05-20-2019 01:07 AM
I have createda five vlans in a switch 3650
vlan1 10.10.2.0/24
vlan2 10.10.1.0/24
vlan 11 192.168.0.0/24
vlan99 10.10.99.0/24
vlan10 10.10.0.0/24
But i am not able to open switch through putty
can you do it in brief
05-20-2019 01:14 AM
Hi there,
I assume you are able to reach one of those VLAN SVIs? Ie, you have connectivity to the switch from your PC.
If you can console onto the switch, try these commands:
! username <user> secret <new_password> ! ip domain-name example.com crypto key generate rsa ip ssh version 2 ! line vty 0 4 transport input ssh !
cheers,
Seb.
05-20-2019 01:28 AM
I have done line console also but it was not communicating with any vlan
05-20-2019 01:37 AM
I want to shutdown vlan 1 and open the putty through another vlan
05-20-2019 02:04 AM
Can you share the running config of the switch obtained via the console port?
Also as @Georg Pauwen asks, can you confirm the IP settings of the PC you are attempting the SSH connection from?
cheers,
Seb.
05-20-2019 04:15 AM
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.05.20 14:31:21 =~=~=~=~=~=~=~=~=~=~=~=
DMHYDTCSW001#sh runn
Building configuration...
Current configuration : 14772 bytes
!
! Last configuration change at 20:54:05 PDI Fri May 17 2019
! NVRAM config last updated at 08:54:02 PDI Sat May 18 2019
!
version 16.3
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname DMHYDTCSW001
!
shell processing full
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
--More-- exit-address-family
!
enable secret 5 $1$Emcd$cWj6lSkg.CjL2WFHfeax90
enable password 7 0242555C05261B345E4B
!
no aaa new-model
clock timezone IST 5 30
clock summer-time PDI recurring
switch 1 provision ws-c3650-24ts
!
!
!
!
ip routing
!
!
!
ip name-server 8.8.8.8 10.10.0.1
ip domain name dizimonk.com
!
!
!
!
--More-- !
!
!
!
!
crypto pki trustpoint TP-self-signed-1939720957
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1939720957
revocation-check none
rsakeypair TP-self-signed-1939720957
!
!
crypto pki certificate chain TP-self-signed-1939720957
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393339 37323039 3537301E 170D3138 31323331 30333534
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39333937
32303935 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100A562 D107848C DFB43895 26AA67EB 31669811 E18439DE 929F6565
595E6A88 621B9F4A 9B570CCB B7FE4269 A5A1ABD3 3085CDCC CF202A3D 7B616198
9B06DA99 9598590C 84AA3884 22A1C7AD A1EF5CC1 941095EB ECC9E7A6 0BF12CC1
--More-- B86D24DE FCAF97B7 E2097118 008F177B 1DAE2421 33739924 3BBC922F 7BA6166C
81B7E423 9CEAACD7 4C721166 60983F95 EC3A1E62 058F35F3 4A0AE483 73BDCAB5
C568FB31 A1A6D23E C19BDF2E CE48E34B 3BA2BFDC F582F47F C7ED1B55 8FB39C2D
09E0AC5B 24457AF0 F70749C0 0E282FDA 3947EB7A 081D41FC 78DB4E74 EC251A0C
3FE04173 DDC7621B 9650F964 BE48250E 1E40378A 37180A09 98714D12 58C50691
922BC064 BFE90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 1499EE9A 1DA5C30F BE6DD4D7 05B0E4C3 F583670B
2E301D06 03551D0E 04160414 99EE9A1D A5C30FBE 6DD4D705 B0E4C3F5 83670B2E
300D0609 2A864886 F70D0101 05050003 82010100 988F31FB 396F3526 A79E6809
EE0E2494 6146FCAF 886285BD 8C11458F 08D51483 9ACE781C 2B57572A F45D7111
866415BB 8EDCF8F2 9B924E5D 2E1515C2 298FED6D 771A91C5 CCDEA7C4 50F002ED
04F89A9B 794F40C7 2F7D3835 F59E0959 1BD94195 F7CD68B2 6ADF6134 313EE8C8
8A0E35A6 7A21AB00 68D24531 1D59DFDB DD83FE3C B31B7186 A7C802D1 67B48B91
9E87CBE0 B9A1C02B BF0CB731 C2016535 CDB71CF4 8F33B850 3B521516 5D68EE0D
46D0D27E 84B8D1EB 4EBEF54B C0D7089A 6DE19010 BB2B0B7E F2DEE560 DB173FD9
25839818 8C0C7C69 98E8977B 8E5B099C 72F68897 9FE05C93 AE21D348 77ED9C60
D2BD4CD9 D893372D 42834EBC AC4754EE 33CE9842
quit
!
license boot level ipbasek9
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
--More-- !
!
username $up3r@dm1n password 7 0242555C05261B345E4B
username @dm1n privilege 15 password 7 06010101585B1B1C
!
redundancy
mode sso
!
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
--More-- class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
!
--More-- policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
--More-- class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
--More-- interface GigabitEthernet1/0/1
switchport mode access
!
interface GigabitEthernet1/0/2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport mode access
!
interface GigabitEthernet1/0/4
switchport mode access
!
interface GigabitEthernet1/0/5
switchport mode access
!
interface GigabitEthernet1/0/6
switchport mode access
!
interface GigabitEthernet1/0/7
switchport mode access
shutdown
!
interface GigabitEthernet1/0/8
--More-- switchport mode access
shutdown
!
interface GigabitEthernet1/0/9
switchport mode access
shutdown
!
interface GigabitEthernet1/0/10
switchport mode access
shutdown
!
interface GigabitEthernet1/0/11
switchport mode access
shutdown
!
interface GigabitEthernet1/0/12
switchport mode access
shutdown
!
interface GigabitEthernet1/0/13
switchport access vlan 11
switchport mode access
!
--More-- interface GigabitEthernet1/0/14
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 11
switchport mode access
shutdown
!
interface GigabitEthernet1/0/18
switchport mode access
shutdown
!
interface GigabitEthernet1/0/19
switchport mode access
--More-- shutdown
!
interface GigabitEthernet1/0/20
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport mode access
!
interface GigabitEthernet1/0/22
switchport mode access
!
interface GigabitEthernet1/0/23
switchport mode trunk
!
interface GigabitEthernet1/0/24
description firewallconnected
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
--More-- !
interface GigabitEthernet1/1/4
!
interface Vlan1
ip address 10.10.2.1 255.255.255.0
!
interface Vlan2
ip address 10.10.1.1 255.255.255.0
!
interface Vlan10
ip address 10.10.0.1 255.255.255.0
!
interface Vlan99
ip address 10.10.99.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 7443
!
ip route profile
ip route 0.0.0.0 0.0.0.0 10.10.0.245
--More-- ip ssh port 7022 rotary 1
ip ssh version 2
!
ip access-list standard ssh
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
--More--
May 20 15:21:31.977: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/16 (11), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/24 (1). permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
--More-- permit tcp any any eq 5985
permit tcp any any eq 8080
ip access-list extended denyssh
deny tcp any any eq 22
permit tcp any any eq 7022
!
access-list 101 permit tcp any any eq www
!
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps entity-perf throughput-notif
snmp-server enable traps wireless bsnMobileStation bsnAccessPoint bsnRogue bsn80211Security bsnAutoRF bsnGeneral AP client mfp mobility rogue RRM SI
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
--More-- snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps eigrp
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps license
snmp-server enable traps cpu threshold
snmp-server enable traps memory bufferpeak
snmp-server enable traps stackwise
snmp-server enable traps envmon
snmp-server enable traps fru-ctrl
snmp-server enable traps flash insertion removal
snmp-server enable traps energywise
snmp-server enable traps power-ethernet police
snmp-server enable traps entity
snmp-server enable traps lisp
snmp-server enable traps trustsec-sxp conn-srcaddr-err msg-parse-err conn-config-err binding-err conn-up conn-down binding-expn-fail oper-nodeid-change binding-conflict
--More-- snmp-server enable traps trustsec authz-file-error cache-file-error keystore-file-error keystore-sync-fail random-number-fail src-entropy-fail
snmp-server enable traps trustsec-interface unauthorized sap-fail authc-fail supplicant-fail authz-fail
snmp-server enable traps trustsec-server radius-server provision-secret
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps bgp cbgp2
snmp-server enable traps ipsla
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps bfd
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
--More-- snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dhcp
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps rsvp
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server enable traps rf
snmp-server enable traps transceiver all
snmp-server enable traps bulkstat collection transfer
--More-- snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server manager
snmp-server manager session-timeout 200000
!
control-plane
service-policy input system-cpp-policy
!
!
no vstack
!
line con 0
exec-timeout 0 0
password 7 08651D4907391102000E
transport preferred none
transport output none
stopbits 1
line aux 0
transport preferred none
transport output none
stopbits 1
line vty 0 1
access-class ssh in
--More-- password 7 100A581E0B37061E1E01
no login
transport preferred none
transport input ssh
transport output none
line vty 2 3
password 7 054F57082F6C5A1C0B00
no login
transport input ssh
line vty 4
password 7 09081F0E172503071909
no login
transport input ssh
line vty 5 15
access-class denyssh in
password 7 125D54101C2B1811382E
login local
rotary 1
transport input ssh
!
ntp source Vlan1
ntp master 1
ntp server dizimonk.com
--More-- !
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end
DMHYDTCSW001# sh val bre ief
DMHYDTCSW001#sh ip int brief'
Interface IP-Address OK? Method Status Protocol
Vlan1 10.10.2.1 YES NVRAM up up
Vlan2 10.10.1.1 YES NVRAM up up
Vlan10 10.10.0.1 YES NVRAM up up
Vlan99 10.10.99.1 YES NVRAM up up
GigabitEthernet0/0 unassigned YES unset down down
GigabitEthernet1/0/1 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset up up
GigabitEthernet1/0/4 unassigned YES unset up up
GigabitEthernet1/0/5 unassigned YES unset down down
GigabitEthernet1/0/6 unassigned YES unset up up
GigabitEthernet1/0/7 unassigned YES unset administratively down down
GigabitEthernet1/0/8 unassigned YES unset administratively down down
GigabitEthernet1/0/9 unassigned YES unset administratively down down
GigabitEthernet1/0/10 unassigned YES unset administratively down down
GigabitEthernet1/0/11 unassigned YES unset administratively down down
GigabitEthernet1/0/12 unassigned YES unset administratively down down
GigabitEthernet1/0/13 unassigned YES unset up up
GigabitEthernet1/0/14 unassigned YES unset up up
GigabitEthernet1/0/15 unassigned YES unset up up
GigabitEthernet1/0/16 unassigned YES unset up up
GigabitEthernet1/0/17 unassigned YES unset administratively down down
--More-- GigabitEthernet1/0/18 unassigned YES unset administratively down down
GigabitEthernet1/0/19 unassigned YES unset administratively down down
GigabitEthernet1/0/20 unassigned YES unset down down
GigabitEthernet1/0/21 unassigned YES unset down down
GigabitEthernet1/0/22 unassigned YES unset down down
GigabitEthernet1/0/23 unassigned YES unset up up
GigabitEthernet1/0/24 unassigned YES unset up up
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down
DMHYDTCSW001#
May 20 15:22:01.916: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11).
DMHYDTCSW001#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/18, Gi1/0/19, Gi1/0/20
Gi1/0/21, Gi1/0/22, Gi1/0/24
Gi1/1/1, Gi1/1/2, Gi1/1/3
Gi1/1/4
2 SOC active
10 operations active
11 Guest&mobile active Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17
99 admin active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
DMHYDTCSW001# exit
May 20 15:22:24.623: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/16 (11), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/24 (1).
May 20 15:23:00.140: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11).
May 20 15:23:23.309: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/16 (11), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/24 (1).
DMHYDTCSW001#
DMHYDTCSW001#sh ip route'
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 10.10.0.245 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.10.0.245
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 10.10.0.0/24 is directly connected, Vlan10
L 10.10.0.1/32 is directly connected, Vlan10
C 10.10.1.0/24 is directly connected, Vlan2
L 10.10.1.1/32 is directly connected, Vlan2
C 10.10.2.0/24 is directly connected, Vlan1
L 10.10.2.1/32 is directly connected, Vlan1
C 10.10.99.0/24 is directly connected, Vlan99
L 10.10.99.1/32 is directly connected, Vlan99
DMHYDTCSW001#
May 20 15:23:43.755: %SW_MATM-4-MACFLAP_NOTIF: Host 9801.a799.af45 in vlan 11 is flapping between port Gi1/0/16 and port Gi1/0/15
May 20 15:23:50.913: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11).
DMHYDTCSW001#
May 20 15:24:22.481: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/16 (11), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/24 (1).
DMHYDTCSW001#
May 20 15:24:47.247: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11).
DMHYDTCSW001#exit
DMHYDTCSW001 con0 is now available
Press RETURN to get started.
05-20-2019 04:46 AM
HI there,
Your access switchports are either default (VLAN1) or using VLAN11 which doesn't have a SVI configured.
If you connect your PC to Gi1/0/1 and assign your PC and address in the range 10.10.2.2 - 254 then you should be able to SSH to the IP 10.10.2.1 . Depending on whether you have SSH enabled (follow the steps in my earlier post) will determine if you see the login prompt.
cheers,
Seb.
05-20-2019 04:54 AM
when i connect the laptop to the switch then 10.10.0.0 series is releasing
05-20-2019 05:00 AM
Hello,
I see two issues here.
a) the log message says that you have connected two switches on a port that is Vlan11 on your side and vlan1 on the other side
May 20 15:22:01.916: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11). This can even happen if you have connected two ports on the same switch. If this is the case remove the cable. If the switch is different correct the configuration on one side, otherwise you have joined two Vlans using two access ports.
b) You have no aaa new-model
But login local is not configured on all vty
the first line vty 0 1 ad line vty 2 3 have
no login
Please put l
login local
under all of your VTI lines as you cannot know to which line vty you will connect.
You need a consistent configuration to be able to access the switch.
Follow all the suggestions provided by colleagues too.
Hope to help
Giuseppe
Hope to help
Giuseppe
05-20-2019 01:40 AM
The console port should connect no matter what. Does the Putty screen show anything at all ?
Also, what is the IP address of your PC ? And what is the configuration of the port on the switch it is connected to ?
05-20-2019 03:55 AM
interface Vlan1
ip address 10.10.2.1 255.255.255.0
!
interface Vlan2
ip address 10.10.1.1 255.255.255.0
!
interface Vlan10
ip address 10.10.0.1 255.255.255.0
!
interface Vlan99
ip address 10.10.99.1 255.255.255.0
!
then what is the ip address to communicate with switch
05-20-2019 01:14 AM
Hello,
from where are you trying to use Putty ? You need a VLAN interface with an IP address, and the PC (if it is a PC you are connecting from) needs to have an IP address in the same VLAN/subnet..,also, the port the PC is connected to needs to be in that VLAN (switchport access vlan x)....
05-21-2019 02:16 AM
I want to open the switch through putty through vlan 10 only
05-21-2019 02:31 AM
If you want to restrict SSH access to VLAN10 SVI only then you need to look at MPP:
https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_mgmt_plane_prot.html
cheers,
Seb.
05-21-2019 02:39 AM - edited 05-21-2019 02:40 AM
Hello ramakanth,
if you want to allow SSH from users in Vlan 10 only:
you can achieve by using a standard ACL like
access-list 11 permit 10.10.10.0 0.0.0.255 ! IP subnet of Vlan 10
then line vty 0 1 , line vty 2 3 , line vty 4 15
access-class 11 in
Edit:
if you want to be able to SSH only to SVI Vlan10 follow Seb's suggestion for management plane protection.
With that you can decide to enable SSH only on SVI Vlan 10.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide