cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2531
Views
0
Helpful
3
Replies

Chg remote site network config w/o losing connection?

perrymcgrew
Level 1
Level 1

My company just assumed management of a remote entity.  The network has several misconfigurations and I need to make some network modifications from my office w/o losing access or incurring lengthy outage to the clients.  The network consists of 1721 router and  three 2960 switches.

- I only have access to the router from the Internet.  I telnet off the router to the 3 switches.

The site uses a single class C 192.168.1.0 / 24.  The router is running RIPv2 even though this is the only network.  The prior network person (contractor) set up separate native vlans on each switch and all the ports are defined as Native trunk and access are defined to the VLAN interface  assigned to the switch.  So of course the logs are flooded with Native VLAN mismatch,  Each 2960 switch is a VTP server but has no VTP domain.  

basic network layout:

Internet  => Eth [Cisco 1721] => Fa 0 192.168.1.254  ==> [SW1]

[SW1]

interface Vlan1

no ip address

no ip route-cache
!
interface Vlan220
ip address 192.168.1.219 255.255.255.0
no ip route-cache

interface FastEthernet0/24

description Cisco1721 Fa0

switchport access vlan 220

switchport trunk native vlan 220

interface GigabitEthernet0/1

description Switch2 Gi0/2

switchport access vlan 220

switchport trunk native vlan 220

[SW2]

interface GigabitEthernet0/1

description SW1 Gi0/1

switchport access vlan 221

switchport trunk native vlan 221

!

interface GigabitEthernet0/2

description SW3 Gi0/1

switchport access vlan 221

switchport trunk native vlan 221

!

interface Vlan1

no ip address

no ip route-cache

!

interface Vlan221

ip address 192.168.1.221 255.255.255.0

no ip route-cache

[SW3]

!
interface GigabitEthernet0/1
description SW2 Gi0/1
switchport access vlan 204
switchport trunk native vlan 204
!
interface GigabitEthernet0/2
switchport access vlan 204
switchport trunk native vlan 204
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan204
ip address 192.168.1.224 255.255.255.0
no ip route-cache


Normally, I would assign the current 192.168.1.254 to a subinterface to Router Fe 0/0 but with each switch having its own native VLAN I am afraid I will lose connectivity to the downstream switches -- my only access is telnet off the Cisco1721 Router. 

Ideas appreciated...

3 Replies 3

singhaam007
Level 3
Level 3

hello,

try this for safe side. if do lose connection it will reboot  and you will back in game again.

Network-Test#reload in ?

Delay before reload (mmm or hhh:mm)

Network-Test#reload in 30

System configuration has been modified. Save? [yes/no]:

% Please answer 'yes' or 'no'.

System configuration has been modified. Save? [yes/no]: y

Building configuration...

[OK]

Reload scheduled for 12:22:26 NZDT Fri Sep 21 2012 (in 30 minutes) by usernmae on vty0 (x.x.x.x)

Proceed with reload? [confirm]

Network-Test#

***

*** --- SHUTDOWN in 0:30:00 ---

***

Network-Test#relo

Network-Test#reload c

Network-Test#reload cancel

Network-Test#

***

*** --- SHUTDOWN ABORTED ---

***

please rate if this is helpful.

thanks

What I am looking for is how to clean up the switch config mess (Native VLAN misconfigs) without losing connectivity to the device.  The person who originally set this up has no ip adddress on any VLAN1 in these three 2960s.  All the ports on each switch are set to:

switchport access vlan xxx

switchport trunk native vlan xxx

Even the ports the connect to the adjacent switches are set this way.  But as you can see in my original post, each switch has a *different* native vlan xxx -- and all devices are in the same 192.168.1.0/24 subnet.

So the logs are full of "native vlan mismatch".  The site is remote and the only access to these switches is to telnet off their local router.  I want to setup dot1q trunks on the switch-to-switch connections too to prepare for changes.  I just can't afford to lose the access to these devices.  

TIA

I recommend you try the following.

RIPv2

My recommendation is to convert the interfaces in question to straight trunk interfaces. This will allow all Vlans and remove the trunk native commands.

Start an extended ping to switch 1

Complete the following on switch 1

Issue Reload in 10 (fail safe if you lose connectivity) to switch 1

TFTP the following configuration to running config

Interface fa0/24

Switch port trunk encaps dot1q

Switch port mode trunk

No switchport access Vlan 220

No switchport trunk native Vlan 220

Interface gig0/1

Switch port trunk encaps dot1q

Switch port mode trunk

No switchport access Vlan 220

switchport trunk native Vlan 221

Ip route 0.0.0.0 0.0.0.0 192.168.1.254

If you are pinging the switch after the changes then the changes were successful and you need to abort the reload

Issue reload cancel

If this does work you will be able to access switch 2

Start an e tended ping to switch 2

Issue reload in 10 for switch 2

then modify switch 2 gig0/1 to match switch 1 fa0/24 (Vlan 221)

Ip route 0.0.0.0 0.0.0.0 192.168.1.254

You will drop pings to switch 2

then modify switch 1 gig0/1 to match as well

Pings will start again

Abort reload - reload cancel

Repeat for switch 3

I hope this helps

Sent from Cisco Technical Support iPad App

Review Cisco Networking for a $25 gift card