ip address XXX.XXX.XXX.175 255.255.255.0
exit
interface vlan 5
ip address XXX.XXX.155.175 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.253
logging XXX.XXX.XXX.10
ip ssh server
clock timezone -6
clock summer-time recurring first Sun Apr 02:00 last Sun Oct 02:00
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp broadcast client enable
sntp server 139.78.97.128 poll
ip domain-name my.domainname.com
ip name-server  XXX.XXX.XXX.143 XXX.XXX.XXX.152

sh ip interface

Proxy ARP is disabled


      IP Address                I/F            Type     Directed   Precedence
                                                        Broadcast
----------------------- -------------------- --------- ----------- -----------
XXX.XXX.XXX.175/24      vlan 1               Static    disable     No
XXX.XXX.155.175/24      vlan 5               Static    disable     No

sh vlan

Vlan       Name                   Ports                Type     Authorization
---- ----------------- --------------------------- ------------ -------------
 1           1         1/g(1-48),2/g(1-48),           other       Required
                       3/g(1-48),4/g(1-48),
                       5/g(1-48),6/g(1-48),
                       7/g(1-48),8/g(1-48),ch(1-8)
 5      Voice          1/g(1-11,13-23),2/g(1-11,    permanent   Not Required
                       13-23)

sh ip route

Maximum Parallel Paths: 1 (1 after reset)

Codes: C - connected, S - static

S  0.0.0.0/0          [1/1] via  XXX.XXX.XXX.253  1:9:27           vlan 1
C  XXX.XXX.XXX.0/24   is directly connected                        vlan 1
C  XXX.XXX.155.0/24   is directly connected                        vlan 5

Once the explicit assignment of VLAN 1's address was set, the rest of the VLAN and routing configuration was a breeze. I can now access the stack through either VLAN and it appears that the entire network is doing exactly what it's supposed to. Yes, we had to change the IP address we had been using to access the stack before enabling L3 mode, but that's a tiny price to pay in our environment. My next step will be to physically remove the HP ProCurve switches from the network and edit our firewall rules that were pointing to those old devices, but I think we can finally have a completely Gigabit network.

 

View solution in original post