cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1170
Views
0
Helpful
1
Replies
Beginner

3560 cluster standby switch cannot manage from other vlan

Hi All!

This is my problem: we have two 3560 switches on the network, the first is the command switch, the second is teh standby switch. They are many vlans, and the inter-vlan routing is enabled. there are 10+ different switchesn in the network, and i can manage all of them form all vlans, but the standby switch is only manageable from the managenemt vlan1. What is the problem? Here are the config of the command and standby switch:

command switch:

no service pad

service timestamps debug uptime

service timestamps log datetime

no service password-encryption

service sequence-numbers

!

hostname command_switch

!

enable secret level 1 5 xxx

enable secret level 14 5 xxx

enable secret 5 xxx

!

username admin privilege 15 secret 5 xxx

no aaa new-model

clock timezone CET 1

clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00

ip subnet-zero

ip routing

!

cluster standby-group A

cluster enable Office 0

cluster member 1 mac-address 000d.2919.c140

cluster member 2 mac-address 0012.0068.3a00

cluster member 3 mac-address 0017.94b0.4400

cluster member 4 mac-address 0022.0c77.fa00

cluster member 5 mac-address 0019.aa2b.3a00

cluster member 6 mac-address 0016.9d2e.3d00

cluster member 7 mac-address 0011.bbf7.0c80

cluster member 8 mac-address 001a.e2d6.ef80

cluster member 9 mac-address 001f.c943.84c0

cluster member 10 mac-address 0022.0c15.c280

cluster member 11 mac-address 001c.f90f.b880

cluster member 12 mac-address ec30.910c.4540

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

!

vlan access-map 10 10

action forward

match ip address 110

vlan internal allocation policy ascending

!

interfaces are deleted, its incompetent. The switches are connected on Gi0/28 with FO.

!

interface GigabitEthernet0/28

switchport trunk encapsulation dot1q

switchport mode trunk

macro description cisco-switch

auto qos voip trust

spanning-tree link-type point-to-point

!

interface Vlan1

ip address 192.168.105.1 255.255.255.0

standby ip 192.168.105.3

standby priority 150

standby preempt

standby name A

!

interface Vlan7

ip address 192.168.114.1 255.255.255.0

!

interface Vlan20

ip address 192.168.100.1 255.255.255.0

no ip proxy-arp

!

interface Vlan21

ip address 192.168.101.1 255.255.255.0

ip helper-address 192.168.102.87

no ip proxy-arp

!

interface Vlan22

ip address 192.168.102.1 255.255.255.0

no ip proxy-arp

!

interface Vlan23

ip address 192.168.103.1 255.255.255.0

no ip proxy-arp

!

interface Vlan24

ip address 192.168.104.1 255.255.255.0

no ip proxy-arp

!

interface Vlan102

ip address 10.65.97.133 255.255.255.240

standby ip 10.65.97.132

!

router rip

version 2

network 192.168.0.0

!

ip default-gateway 10.65.97.131

ip classless

ip route 0.0.0.0 0.0.0.0 10.65.97.131

ip route 192.9.200.0 255.255.252.0 192.168.114.254

ip route 192.168.0.0 255.255.0.0 192.168.114.254

ip route 192.168.31.65 255.255.255.255 10.65.97.131

ip http server

ip http authentication local

!

!

access-list 110 permit ip any 192.168.1.0 0.0.0.255

access-list 110 permit ip 192.168.1.0 0.0.0.255 any

snmp-server community public RO

snmp-server community public@es0 RO

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps cluster

snmp-server enable traps fru-ctrl

snmp-server enable traps entity

snmp-server enable traps cpu threshold

snmp-server enable traps vtp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps flash insertion removal

snmp-server enable traps port-security

snmp-server enable traps envmon

snmp-server enable traps MAC-Notification

snmp-server enable traps copy-config

snmp-server enable traps config

snmp-server enable traps hsrp

snmp-server enable traps rtr

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency

snmp-server enable traps syslog

snmp-server enable traps vlan-membership

!

control-plane

!

!

line con 0

line vty 0 4

password admin

login

line vty 5 15

password admin

login

!

ntp authentication-key 1 md5 040A 7

ntp authenticate

ntp trusted-key 1

ntp server 192.168.105.1

!

end

standby switch:


no service pad

service timestamps debug uptime

service timestamps log datetime

no service password-encryption

service sequence-numbers

!

hostname standby_switch

!

enable secret level 1 5 xxx

enable secret level 14 5 xxx

enable secret 5 xxx

!

username guest privilege 14 secret 5 xxx

no aaa new-model

clock timezone CET 1

clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00

ip subnet-zero

ip routing

!

cluster standby-group A

cluster member 0 mac-address 0018.19cf.c000

cluster member 1 mac-address 000d.2919.c140

cluster member 2 mac-address 0012.0068.3a00

cluster member 3 mac-address 0017.94b0.4400

cluster member 4 mac-address 0022.0c77.fa00

cluster member 5 mac-address 0019.aa2b.3a00

cluster member 6 mac-address 0016.9d2e.3d00

cluster member 7 mac-address 0011.bbf7.0c80

cluster member 9 mac-address 001f.c943.84c0

cluster member 10 mac-address 0022.0c15.c280

cluster member 11 mac-address 001c.f90f.b880

cluster member 12 mac-address ec30.910c.4540

!

cluster commander-address 0018.19cf.c000 member 8 name Office vlan 1

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

!

vlan access-map 10 10

action forward

match ip address 110

vlan internal allocation policy ascending

!

interfaces are deleted, its incompetent

!

interface GigabitEthernet0/28

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Vlan1

ip address 192.168.105.2 255.255.255.0

standby ip 192.168.105.3

standby preempt

standby name A

!

interface Vlan102

ip address 10.65.97.134 255.255.255.240

no ip route-cache cef

no ip route-cache

shutdown

standby ip 10.65.97.132

!

ip default-gateway 10.65.97.131

ip classless

ip route 0.0.0.0 0.0.0.0 10.65.97.131

ip http server

ip http authentication local

!

snmp-server community public RO

snmp-server community public@es8 RO

!

control-plane

!

!

line con 0

password admin

login

line vty 0 4

password admin

login

length 0

line vty 5 15

password admin

login

!

ntp authentication-key 1 md5 1354 7

ntp authenticate

ntp trusted-key 1

ntp server 192.168.105.1 key 1 prefer

end

Thank You for the answers!

1 REPLY 1
Contributor

Re: 3560 cluster standby switch cannot manage from other vlan

I find this difference:

Command Switch:

line con 0

line vty 0 4

password admin

login

line vty 5 15

password admin

login

access-list 110 permit ip any 192.168.1.0 0.0.0.255

access-list 110 permit ip 192.168.1.0 0.0.0.255 any

vlan access-map 10 10

action forward

match ip address 110

vlan internal allocation policy ascending

standby switch:

line con 0

password admin

login

line vty 0 4

password admin

login

length 0

line vty 5 15

password admin

login

!

access-list 110 permit ip any 192.168.1.0 0.0.0.255 not there

access-list 110 permit ip 192.168.1.0 0.0.0.255 any not there

vlan access-map 10 10

action forward

match ip address 110

vlan internal allocation policy ascending

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards