Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5871
Views
35
Helpful
22
Replies

Configuring 2960 and 300 ES switches

mpetrella
Level 1
Level 1

‎07-27-2012 08:12 AM

I have a 2960S switch and nine (9) 300 switches. I have three VLANs configured on them, data, voice and management. Each 300 has unique data and ovice VLANs corresponding to their locations. All of the 300 switches connect to the 2960 in a hub and spoke network topology via 802.1q trunks. I can access devices between switches on the data and voice VLANs fine from any other switch. My issue is that from any 300 switch I can access the 2960 management VLAN interface without a problem, but I can not access the 300 switch management VLAN that I am connected to from the CLI. I do not use the GUI at all for management.

Am I missing something.

Labels:
0 Helpful
22 Replies 22

Tom Watts
VIP Alumni
VIP Alumni

‎07-27-2012 08:18 AM

Hello meptrella, I'm assuming the 300 ES switches are SX300 series models.

The switch is not accessible via any method but http or console without first being 'activated'.

config t

ip telnet server

This should allow telnet from the 2960 to the SX300 series. You can also enable ssh the same way

config t

ip ssh server

If the SSH keys are not generated the SSH server may wait until the keys are generated

crypto key pubkey-chain ssh

user-key ******

key-string rsa

* = whatever you want

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

mpetrella
Level 1
Level 1
In response to Tom Watts

‎07-27-2012 08:31 AM

Thanks Tom. This solved a piece of the puzzle, but brought up another issue.

I am not sure if it is a telnet server issue. The reason I say that is I added the suggested commands. I can access the 300 switches from the 2960 now. If I am connected to the 300 I can not access its management address. I can ping the 2960 management address, the 300 gateway, other devices on the 300, but not the management interface address on VLAN one.

Any ideas?

Mike

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to mpetrella

‎07-27-2012 08:43 AM

In layer 3, if there is not a device connected on the IP interface, there won't be a response. Perform a show ip route, you will notice a default route is built, additionally you will notice routes built to each subnet for an active interface.  If you connect a device to the ip interface, the ip route will dynamically build and the interface will respond.

If the switch is in L2 then it should simply work

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

mpetrella
Level 1
Level 1
In response to Tom Watts

‎07-27-2012 08:50 AM

I may be in over my head. I could not do the ip routing command on the 2960 and I thought the 300's were all layer 2 devices. I have worked on the Cisco Enterprise switches for about 10 years and many of the "normal" switch commands are not there. There is no router in the network so we have to work with the 16 static routes on the 2960 and  default gateway on the 300. Again, I may be missing something on these. We had nothing to do with the selection of the switches and have to get them working for the three VLANs.

Thanks,

Mike

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to mpetrella

‎07-27-2012 08:56 AM

On the SX300, in the layer 2 mode, the IP address does not matter for the device except management purpose. So, what to do, connect a computer via ethernet to the SX300 on a port part of the management VLAN, assign a static IP address to the computer and see if you can open the GUI and ping the switch.

If successful, directly connected to the switch, then we know there is either an incorrect configuration, an incorrect route on the 2960 or the device attempting to access the switch IP interface is not on the management ip subnet.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

mpetrella
Level 1
Level 1
In response to Tom Watts

‎07-27-2012 10:12 AM

I will try that this weekend. I will post the results Monday.

Thanks again for all the help.

Mike

0 Helpful

mpetrella66
Level 1
Level 1
In response to mpetrella

‎08-01-2012 06:12 AM

Back again. We have VLAN 1, VLAN 10 and VLAN 11 on the 300ES and 2960. The 2960 has VLAN interfaces configured on the 2960 as well as the VLAN database. The 300ES has the VLAN database, but no VLAN interfaces configured on it. We have trunks between the switches. The 300ES has ports assigned to VLAN 10 with VLAN 11 being the VoIP.

I did as suggested and the results were as follows:

1) We can now get between all switches on VLAN 1.

2) If we have a PC on VLAN 10 on the 300ES we can not ping any interface on the 2960. From the 2960 we can not ping the PC on the 300ES sourcing it from the VLAN 10 interface address on the 2960.

3) From the 300ES we can ping the gateway defined on the 2960 for VLAN 10, but can not ping anything off of the VLAN 10 network.

I have to be missing something stupid. I set this up with 4500 and 3750 with no problems, but the CLI on the 300ES and 2960 do not match the higher switches and I can not figure out what the miussing piece is on this.

Any help is appreciated.

Mike

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to mpetrella66

‎08-01-2012 07:05 AM

Hi Mike, can you post a show run for each switch?

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

mpetrella66
Level 1
Level 1
In response to Tom Watts

‎08-01-2012 07:08 AM

Tom,

I will have to do it tonight. I left my thumb drive at home.

Thanks,

Mike

0 Helpful

mpetrella66
Level 1
Level 1
In response to mpetrella66

‎08-01-2012 07:41 AM

Tom,

My fellow engineer had the configs and sent them to me.The configs are below. The 2960 is first. One additional test we did was to have a PC on VLAN 10 on the 2960 and one on the 300ES and could not ping between them either. Thanks again.

Building configuration...

Current configuration : 11609 bytes

!

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname 2960-MDF-1

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$6yul$iZz2Rj6HA8JHl2KMHxF16/

!

username lns privilege 15 secret 5 $1$A129$F19PkQvMBPoRbT.z4ldwB.

username cisco privilege 15 secret 5 $1$sAYS$mdeBRQa/Yfhh6RoTEcd9x1

!

!

no aaa new-model

clock timezone UTC -5

clock summer-time UTC recurring

switch 1 provision ws-c2960s-48fps-l

ip routing

!

!

vtp mode transparent

udld aggressive

!

!

crypto pki trustpoint TP-self-signed-2638571776

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2638571776

revocation-check none

rsakeypair TP-self-signed-2638571776

!

!

crypto pki certificate chain TP-self-signed-2638571776

certificate self-signed 01

  30820243 308201AC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32363338 35373137 3736301E 170D3933 30333031 30303033

  30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36333835

  37313737 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100CBED 28723530 0501217D 4FBE6C5B B902D9B8 2A9D7A10 67503A3A B47B4097

  0C6BA011 D14837A1 B1E169A7 D0FF03A1 AADBA145 BCD6937A 0B05BDC6 227C9FF1

  AA692CE7 720E3D8D 7724FD7D 794778F9 61702964 080872D9 E9A52437 D67B2DA6

  18E1D1EC B7827EB2 4EBF8D82 6A15655E 66D1B9DC C67661D3 86908DC6 60935A63

  81E90203 010001A3 6B306930 0F060355 1D130101 FF040530 030101FF 30160603

  551D1104 0F300D82 0B323936 302D4D44 462D312E 301F0603 551D2304 18301680

  145CC643 4DF22380 B319CD2F 65AB80C7 DBFE044B 17301D06 03551D0E 04160414

  5CC6434D F22380B3 19CD2F65 AB80C7DB FE044B17 300D0609 2A864886 F70D0101

  04050003 818100CA 5EF4A7F4 E97C67B2 38062B1A B1C9A132 499EFE7F A00F4897

  84CA79E9 7C0E0C77 0899B745 5D2D69B0 BB3E2495 6E98D522 7B8BA267 A766460F

  BB319F55 A7B1C752 EC4D4EEF 84B51524 56C3003B D8D0F970 F3BEA90B 7B668399

  AA08760D F5598EEE E25CA8D7 59F11EC3 94B25B97 9FC4D6BE DF1AD4C9 FEC88DA2

  08DB8A4A 6A1DFD

  quit

!

spanning-tree mode rapid-pvst

spanning-tree portfast bpduguard default

spanning-tree extend system-id

auto qos srnd4

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause security-violation

errdisable recovery cause channel-misconfig (STP)

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery cause sfp-config-mismatch

errdisable recovery cause gbic-invalid

errdisable recovery cause psecure-violation

errdisable recovery cause port-mode-failure

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause pppoe-ia-rate-limit

errdisable recovery cause mac-limit

errdisable recovery cause vmps

errdisable recovery cause storm-control

errdisable recovery cause inline-power

errdisable recovery cause arp-inspection

errdisable recovery cause loopback

errdisable recovery cause small-frame

!

vlan internal allocation policy ascending

!

vlan 10  

name BLDG-10

!

vlan 11

name VoIP-BLDG-10

!

vlan 100

name SERVERS

!

ip ssh version 2

!

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

shutdown

!

interface GigabitEthernet1/0/1

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/2

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/3

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/4

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/5

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/6

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/7

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/8

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/9

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/10

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/11

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/12

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/13

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/14

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/15

switchport access vlan 100

switchport mode access

spanning-tree portfast

!        

interface GigabitEthernet1/0/16

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/17

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/18

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/19

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/20

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/21

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/22

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/23

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/24

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/25

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/26

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/27

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/28

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/29

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/30

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/31

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/32

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/33

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/34

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/35

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/36

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/37

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/38

switchport access vlan 100

switchport mode access

spanning-tree portfast

!        

interface GigabitEthernet1/0/39

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/40

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/41

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/42

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/43

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/44

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/45

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/46

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/47

description SF300-BLDG10-1 Port G1

switchport mode trunk

mls qos trust dscp

!

interface GigabitEthernet1/0/48

description SF300-SALES Port G1

switchport mode trunk

mls qos trust dscp

!

interface GigabitEthernet1/0/49

!

interface GigabitEthernet1/0/50

!

interface GigabitEthernet1/0/51

!

interface GigabitEthernet1/0/52

!

interface Vlan1

description Management

ip address 10.0.5.1 255.255.255.0

ip helper-address 10.0.0.24

!

interface Vlan10

description BLDG-10

ip address 10.0.10.1 255.255.255.0

ip helper-address 10.0.0.24

!

interface Vlan11

description VoIP BLDG-10

ip address 10.0.11.1 255.255.255.0

ip helper-address 10.0.0.24

!

interface Vlan100

description SERVERS

ip address 10.0.0.1 255.255.255.0

!

ip default-gateway 10.0.0.5

no ip route static inter-vrf

ip route 10.0.10.0 255.255.255.0 10.0.5.10

no ip http server

ip http secure-server

!

line con 0

line vty 0 4

logging synchronous

login local

transport input telnet ssh

line vty 5 15

logging synchronous

login local

transport input telnet ssh

!

end

One of the nine (9) 300ES follows.

SF300-BLDG10-1(config)#do sho run       

interface range fa1-48

spanning-tree portfast

exit

interface  fa48

description Management

exit

interface  gi1

description "MDF-1 Port 1/45"

exit

vlan database

vlan 10-11

exit

voice vlan id 11

voice vlan state auto-enabled

voice vlan cos 6 remark

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 001049 shoretel

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

interface vlan 1

ip address 10.0.5.10 255.255.255.0

exit

ip default-gateway 10.0.5.1

interface vlan 1

no ip address dhcp

exit

hostname SF300-BLDG10-1

no passwords complexity enable

ip ssh server

ip telnet server

interface fastethernet1

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet2

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet3

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet4

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet5

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet6

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet7

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit                                                 

interface fastethernet8

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet9

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet10

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet11

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet12

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet13

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet14

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet15

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet16

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet17

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet18

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit                                                 

interface fastethernet19

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet20

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet21

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet22

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet23

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet24

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet25

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet26

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet27

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet28

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet29

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit                                                 

interface fastethernet30

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet31

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet32

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet33

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet34

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet35

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet36

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet37

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet38

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet39

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet40

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit                                                 

interface fastethernet41

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet42

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet43

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet44

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet45

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet46

switchport trunk allowed vlan add 11                 

switchport trunk native vlan 10

exit

interface fastethernet47

switchport trunk allowed vlan add 11

switchport trunk native vlan 10

exit

interface fastethernet48

switchport mode access

exit

interface gigabitethernet1

no macro auto smartport

switchport trunk allowed vlan add 10-11

exit

0 Helpful

mpetrella66
Level 1
Level 1
In response to mpetrella66

‎08-01-2012 07:50 AM

Fat fingered my last two posts. One the 2960 we had a PC on VLAN 100, not 10.

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to mpetrella66

‎08-01-2012 08:12 AM

interface GigabitEthernet1/0/47

description SF300-BLDG10-1 Port G1

switchport mode trunk

switchport trunk allowed vlan add 10,11,100 <- Try this

mls qos trust dscp

spanning-tree mode rapid-pvst <-- SX300 does not support the PVST. I am not sure if it makes a difference

spanning-tree portfast bpduguard default

spanning-tree extend system-id

auto qos srnd4

SX300 port-

interface gigabitethernet1

no macro auto smartport

switchport trunk allowed vlan add 10-11  <- VLAN 100 is not a member of the port (I think this is your uplink?)

switchport trunk allowed vlan add 10,11,100 <- Try

exit

switchport trunk allowed vlan add 10,11, this means the port is 1untag, 10 and 11 tag.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

mpetrella66
Level 1
Level 1
In response to Tom Watts

‎08-01-2012 10:33 AM

WIll try the suggested confifuration changes tonight.

One questions, why would I need to include the VLANs in the allowed statements? The reason I ask is that with the 4500 and 3750 we use we don't have them specifically and things work fine.

Thanks,

Mike

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to mpetrella66

‎08-01-2012 11:09 AM

Ingress filtering on trunk and access port will discard any vlan id not specified on the port of the SX300.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Customers Also Viewed These Support Documents