08-07-2012 03:50 PM - edited 03-07-2019 08:12 AM
I have two questions for a Cisco 2960 (WS-C2960-24TC-L)
1. I am working to setup a few Cisco 2960 switches for HP iLO access to our servers. We are going to segregate the iLO network (VLAN 40) from the data network (VLAN 10) by using a different VLAN. All of the HP servers will be configured with static addresses. My question is, how do I set all the ports to VLAN 40 so that untagged devices will automatically go onto VLAN 40? I don't want to have to configure the VLAN on each iLO port on the server. I tried to set the port to: "switchport trunk native vlan 40", but that didn't work.
2. Also, how do you access the web GUI for these switches? I get a login box, but putting in the enable password doesn't work. I have the following commands in the config:
ip http server
ip http secure-server
Thanks.
Dave
08-07-2012 05:34 PM
switchport access vlan XX
08-07-2012 05:39 PM
Correct, I know I need to set each port that I want to use for iLO, but what would the config look like?
I have the following and it isn't working:
interface Ethernet 0/13
switchport mode access
switchport access vlan 40
I want each port to come up untagged VLAN 40. The uplink port is configured as follows:
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,40
switchport mode trunk
Dave
08-07-2012 06:50 PM
Pablo is right, on your access ports if you have sw ac vl 40, then it will be tagged for vlan 40 as is transverses the trunk link. If its not working, something else is amiss.....I have read your post a few times, but keep on getting the same answer already stated by PB....maybe you could restate the problem w/diff wording, I dont understand.
08-07-2012 08:05 PM
Here is the full config:
Current configuration : 3133 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,40
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.0.10.10 255.255.255.0
no ip route-cache
!
interface Vlan40
description iLO_Access
no ip address
no ip route-cache
!
control-plane
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end
Port 13 is the iLO server that has a static IP of 10.0.10.50. The Gigabit port 0/1 is the uplink to the core switch which is also set as a trunk with vlan 1 and 40 tagged and PVID of 40. That switch has an interface on VLAN 40 with an IP of 10.0.10.1 (gateway). From the core switch, I can ping the 2960, but not the iLO server. Any ideas?
Dave
08-07-2012 09:55 PM
Now thats a story I can work with.
First, has vlan 40 been defined on the 2960?
sh vlan would show you this.
The entry below will not create the vlan:
interface Vlan40
description iLO_Access
no ip address
no ip route-cache
It should be created though when you put the sw ac vl 40 in. So from the 2960 can you ping the server? And what does sh ip int br show for vl 1 and 40?
08-07-2012 11:38 PM
1.) Make sure vlan 40 is created "sh vlan" if not go to Global config mode and type "vlan 40" press enter "name ILO_Access"
2.) communication between server and switch in your case has to be done by switch in access mode so go to the interface fastethernet 13 "conf t" "inter fast 0/13" and type "swichtport access vlan 40" I usually also do "switchport host"
3.) make sure that your vlan 40 is terminated at a layer 3 device for routing purposes.
4.) I also reccomend an inespensive internet connection dedicated for your ILO vlan.
5.) For web access you also need to configure aaa. have a look at http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html
HTH,
Fabio
08-08-2012 02:25 AM
Hi
From Your output
interface FastEthernet0/1
!
interface FastEthernet0/2
this means these ports belongs to vlan1 (that is the default)
interface FastEthernet0/13
switchport access vlan 40
switchport mode access
this mean the port belongs to vlan 40
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,40
switchport mode trunk
this means a trunk port that allows vlan 1 and 40 to pass throgh
interface Vlan1
ip address 10.0.10.10 255.255.255.0
no ip route-cache
this means the management interface for the switch. observe that this is vlan 1
Port 13 is the iLO server that has a static IP of 10.0.10.50. The Gigabit port 0/1 is the uplink to the core switch which is also set as a trunk with vlan 1 and 40 tagged and PVID of 40. That switch has an interface on VLAN 40 with an IP of 10.0.10.1 (gateway). From the core switch, I can ping the 2960, but not the iLO server. Any ideas?
from this there seems to be a misconfiguration on the uplink switch. The gateway 10.0.10.1 can ping 10.0.10.10, that means that the gateway is on vlan 1 as the 2960, thats why you cant ping the iLO 10.0.10.50.
One suggestion is that you move the ip address on interface vlan1 to interface vlan40, shutdown interface vlan1, fix the uplink switch so that the 10.0.10.1 is on the vlan 40. Then both iLO switch and gateway is on the same vlan.
Or you move your iLO server to vlan1 ( one of the other ports on the switch)
/Mikael
08-08-2012 06:18 PM
Nice catch Mikael.
08-10-2012 12:38 PM
I got it sorted out. I did the following:
1. Made iLO ports access for vlan 40
interface FastEthernet0/13
switchport access vlan 40
switchport mode access
2. Allowed uplink port to be a trunk to carry vlan 1 and 40
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,40
switchport mode trunk
3. Made the switch IP on vlan 40
interface Vlan40
ip address 10.0.10.10 255.255.255.0
I then had to add a default gateway IP. Once I did this, it started working. Thanks for the help.
Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide