cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
714
Views
0
Helpful
1
Replies

2960X Mgmt not accessible from other networks.

Hello all,

We have a 2960X switch stack containing 2 switches directly connected to our core router (ASR1000) 

 

The interface on the router is configured as follows:

!

interface TenGigabitEthernet0/0/0
ip address 192.168.101.1 255.255.255.0

!

 

The Switch config:

!
interface TenGigabitEthernet1/0/1
description "2960 Stack 1/0/1 to ASR 0/0/0"
no cdp enable

!
interface Vlan1
ip address 192.168.101.161 255.255.255.0
!
ip default-gateway 192.168.101.1
ip http server
ip http authentication local
ip http secure-server

 

The 2960X is an access switch for user endpoint devices and other network devices all in the 192.168.101.x/24 network.

From any device on the 192.168.101.x network we are able to ping and shh to the 2960X.

From any device outside the 101.x network we are unable to ping or shh to the 2960X. 

 

For example the 192.168.102.x network.

ASR1000 Config:

!

interface TenGigabitEthernet0/0/1
description "to OKHR.102_2960XR Ten1/0/1"
no ip address
!
interface TenGigabitEthernet0/0/1.102
description "CO .102 Network for Endpoint Devices"
encapsulation dot1Q 102
ip address 192.168.102.1 255.255.255.0
!

 

192.168.102.X Switch Config(2960XR)

!
interface TenGigabitEthernet1/0/1
switchport mode trunk

!
interface Vlan102
ip address 192.168.102.254 255.255.255.0
ip helper-address 192.168.101.101
!
ip default-gateway 192.168.102.1
ip forward-protocol nd
ip http server
ip http secure-server
!

 

ASR1000 show ip route output

192.168.101.0/24 is variably subnetted, 3 subnets, 2 masks
C 192.168.101.0/24 is directly connected, TenGigabitEthernet0/0/0
L 192.168.101.1/32 is directly connected, TenGigabitEthernet0/0/0
S 192.168.101.218/32 [1/0] via 192.168.101.18
192.168.102.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.102.0/24 is directly connected, TenGigabitEthernet0/0/1.102
L 192.168.102.1/32 is directly connected, TenGigabitEthernet0/0/1.102

 

As a side note the device on the 102.x network is able to ping and connect to every other device on the 101.x network EXCEPT for the 2960X. 

 

Any idea on why that one connection wont work?

 

Thanks in advance.

 

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

The 2960x by default is layer-2. if you want to route between vlan using the 2960x, enable "ip routing"

 

If the 2960x is simply an access switch(layer-2) than you don't need to have an SVI for vlan 102. You only need one vlan (1 in your case) with and SVI for management. You will also need to make the connection between the switch and the router a trunk port. This way the switch is just layer-2 and the router route between vlans and no need for IP routing (a default gateway which you already have is enough).

HTH

View solution in original post

1 Reply 1

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

The 2960x by default is layer-2. if you want to route between vlan using the 2960x, enable "ip routing"

 

If the 2960x is simply an access switch(layer-2) than you don't need to have an SVI for vlan 102. You only need one vlan (1 in your case) with and SVI for management. You will also need to make the connection between the switch and the router a trunk port. This way the switch is just layer-2 and the router route between vlans and no need for IP routing (a default gateway which you already have is enough).

HTH