cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6388
Views
7
Helpful
31
Replies

Can't find why switch is not accessible through SSH

Marc_Lalonde
Level 1
Level 1

Hello all,

I have a bunch of switches C2960 at work and I can connect to most except 2. I can't even ping them. The thing is, I have the same setup procedure for all switches so I don't understand where I went wrong on this one.

No SSH, no ping, no telnet, nothing.

Any help would be greatly appreciated.

See attached "sh run" result.

31 Replies 31

that is exactly why i suggested:
-> configure an access port in vlan 30 and connect some device to it
then test the result

Pieter, 

So I configured an access port to vlan 30, connected a tablet with an Ethernet cable to IP address 192.168.30.215 and from there tried to connect SSH to the switch at 192.168.30.34 and it worked.

So why can't I connect from other VLANs? I can reach other switches on VLAN 30 from VLANs 10-11-12-200, etc.

Thanks

only in inaccessible switch do 
vlan 30<<- add this into global mode 
and check again 

Done.

No changes.

@marc vlan 30 exists, but as on this switch there is (was) no other port active in vlan 30 this vlan is "pruned" from the uplink
by adding the access port the vlan is "published" again to the neighboring switch.

@MHM Cisco World  the command is allready in the config
vlan 20
name PACSEC
!
vlan 30
name PACPHY
!
vlan 100
name Internet

The switch still is inaccessible from other VLANs. The only way I can access it is from a device that has an IP on VLAN 30. Which shouldn't be.

Also, VLAN 30 shows in the list of VLANs "not pruned".

Thanks

vlan 30  add to db and it have access SW port assign to this port 
I can not access VLAN 30 !!
the answer is defualt-gaeway 

if the defualt-gateway that the SW use is in subnet of VLAN X this vlan must also add to vlan db and must also have access SW port OR disbale autostate if tSW support this feature. 

the switch has the defaut gateway configured (see configuration in first post )

interface Vlan30
description *** MANAGEMENT LAN ***
ip address 192.168.30.34 255.255.255.0
!
ip default-gateway 192.168.30.1

-> does the subnet mask match the subnet mask of the gateway ?

Yes, subnet mask is good (255.255.255.0). All my switches are configured as such.

then from inaccessible SW do 
traceroute GW source VLAN 30 <<- share here 

I've tried to issue the following command without success

traceroute 192.168.30.1 source VLAN 30

It's as if it's expecting an IP address for the source instead of a VLAN number

 

Marc_Lalonde
Level 1
Level 1

Here's a schematic explaining quickly the layout of my switches. 

One PC on subnet 192.168.10.x can connect to all switches except SPYS1-SW11. 

Another PC on subnet 192.168.30.x can connect to all switches.

It doesn't matter where the PCs are connected. The places shown on the schematic are random.

 

topo.png

Thank you for this @MHM Cisco World .

The command "no autostate" does not work.

Port Gi1/0/28 is already on vlan 30.

"ip default-gateway" is on 192.168.30.1, the same as all other switches.

I have validated that on our main router, VLAN 30 is allowed on the interface that connects to switch SPYS1-SW11.

Marc_Lalonde
Level 1
Level 1

Bump (if this is allowed)