11-25-2014 03:15 AM - edited 03-07-2019 09:39 PM
Hi team.
We have a switch in production that serves as a L2 ALS. I was about to test it's L3 capabilities and after I issued ip routing , the switch then cannot be managed (i.e., telnet/ssh attempts are failing). Though, its management IP is still reachable.
The switch is running the following code.
Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Has anyone encountered an issue like this? What could be the probable reason?
Should I reboot the switch already?
Thanks in advance.
Solved! Go to Solution.
11-25-2014 05:07 AM
Hi Carlos,
If you used the switch as an L2 switch you probably had a default-gateway configuration as well to manage the switch from a different IP subnet. When you applied the "ip routing" command the default gateway setting was gone, so now you don't have a valid route to your management station's subnet where you managed the device from before.
I suggest using the console port to connect to the device and issue the "ip route 0.0.0.0 0.0.0.0 earlier default-gateway IP address" command. Than you may reach the switch again from the management IP subnet.
If you don't have console access, than restarting the device may also solve your problem, in case of you had been saved the config before you issued the ip routing command.
Regards, Peter
11-25-2014 05:31 AM
My thought was the same as Peter that when ip routing is enabled then the default-gateway statement stops working. (it is not necessarily gone, but it no longer works) But I am puzzled at the statement in the original post where Carlos says that the management IP is still reachable. I think that we need more information about that. Is it reachable from remote subnets? Or is it reachable only from devices connected in the local subnet?
While I agree that console access could be very helpful I wonder if there are other alternatives that might allow Carlos to access the switch. In particular if the switch is reachable from devices in the local subnet I wonder if there is a router or another switch connected in the same subnet with this switch and whether Carlos might access that router or switch and from that device then access this switch using local telnet or SSH.
HTH
Rick
11-25-2014 03:33 AM
Carlos,
Before doing the reload, any possibility to get the console connection to see whats going on?
If in case no console access then I dont see any other way to get it back. Assuming that cpu is high kind of thing but not sure bcz we dont have any evidence to prove it.
Also its time to upgrade the firmware on the box though.
HTH
11-25-2014 05:07 AM
Hi Carlos,
If you used the switch as an L2 switch you probably had a default-gateway configuration as well to manage the switch from a different IP subnet. When you applied the "ip routing" command the default gateway setting was gone, so now you don't have a valid route to your management station's subnet where you managed the device from before.
I suggest using the console port to connect to the device and issue the "ip route 0.0.0.0 0.0.0.0 earlier default-gateway IP address" command. Than you may reach the switch again from the management IP subnet.
If you don't have console access, than restarting the device may also solve your problem, in case of you had been saved the config before you issued the ip routing command.
Regards, Peter
11-25-2014 05:31 AM
My thought was the same as Peter that when ip routing is enabled then the default-gateway statement stops working. (it is not necessarily gone, but it no longer works) But I am puzzled at the statement in the original post where Carlos says that the management IP is still reachable. I think that we need more information about that. Is it reachable from remote subnets? Or is it reachable only from devices connected in the local subnet?
While I agree that console access could be very helpful I wonder if there are other alternatives that might allow Carlos to access the switch. In particular if the switch is reachable from devices in the local subnet I wonder if there is a router or another switch connected in the same subnet with this switch and whether Carlos might access that router or switch and from that device then access this switch using local telnet or SSH.
HTH
Rick
11-25-2014 06:25 AM
Hi Richard and all.
Sorry if i got you puzzled. I was reaching the IP through a device local to the subnet which is why I was able to receive echo replies. I can't ssh or telnet into using other local devices cause their management subnet isn't in the TACACS group defined in the VTY lines. I'll have to console into it and disable routing.
Thanks alot.
11-25-2014 06:32 AM
> I'll have to console into it and disable routing.
you can also just add the default route when you are connected through the console. You don't have to disable routing.
11-25-2014 06:45 AM
Hi karsten.
We're not upgrading to routed access yet. I was just testing some of it's ports. So I disabled routing instead.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide