Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
0
Helpful
0
Replies

Can't access 3850 via SSH using new vlan 777. Can ping out but not in

rodrigma2
Level 1
Level 1

‎10-31-2022 03:07 PM - edited ‎11-01-2022 01:57 PM

I have a stack of two 3850's configured with an int vlan 17 and we access that switch via an IP on that vlan. However, I configured a new vlan 777, and with that new vlan I can ping out but can't ping it from outside other networks/subnets/devices. This stack connects via fiber cable to our Core network across the street through a trunk port on Te1/1/1. I want to be able to manage it via vlan 777 (10.18.43.17).

HDQ_3850#sh run int vlan 777
interface Vlan777
description Management VLAN
ip address 10.18.43.17 255.255.255.248
no ip redirects
no ip unreachables
end


HDQ_3850#sh run int te1/1/1
interface TenGigabitEthernet1/1/1
description Link to Downtown Branch
switchport trunk native vlan 200
switchport trunk allowed vlan 153,200,201,777
switchport mode trunk
end

HDQ_3850#sh run int vlan 17
interface Vlan17
description Locust Union Data
ip address 10.253.10.254 255.255.255.0
ip helper-address 10.253.10.1
end

HDQ_3850#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 10.254.200.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.254.200.1
10.0.0.0/8 is variably subnetted, 14 subnets, 5 masks
C 10.18.43.16/29 is directly connected, Vlan777
L 10.18.43.17/32 is directly connected, Vlan777
C 10.253.10.0/24 is directly connected, Vlan17
L 10.253.10.254/32 is directly connected, Vlan17
C 10.253.33.0/24 is directly connected, Vlan33
L 10.253.33.1/32 is directly connected, Vlan33
C 10.253.141.0/29 is directly connected, Vlan141
L 10.253.141.1/32 is directly connected, Vlan141
C 10.253.212.0/24 is directly connected, Vlan212
L 10.253.212.1/32 is directly connected, Vlan212
C 10.254.200.0/28 is directly connected, Vlan200
L 10.254.200.12/32 is directly connected, Vlan200
C 10.254.242.64/27 is directly connected, Vlan242
L 10.254.242.65/32 is directly connected, Vlan242
172.31.0.0/16 is variably subnetted, 3 subnets, 3 masks
S 172.31.140.0/24 [1/0] via 10.253.141.2
C 172.31.140.168/29 is directly connected, Vlan140
L 172.31.140.170/32 is directly connected, Vlan140
192.168.253.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.253.0/24 is directly connected, Vlan253
L 192.168.253.1/32 is directly connected, Vlan253
HDQ_3850#

 

 

interface Vlan1
no ip address
!
interface Vlan10
no ip address
!
interface Vlan17
description Locust Union Data
ip address 10.253.10.254 255.255.255.0
ip helper-address 10.253.10.1
!
interface Vlan33
description Headquarters Staff WiFi
ip address 10.253.33.1 255.255.255.0
ip access-group 107 in
!
interface Vlan140
description iSCSI for Synology backup repo.
ip address 172.31.140.170 255.255.255.248
!
interface Vlan141
description Link to DTN Cluster Sw for iSCSI traffic
ip address 10.253.141.1 255.255.255.248
!
interface Vlan200
description Link to Downtown Branch
ip address 10.254.200.12 255.255.255.240
ip summary-address eigrp 700 10.253.10.0 255.255.255.0
ip summary-address eigrp 700 10.253.212.0 255.255.255.0
ip summary-address eigrp 700 10.254.200.0 255.255.255.240
ip summary-address eigrp 700 10.254.242.64 255.255.255.224
ip summary-address eigrp 700 192.168.253.0 255.255.255.0
!
interface Vlan201
description Transit for Public Wifi
ip vrf forwarding PubWifi
ip address 10.254.201.12 255.255.255.240
!
interface Vlan212
description Locust Union Voice
ip address 10.253.212.1 255.255.255.0
!
interface Vlan242
description WiFi APs Management
ip address 10.254.242.65 255.255.255.224
!
interface Vlan253
description LU Friends PCs (Public)
ip address 192.168.253.1 255.255.255.0
ip access-group 105 in
!
interface Vlan777
description Management VLAN
ip address 10.18.43.17 255.255.255.248
no ip redirects
no ip unreachables
!
!
router eigrp 700
network 10.195.253.0 0.0.0.3
network 10.253.10.0 0.0.0.255
network 10.253.33.0 0.0.0.255
network 10.253.212.0 0.0.0.255
network 10.254.242.64 0.0.0.31
network 192.168.253.0
eigrp stub connected summary
!
ip default-gateway 10.254.200.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.254.200.1
ip route 172.31.140.0 255.255.255.0 10.253.141.2
ip route vrf PubWifi 0.0.0.0 0.0.0.0 10.254.201.1
!
ip access-list extended AutoQos-4.0-Acl-Default
permit ip any any
!
access-list 105 permit udp any any
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 192.168.253.1
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.253.10.1
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.2
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.3
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.18
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.20
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.21
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.43
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.57
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.62
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.136
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.152
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.253
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.241.10.254
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.253.10.254
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.254.10.57
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.254.10.60
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.254.10.62
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.254.10.65
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.254.10.68
access-list 105 permit ip 192.168.253.0 0.0.0.255 host 10.254.10.254
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.241.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.243.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.244.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.245.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.246.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.247.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.248.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.249.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.250.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.251.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.252.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.253.10.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 10.254.0.0 0.0.255.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.243.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.253.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.245.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.246.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.247.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.248.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.249.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.250.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.251.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.252.0 0.0.0.255
access-list 105 deny ip 192.168.253.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 105 permit ip 192.168.253.0 0.0.0.255 any
access-list 107 permit udp any any
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.253.10.254
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.253.10.1
access-list 107 permit ip 10.253.33.0 0.0.0.255 10.241.10.0 0.0.0.3
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.18
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.20
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.21
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.27
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.41
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.43
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.57
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.58
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.150
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 10.241.10.152
access-list 107 permit ip 10.253.33.0 0.0.0.255 host 172.29.4.33
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.241.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.243.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.244.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.245.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.246.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.247.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.248.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.249.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.250.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.251.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.252.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.253.10.0 0.0.0.255
access-list 107 deny ip 10.253.33.0 0.0.0.255 10.254.10.0 0.0.0.254
access-list 107 permit ip 10.253.33.0 0.0.0.255 any
!
route-map DefGW-Library permit 10
match ip address LIB-GW
set ip default next-hop 10.253.254.1
!
route-map GW-LIB permit 10
match ip address GW-LIB
set ip next-hop 10.253.254.1

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents