Can't telnet nor ping my switch from another VLAN

Jhorkell · ‎01-30-2020

Hello everyone!

So I have a network with many switches and VLANs and everything is beautiful and cool except for this one switch (let's call it SW1) I can't telnet to from another VLAN, it doesn't even respond pings. Every switch here has an administration VLAN (lets say vlan 10) and I can get to them from any vlan of my network via telnet and/or ssh. To get to this switch in particular, though, I have to telnet to any other switch of my network and from there jump to SW1. Also, if I run a ping from VLAN 10 it responds normally, the problem is I can't get to it from my laptop since I work on a different vlan (but I can get to any other switch!)

I did search here an there before coming to you guys and I found that an ACL can be blocking me, but there isn't any configured on SW1.

Does anyone have an idea of why is this happening? I'm sure it has to be a rookie mistake. The switch is a 2960X and it's working perfectly, I'm actually getting internet (and posting this) from it.

Updates:
- I configured a different interface vlan in SW1, with the same results (can't get to it from my laptop, but can do it from another switch)

- I put my laptop on VLAN 10 and I can telnet to SW1, but that's hardly a solution. I need SW1 to work like any other switch on the network.

Thanks for your time!

Reza Sharifi · ‎01-30-2020

Hi,

If the switch is layer-2 only, does it have a default gateway pointing to the next hop router?

ip default-gateway <next hop ip>

HTH

Jhorkell · ‎01-30-2020

Hi Reza! Thanks for your reply.
Yes, it has that command configured with the next hop's IP (wich is the core switch of the network). And a quick update, I just configured a different interface vlan (lets say 20) and it doesn't change anything. I can't telnet to it from my laptop but I can from a switch, even if that switch doesn't have an interface vlan 20. I thought it has to do with communication between vlans, but I'm not sure anymore what the problem is.

Reza Sharifi · ‎01-30-2020

Hi,

What is the management ip address on the switch?

You need to make sure whatever vlan/subnet you have configured to manage this switch is propagate throughout your network so you can get to it from anywhere. So, if the next hop switch is layer-2 you need to make sure this vlan is added to trunk port to get to the core. If the core is doing routing, you would need to make sure the same vlan/subnet is added to whatever routing protocol you are running. From the sound of it, it appears that the management subnet is not being advertised throughout your network.

HTH

Jhorkell · ‎01-30-2020

Thanks again for your help, Reza!
I can be wrong, but I'm pretty sure the management vlan is being advertised on the network, since from my laptop (wich is directly connected to SW1) I can get to any switch but SW1. Also, if I put my laptop on VLAN 10 I can access to SW1.
The core has the vlan 10 subnet configured on ospf, and the vlan 10 is configured on every switch (vlan 10 and interface vlan 10)

Reza Sharifi · ‎01-30-2020

Ok, so vlan 10 is the management vlan, you have an SVI on every switch for management and the vlan/subnet is advertised everywhere including to OSPF. Now, if your laptop is connected to sw1 and your laptop has an IP in the management subnet and the port you are connecting to is part of vlan 10, than you should be able to directly connect to the sw1.

Now, say laptop is in a different vlan (vlan 50) in order for your laptop to get to the management vlan and to access sw1 IP, vlan 50 needs to be advertised on the trunk port connecting to the core and also vlan 50 needs to be added to OSPF, so you can reach the IP on sw1 through the core. So, in this case the routing between vlan 10 and 50 is done on the core. Does this make sense?

HTH