Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1092
Views
0
Helpful
3
Replies

Cisco Switch Unable to Access Management Interface

Go to solution
natchannel
Level 1
Level 1

‎12-06-2022 11:35 AM

I have a Cisco Cataylst Switch in L2 mode, connected to a WatchGuard firewall/router using the "router on a stick" topology. Currently all network traffic for all VLANs is traversing across the switch without issue. However I am unable to reach the switch itself outside of the management VLAN 2. The switch and the router can ping each other. I know routing to VLAN 2 works as other devices on that VLAN route just fine. When trying to ping from the Cisco switch to any IP outside of its VLAN, it fails and the router doesn't even see any traffic attempting to leave. Below is a snippet from the config.

 

 

!
interface Vlan2
 description Management
 ip address 10.100.0.2 255.255.255.0
 ip access-group 111 in
 ip access-group 111 out
!
!
ip default-gateway 10.100.0.2
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip ssh version 2
ip name-server 10.0.0.20 10.0.0.21 10.100.0.1
!
!
ip access-list extended 111
 10 permit ip any any
!
! this is the uplink port to the router
interface GigabitEthernet1/0/1
 switchport trunk allowed vlan 1,2,10,30,40
 switchport mode trunk
!
! this is an downlink port to a wireless AP
interface GigabitEthernet1/0/2
 switchport access vlan 2
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,10,30,40
 switchport mode trunk
 spanning-tree portfast trunk
!
! this is a general wired access port for PCs and VoIP phones
interface GigabitEthernet1/0/29
 network-policy 1
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
!

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎12-06-2022 01:10 PM

The default-gateway IP should be the next hop IP address (firewall) and not the IP address of the switch

interface Vlan2
 description Management
 ip address 10.100.0.2 255.255.255.0
 ip access-group 111 in
 ip access-group 111 out
!
!
ip default-gateway 10.100.0.2

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎12-06-2022 01:10 PM

The default-gateway IP should be the next hop IP address (firewall) and not the IP address of the switch

interface Vlan2
 description Management
 ip address 10.100.0.2 255.255.255.0
 ip access-group 111 in
 ip access-group 111 out
!
!
ip default-gateway 10.100.0.2

0 Helpful

Go to solution
natchannel
Level 1
Level 1
In response to Reza Sharifi

‎12-06-2022 01:18 PM

Wow, brain fart there. Thanks for spotting it for me, fixed the IP and everything is working!

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to natchannel

‎12-06-2022 01:24 PM

No problem. It happens to all of us.

Good luck!

0 Helpful
Customers Also Viewed These Support Documents