09-20-2012 10:27 AM - edited 03-07-2019 09:00 AM
My company just assumed management of a remote entity. The network has several misconfigurations and I need to make some network modifications from my office w/o losing access or incurring lengthy outage to the clients. The network consists of 1721 router and three 2960 switches.
- I only have access to the router from the Internet. I telnet off the router to the 3 switches.
The site uses a single class C 192.168.1.0 / 24. The router is running RIPv2 even though this is the only network. The prior network person (contractor) set up separate native vlans on each switch and all the ports are defined as Native trunk and access are defined to the VLAN interface assigned to the switch. So of course the logs are flooded with Native VLAN mismatch, Each 2960 switch is a VTP server but has no VTP domain.
basic network layout:
Internet => Eth [Cisco 1721] => Fa 0 192.168.1.254 ==> [SW1]
[SW1]
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan220
ip address 192.168.1.219 255.255.255.0
no ip route-cache
interface FastEthernet0/24
description Cisco1721 Fa0
switchport access vlan 220
switchport trunk native vlan 220
interface GigabitEthernet0/1
description Switch2 Gi0/2
switchport access vlan 220
switchport trunk native vlan 220
[SW2]
interface GigabitEthernet0/1
description SW1 Gi0/1
switchport access vlan 221
switchport trunk native vlan 221
!
interface GigabitEthernet0/2
description SW3 Gi0/1
switchport access vlan 221
switchport trunk native vlan 221
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan221
ip address 192.168.1.221 255.255.255.0
no ip route-cache
[SW3]
!
interface GigabitEthernet0/1
description SW2 Gi0/1
switchport access vlan 204
switchport trunk native vlan 204
!
interface GigabitEthernet0/2
switchport access vlan 204
switchport trunk native vlan 204
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan204
ip address 192.168.1.224 255.255.255.0
no ip route-cache
Normally, I would assign the current 192.168.1.254 to a subinterface to Router Fe 0/0 but with each switch having its own native VLAN I am afraid I will lose connectivity to the downstream switches -- my only access is telnet off the Cisco1721 Router.
Ideas appreciated...
09-20-2012 04:56 PM
hello,
try this for safe side. if do lose connection it will reboot and you will back in game again.
Network-Test#reload in ?
Delay before reload (mmm or hhh:mm)
Network-Test#reload in 30
System configuration has been modified. Save? [yes/no]:
% Please answer 'yes' or 'no'.
System configuration has been modified. Save? [yes/no]: y
Building configuration...
[OK]
Reload scheduled for 12:22:26 NZDT Fri Sep 21 2012 (in 30 minutes) by usernmae on vty0 (x.x.x.x)
Proceed with reload? [confirm]
Network-Test#
***
*** --- SHUTDOWN in 0:30:00 ---
***
Network-Test#relo
Network-Test#reload c
Network-Test#reload cancel
Network-Test#
***
*** --- SHUTDOWN ABORTED ---
***
please rate if this is helpful.
thanks
09-25-2012 10:37 AM
What I am looking for is how to clean up the switch config mess (Native VLAN misconfigs) without losing connectivity to the device. The person who originally set this up has no ip adddress on any VLAN1 in these three 2960s. All the ports on each switch are set to:
switchport access vlan xxx
switchport trunk native vlan xxx
Even the ports the connect to the adjacent switches are set this way. But as you can see in my original post, each switch has a *different* native vlan xxx -- and all devices are in the same 192.168.1.0/24 subnet.
So the logs are full of "native vlan mismatch". The site is remote and the only access to these switches is to telnet off their local router. I want to setup dot1q trunks on the switch-to-switch connections too to prepare for changes. I just can't afford to lose the access to these devices.
TIA
09-25-2012 07:07 PM
I recommend you try the following.
RIPv2
My recommendation is to convert the interfaces in question to straight trunk interfaces. This will allow all Vlans and remove the trunk native commands.
Start an extended ping to switch 1
Complete the following on switch 1
Issue Reload in 10 (fail safe if you lose connectivity) to switch 1
TFTP the following configuration to running config
Interface fa0/24
Switch port trunk encaps dot1q
Switch port mode trunk
No switchport access Vlan 220
No switchport trunk native Vlan 220
Interface gig0/1
Switch port trunk encaps dot1q
Switch port mode trunk
No switchport access Vlan 220
switchport trunk native Vlan 221
Ip route 0.0.0.0 0.0.0.0 192.168.1.254
If you are pinging the switch after the changes then the changes were successful and you need to abort the reload
Issue reload cancel
If this does work you will be able to access switch 2
Start an e tended ping to switch 2
Issue reload in 10 for switch 2
then modify switch 2 gig0/1 to match switch 1 fa0/24 (Vlan 221)
Ip route 0.0.0.0 0.0.0.0 192.168.1.254
You will drop pings to switch 2
then modify switch 1 gig0/1 to match as well
Pings will start again
Abort reload - reload cancel
Repeat for switch 3
I hope this helps
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide