Solved: Re: Cant access my management VLAN address of my switch - Page 2

hshabany · ‎09-24-2018

We have purchased a Cisco 3650 switch. The switch is working fine and I can access it through an IP address in the default VLAN but I am unable to access it through out management VLAN (254). I have 4 other Cisco 3560 switches that I can access just fine through 254 VLAN. I have allowed the 254 VLAN in the trunk but that didn't help. I am not sure what I am missing here.

hshabany · ‎09-25-2018

BB,

interfaces are connected just fine. I dont have any problem with traffic routing.

hshabany · ‎09-25-2018

Paul,

Both VLANs are active on all switches but the line protocol for the management VLAN is down.

ChangAn-SwitchInt5#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 10.80.1.23 YES NVRAM up up
Vlan2 unassigned YES unset down down
Vlan3 unassigned YES unset up down
Vlan4 unassigned YES unset up down
Vlan254 10.80.254.5 YES manual up down

paul driver · ‎09-25-2018

Hello

Well that is your problem, this is usually down because either it not defined on the trunk or it has no l2 relation.

Can you post output from both core and access switch
sh vlan br

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hshabany · ‎09-25-2018

Paul,

here is the output of sh vlan br

core switch

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/2, Gi0/7, Gi0/9, Gi0/10
Gi0/11, Gi0/12, Gi0/15, Gi0/19
Gi0/20, Gi0/23, Gi0/28
2 VLAN0002 active Gi0/4, Gi0/6, Gi0/8, Gi0/14
Gi0/16, Gi0/17, Gi0/18, Gi0/21
Gi0/22, Gi0/24
3 VLAN0003 active Gi0/5, Gi0/13
253 VLAN0253 active Gi0/3
254 VLAN0254 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

access switch

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/3, Gi1/0/4
Gi1/0/5, Gi1/0/6, Gi1/0/7
Gi1/0/8, Gi1/0/9, Gi1/0/10
Gi1/0/11, Gi1/0/12, Gi1/0/13
Gi1/0/14, Gi1/0/15, Gi1/0/16
Gi1/0/17, Gi1/0/18, Gi1/0/19
Gi1/0/20, Gi1/0/21, Gi1/0/22
Gi1/0/23, Gi1/0/24, Gi1/1/1
Gi1/1/2, Gi1/1/3, Gi1/1/4
3 VLAN0003 active
4 VLAN0004 active
254 VLAN0254 active Gi1/0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

Scott Pedersen · ‎09-25-2018

Your sh vlan output shows that no interface is configured on the core switch for vlan 254. Seems you are missing some configuration on the core side of the trunk.

paul driver · ‎09-25-2018

Hello

is this access switch directly cconnecting to the core switch ? Or via another switch first

sh int trunk

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hshabany · ‎09-25-2018

Paul,

access switch connected directly to core switch.

Port Mode Encapsulation Status Native vlan

Gi1/1/4 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi1/1/4 1-4094

Port Vlans allowed and active in management domain

Gi1/1/4 1,3-4,254

Port Vlans in spanning tree forwarding state and not pruned

Gi1/1/4 1,3-4,254

paul driver · ‎09-25-2018

Hello

Are you able to wr erase that switch, delete its vlan.dat file and reload it then recreate the trunk and svi;s

wr erase
delete flash:vlan.dat
reload
..............

conf t

hostname ChangAn-SwitchInt5
vlan 254
exit

interface Vlan1
ip address 10.80.1.23 255.255.255.0

interface Vlan254
ip address 10.80.254.5 255.255.255.0

ip default-gateway 10.80.1.85

interface GigabitEthernet1/1/4
switchport trunk encapsulation dot1q
switchport mode trunk
no shut

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hshabany · ‎09-26-2018

Paul,

that worked. Thank you so much for your time and effort. Does that mean that vlan.dat was corrupted, was that the reason I was having a problem accessing VLAN 254?

paul driver · ‎09-26-2018

Hello

that vlan 254 svi interface should have been brought up due to the fact you had created its related l2 vlan but it wasn’t working .

So it was thinking this was the root cause however as I didn’t want to keep on requesting to you to add little bits of config after removing and reloading the switch so I thought aswell to ask you to wipe the whole switch and start again .

Anyway glad to hear it is now working

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Georg Pauwen · ‎09-24-2018

Hello,

what is the output of 'show spanning-tree vlan 254' ?

Try and remove the IP address you have assigned to Vlan 1...

interface Vlan1
--> no ip address 10.80.1.23 255.255.255.0

hshabany · ‎09-25-2018

George,

the output of spanning-tree vlan 254 is spanning tree instance for vlan 254 doesnt exist. I have already tried removing VLAN 1 IP address but that did not change the fact that I cant access the switch through the management IP address.

Georg Pauwen · ‎09-25-2018

Hello,

can you post a schematic drawing of how your switches are connected ?

hshabany · ‎09-25-2018

George,

attached is a simple network diagram

Georg Pauwen · ‎09-25-2018

Hello,

since your ChangAn-CoreSwitch has ip routing enabled, try to add the static route below:

ip route 0.0.0.0 0.0.0.0 10.80.1.254

This is assuming that you are still using the original config you posted:

ChangAn-CoreSwitch#show run
Building configuration...

Current configuration : 2600 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ChangAn-CoreSwitch
!
enable secret 5 $1$/8yk$ZxaVXEaOKfap8GIR9WCNA0
enable password hj
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-3,253,254
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
switchport access vlan 253
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/5
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/6
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/14
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/17
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/18
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/22
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/27
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/28
switchport trunk encapsulation dot1q
!
interface Vlan1
ip address 10.80.1.85 255.255.255.0
!
interface Vlan2
ip address 10.80.2.35 255.255.255.0
!
interface Vlan3
ip address 10.80.3.10 255.255.255.0
!
interface Vlan254
ip address 10.80.254.1 255.255.255.0
!
--> no ip default-gateway 10.80.1.254

--> ip route 0.0.0.0 0.0.0.0 10.80.1.254
ip classless
ip http server
!
control-plane
!
line con 0

line vty 5 15
login
!
end

ip route 0.0.0.0 0.0.0.0 10.80.1.254