2960S management int problem

vince.steiner · ‎06-01-2010

I have a stack of 2 2960S switches that are dedicated for the storage net, only between SAN and blade system.

I have configured fastethernet0 (management interface) for static ip 192.168.163.25 which is then connected to my core data switch, so i can manage the storage switch.

So here is the issue: if there is nothing connected to that stack at all, except the management int the switch pings and i can telnet to it.

However, if i boot the stack with all storage network uplinks and downlinks connected the management int does not ping and i have no access to the switch. As soon as i unplug the last cable, the management interface starts to ping and i can telnet in. Then i can plug all the cables and everything works fine, until i reboot the switch again.

Anybody have any ideas whats going on?

I can paste the config if needed.

Leo Laohoo · ‎06-02-2010

The management port of a 2960S, like the 3560E and 3750E, is for Out of Band Management (OoBM) and not used for data traffic.

vince.steiner · ‎06-02-2010

I understand that, and do not want to use it as a data carrying port.

All i want to do it to use it for telnet, mgmt, but i can't because it doesn't ping after the switch boots up if i have the rest of the data cables plugged it.

Below is the config:

! Last configuration change at 09:51:19 Central Tue Jun 1 2010

! NVRAM config last updated at 10:22:06 Central Tue Jun 1 2010

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname BEP-2960-SAN1

!

boot-start-marker

boot-end-marker

!

enable secret

enable password

!

no aaa new-model

clock timezone CST -6

clock summer-time Central recurring

switch 1 provision ws-c2960s-24td-l

switch 2 provision ws-c2960s-24td-l

authentication mac-move permit

ip subnet-zero

no ip source-route

no ip gratuitous-arps

!

ip domain-list

ip domain-name

vtp mode transparent

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 10

name Storage

!

vlan 11

name VMotion

!

interface Port-channel1

description Etherchannel to ESXi PROD1

switchport trunk allowed vlan 10,11

switchport mode trunk

switchport nonegotiate

flowcontrol receive desired

!

interface Port-channel2

description Etherchannel to ESXi PROD2

switchport trunk allowed vlan 10,11

switchport mode trunk

switchport nonegotiate

flowcontrol receive desired

!

interface FastEthernet0

description Management

ip address 192.168.163.25 255.255.255.0

!

interface GigabitEthernet1/0/1

description Connection to ESXi PROD1

switchport trunk allowed vlan 10,11

switchport mode trunk

switchport nonegotiate

speed 1000

duplex full

flowcontrol receive desired

spanning-tree portfast trunk

channel-group 1 mode on

!

interface GigabitEthernet1/0/2

description Connection to ESXi PROD2

switchport trunk allowed vlan 10,11

switchport mode trunk

switchport nonegotiate

speed 1000

duplex full

flowcontrol receive desired

spanning-tree portfast trunk

channel-group 2 mode on

!

interface GigabitEthernet1/0/3

!

.........

!

interface GigabitEthernet1/0/24

description Connection to BEP-FAS-02 1G

switchport access vlan 10

switchport mode access

flowcontrol receive desired

spanning-tree portfast

!

interface GigabitEthernet1/0/25

shutdown

!

interface GigabitEthernet1/0/26

shutdown

!

interface TenGigabitEthernet1/0/1

description Connection to BEP-FAS-01 10G

switchport access vlan 10

switchport mode access

flowcontrol receive desired

spanning-tree portfast

!

interface TenGigabitEthernet1/0/2

!

interface GigabitEthernet2/0/1

description Connection to ESXi PROD1

switchport trunk allowed vlan 10,11

switchport mode trunk

switchport nonegotiate

speed 1000

duplex full

flowcontrol receive desired

spanning-tree portfast trunk

channel-group 1 mode on

!

interface GigabitEthernet2/0/2

description Connection to ESXi PROD2

switchport trunk allowed vlan 10,11

switchport mode trunk

switchport nonegotiate

speed 1000

duplex full

flowcontrol receive desired

spanning-tree portfast trunk

channel-group 2 mode on

!

interface GigabitEthernet2/0/3

!

..........

interface GigabitEthernet2/0/24

description Connection to BEP-FAS-01 1G

switchport access vlan 10

switchport mode access

flowcontrol receive desired

spanning-tree portfast

!

interface GigabitEthernet2/0/25

!

interface GigabitEthernet2/0/26

!

interface TenGigabitEthernet2/0/1

description Connection to BEP-FAS-02 10G

switchport access vlan 10

switchport mode access

flowcontrol receive desired

spanning-tree portfast

!

interface TenGigabitEthernet2/0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

description Storage

ip address 192.168.10.1 255.255.255.0

!

interface Vlan11

description VMotion

ip address 192.168.11.1 255.255.255.0

!

ip http server

ip http secure-server

ip sla enable reaction-alerts

snmp-server community read RO

snmp-server community write RW

!

ntp clock-period 22518825

ntp server 192.168.168.2 key 0 prefer

end

vince.steiner · ‎06-02-2010

any ideas?

Leo Laohoo · ‎06-02-2010

Have you tried giving a client an IP address on the same subnet as 192.168.163.0/24 and then connecting directly to the OoBM port?

vince.steiner · ‎06-03-2010

I did today and it worked, i can also connect to this mgmt inf if i plug my laptop directly to the same switch where i plug the mgmt connection to 2960s. However, if im on a different switch i can not ping it, access it, but i can any other device on the same net, switch.

Leo Laohoo · ‎06-03-2010

The Management port is not a routed port. It's not even a switch port. It's purely for management/OoBM. You can't connect F0 into another switch's switchport and hope to be able to access to it because it can't.

PHILIP DAMIAN-GRINT · ‎12-10-2014

I see this question was never answered, and I've never seen a satisfactory answer although it's a very useful feature if you can get it to work.

Well today I finally got my switch management ports working with AAA/TACACS+ and vty ACLs

The actual problem which needs to be solved is getting the management port to use a gateway - a static IP is only useful if your management station is on the same segment, so that's quite limited.

The problem with DHCP is that the basic config can have strange behaviour - for instance in my environment I could get an IP and a gateway in a standard lease, but I couldn't initially get it to pick up a fixed IP in a reservation.

My DHCP server was recording a 48-digit hex string in the mac address field - which turned out to be a hex dump of the default Client-ID, one of the various optional parameters in the "ip address dhcp ..." interface command:

Switch#sh dhcp lease
Temp IP addr: 192.168.25.99 for peer on Interface: FastEthernet0
Temp sub net mask: 255.255.255.0
   DHCP Lease server: 192.168.4.6, state: 5 Bound
   DHCP transaction id: 1037
   Lease: 604800 secs, Renewal: 302400 secs, Rebind: 529200 secs
Temp default-gateway addr: 192.168.25.1
   Next timer fires after: 3d11h
   Retry count: 0   Client-ID: cisco-5067.aeff.b739-Fa0
   Client-ID hex dump: 636973636F2D353036372E616566662E
                       623733392D466130
   Hostname: Switch

Once I configured my management port like this:

interface FastEthernet0
ip address dhcp client-id FastEthernet0 hostname Switch
no routing dynamic

...I was able to use the interface mac address to create a DHCP reservation that registered properly.

In order to get my AAA/TACACS+ working, I provided the following:

ip tacacs source-interface FastEthernet0

And now it works just like it used to on an SVI!

Hope that helps someone :)