cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1038
Views
0
Helpful
14
Replies

Creating of vlans

ramakanth
Level 1
Level 1

I have createda  five vlans in a switch 3650

vlan1 10.10.2.0/24

vlan2 10.10.1.0/24

vlan 11 192.168.0.0/24

vlan99 10.10.99.0/24

vlan10 10.10.0.0/24

 

But i am not able to open switch through putty

 

can you do it in brief

 

14 Replies 14

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

I assume you are able to reach one of those VLAN SVIs? Ie, you have connectivity to the switch from your PC.

 

If you can console onto the switch, try these commands:

!
username <user> secret <new_password>
!
ip domain-name example.com
crypto key generate rsa
ip ssh version 2
!
line vty 0 4
  transport input ssh
!

cheers,

Seb.

 

 

I have done line console also but it was not communicating with any vlan

I want to shutdown vlan 1 and open the putty through another vlan

Can you share the running config of the switch obtained via the console port?

Also as @Georg Pauwen asks, can you confirm the IP settings of the PC you are attempting the SSH connection from?

 

cheers,

Seb.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.05.20 14:31:21 =~=~=~=~=~=~=~=~=~=~=~=

DMHYDTCSW001#sh runn
Building configuration...

Current configuration : 14772 bytes
!
! Last configuration change at 20:54:05 PDI Fri May 17 2019
! NVRAM config last updated at 08:54:02 PDI Sat May 18 2019
!
version 16.3
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname DMHYDTCSW001
!
shell processing full
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
--More--   exit-address-family
!
enable secret 5 $1$Emcd$cWj6lSkg.CjL2WFHfeax90
enable password 7 0242555C05261B345E4B
!
no aaa new-model
clock timezone IST 5 30
clock summer-time PDI recurring
switch 1 provision ws-c3650-24ts
!
!
!
!
ip routing
!
!
!
ip name-server 8.8.8.8 10.10.0.1
ip domain name dizimonk.com
!
!
!
!
--More--  !
!
!
!
!
crypto pki trustpoint TP-self-signed-1939720957
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1939720957
revocation-check none
rsakeypair TP-self-signed-1939720957
!
!
crypto pki certificate chain TP-self-signed-1939720957
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393339 37323039 3537301E 170D3138 31323331 30333534
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39333937
32303935 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100A562 D107848C DFB43895 26AA67EB 31669811 E18439DE 929F6565
595E6A88 621B9F4A 9B570CCB B7FE4269 A5A1ABD3 3085CDCC CF202A3D 7B616198
9B06DA99 9598590C 84AA3884 22A1C7AD A1EF5CC1 941095EB ECC9E7A6 0BF12CC1
--More--   B86D24DE FCAF97B7 E2097118 008F177B 1DAE2421 33739924 3BBC922F 7BA6166C
81B7E423 9CEAACD7 4C721166 60983F95 EC3A1E62 058F35F3 4A0AE483 73BDCAB5
C568FB31 A1A6D23E C19BDF2E CE48E34B 3BA2BFDC F582F47F C7ED1B55 8FB39C2D
09E0AC5B 24457AF0 F70749C0 0E282FDA 3947EB7A 081D41FC 78DB4E74 EC251A0C
3FE04173 DDC7621B 9650F964 BE48250E 1E40378A 37180A09 98714D12 58C50691
922BC064 BFE90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 1499EE9A 1DA5C30F BE6DD4D7 05B0E4C3 F583670B
2E301D06 03551D0E 04160414 99EE9A1D A5C30FBE 6DD4D705 B0E4C3F5 83670B2E
300D0609 2A864886 F70D0101 05050003 82010100 988F31FB 396F3526 A79E6809
EE0E2494 6146FCAF 886285BD 8C11458F 08D51483 9ACE781C 2B57572A F45D7111
866415BB 8EDCF8F2 9B924E5D 2E1515C2 298FED6D 771A91C5 CCDEA7C4 50F002ED
04F89A9B 794F40C7 2F7D3835 F59E0959 1BD94195 F7CD68B2 6ADF6134 313EE8C8
8A0E35A6 7A21AB00 68D24531 1D59DFDB DD83FE3C B31B7186 A7C802D1 67B48B91
9E87CBE0 B9A1C02B BF0CB731 C2016535 CDB71CF4 8F33B850 3B521516 5D68EE0D
46D0D27E 84B8D1EB 4EBEF54B C0D7089A 6DE19010 BB2B0B7E F2DEE560 DB173FD9
25839818 8C0C7C69 98E8977B 8E5B099C 72F68897 9FE05C93 AE21D348 77ED9C60
D2BD4CD9 D893372D 42834EBC AC4754EE 33CE9842
quit
!
license boot level ipbasek9
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
--More--  !
!
username $up3r@dm1n password 7 0242555C05261B345E4B
username @dm1n privilege 15 password 7 06010101585B1B1C
!
redundancy
mode sso
!
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
--More--  class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
!
--More--  policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
--More--   class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
--More--  interface GigabitEthernet1/0/1
switchport mode access
!
interface GigabitEthernet1/0/2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport mode access
!
interface GigabitEthernet1/0/4
switchport mode access
!
interface GigabitEthernet1/0/5
switchport mode access
!
interface GigabitEthernet1/0/6
switchport mode access
!
interface GigabitEthernet1/0/7
switchport mode access
shutdown
!
interface GigabitEthernet1/0/8
--More--   switchport mode access
shutdown
!
interface GigabitEthernet1/0/9
switchport mode access
shutdown
!
interface GigabitEthernet1/0/10
switchport mode access
shutdown
!
interface GigabitEthernet1/0/11
switchport mode access
shutdown
!
interface GigabitEthernet1/0/12
switchport mode access
shutdown
!
interface GigabitEthernet1/0/13
switchport access vlan 11
switchport mode access
!
--More--  interface GigabitEthernet1/0/14
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 11
switchport mode access
shutdown
!
interface GigabitEthernet1/0/18
switchport mode access
shutdown
!
interface GigabitEthernet1/0/19
switchport mode access
--More--   shutdown
!
interface GigabitEthernet1/0/20
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport mode access
!
interface GigabitEthernet1/0/22
switchport mode access
!
interface GigabitEthernet1/0/23
switchport mode trunk
!
interface GigabitEthernet1/0/24
description firewallconnected
switchport mode access
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
--More--  !
interface GigabitEthernet1/1/4
!
interface Vlan1
ip address 10.10.2.1 255.255.255.0
!
interface Vlan2
ip address 10.10.1.1 255.255.255.0
!
interface Vlan10
ip address 10.10.0.1 255.255.255.0
!
interface Vlan99
ip address 10.10.99.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 7443
!
ip route profile
ip route 0.0.0.0 0.0.0.0 10.10.0.245
--More--  ip ssh port 7022 rotary 1
ip ssh version 2
!
ip access-list standard ssh
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
--More--
May 20 15:21:31.977: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/16 (11), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/24 (1).  permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
--More--   permit tcp any any eq 5985
permit tcp any any eq 8080
ip access-list extended denyssh
deny tcp any any eq 22
permit tcp any any eq 7022
!
access-list 101 permit tcp any any eq www
!
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps entity-perf throughput-notif
snmp-server enable traps wireless bsnMobileStation bsnAccessPoint bsnRogue bsn80211Security bsnAutoRF bsnGeneral AP client mfp mobility rogue RRM SI
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
--More--  snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps eigrp
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps license
snmp-server enable traps cpu threshold
snmp-server enable traps memory bufferpeak
snmp-server enable traps stackwise
snmp-server enable traps envmon
snmp-server enable traps fru-ctrl
snmp-server enable traps flash insertion removal
snmp-server enable traps energywise
snmp-server enable traps power-ethernet police
snmp-server enable traps entity
snmp-server enable traps lisp
snmp-server enable traps trustsec-sxp conn-srcaddr-err msg-parse-err conn-config-err binding-err conn-up conn-down binding-expn-fail oper-nodeid-change binding-conflict
--More--  snmp-server enable traps trustsec authz-file-error cache-file-error keystore-file-error keystore-sync-fail random-number-fail src-entropy-fail
snmp-server enable traps trustsec-interface unauthorized sap-fail authc-fail supplicant-fail authz-fail
snmp-server enable traps trustsec-server radius-server provision-secret
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps bgp cbgp2
snmp-server enable traps ipsla
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps bfd
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
--More--  snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps dhcp
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps rsvp
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server enable traps rf
snmp-server enable traps transceiver all
snmp-server enable traps bulkstat collection transfer
--More--  snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server manager
snmp-server manager session-timeout 200000
!
control-plane
service-policy input system-cpp-policy
!
!
no vstack
!
line con 0
exec-timeout 0 0
password 7 08651D4907391102000E
transport preferred none
transport output none
stopbits 1
line aux 0
transport preferred none
transport output none
stopbits 1
line vty 0 1
access-class ssh in
--More--   password 7 100A581E0B37061E1E01
no login
transport preferred none
transport input ssh
transport output none
line vty 2 3
password 7 054F57082F6C5A1C0B00
no login
transport input ssh
line vty 4
password 7 09081F0E172503071909
no login
transport input ssh
line vty 5 15
access-class denyssh in
password 7 125D54101C2B1811382E
login local
rotary 1
transport input ssh
!
ntp source Vlan1
ntp master 1
ntp server dizimonk.com
--More--  !
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end

DMHYDTCSW001# sh val bre ief              
DMHYDTCSW001#sh ip int brief' 
Interface IP-Address OK? Method Status Protocol
Vlan1 10.10.2.1 YES NVRAM up up
Vlan2 10.10.1.1 YES NVRAM up up
Vlan10 10.10.0.1 YES NVRAM up up
Vlan99 10.10.99.1 YES NVRAM up up
GigabitEthernet0/0 unassigned YES unset down down
GigabitEthernet1/0/1 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset up up
GigabitEthernet1/0/4 unassigned YES unset up up
GigabitEthernet1/0/5 unassigned YES unset down down
GigabitEthernet1/0/6 unassigned YES unset up up
GigabitEthernet1/0/7 unassigned YES unset administratively down down
GigabitEthernet1/0/8 unassigned YES unset administratively down down
GigabitEthernet1/0/9 unassigned YES unset administratively down down
GigabitEthernet1/0/10 unassigned YES unset administratively down down
GigabitEthernet1/0/11 unassigned YES unset administratively down down
GigabitEthernet1/0/12 unassigned YES unset administratively down down
GigabitEthernet1/0/13 unassigned YES unset up up
GigabitEthernet1/0/14 unassigned YES unset up up
GigabitEthernet1/0/15 unassigned YES unset up up
GigabitEthernet1/0/16 unassigned YES unset up up
GigabitEthernet1/0/17 unassigned YES unset administratively down down
--More--  GigabitEthernet1/0/18 unassigned YES unset administratively down down
GigabitEthernet1/0/19 unassigned YES unset administratively down down
GigabitEthernet1/0/20 unassigned YES unset down down
GigabitEthernet1/0/21 unassigned YES unset down down
GigabitEthernet1/0/22 unassigned YES unset down down
GigabitEthernet1/0/23 unassigned YES unset up up
GigabitEthernet1/0/24 unassigned YES unset up up
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down
DMHYDTCSW001#
May 20 15:22:01.916: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11).
DMHYDTCSW001#sh vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/18, Gi1/0/19, Gi1/0/20
Gi1/0/21, Gi1/0/22, Gi1/0/24
Gi1/1/1, Gi1/1/2, Gi1/1/3
Gi1/1/4
2 SOC active
10 operations active
11 Guest&mobile active Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17
99 admin active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
DMHYDTCSW001#   exit    
May 20 15:22:24.623: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/16 (11), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/24 (1).
May 20 15:23:00.140: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11).
May 20 15:23:23.309: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/16 (11), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/24 (1).
DMHYDTCSW001#
DMHYDTCSW001#sh ip route' 
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 10.10.0.245 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.10.0.245
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
C 10.10.0.0/24 is directly connected, Vlan10
L 10.10.0.1/32 is directly connected, Vlan10
C 10.10.1.0/24 is directly connected, Vlan2
L 10.10.1.1/32 is directly connected, Vlan2
C 10.10.2.0/24 is directly connected, Vlan1
L 10.10.2.1/32 is directly connected, Vlan1
C 10.10.99.0/24 is directly connected, Vlan99
L 10.10.99.1/32 is directly connected, Vlan99
DMHYDTCSW001#
May 20 15:23:43.755: %SW_MATM-4-MACFLAP_NOTIF: Host 9801.a799.af45 in vlan 11 is flapping between port Gi1/0/16 and port Gi1/0/15
May 20 15:23:50.913: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11).
DMHYDTCSW001#
May 20 15:24:22.481: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/16 (11), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/24 (1).
DMHYDTCSW001#
May 20 15:24:47.247: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11).
DMHYDTCSW001#exit

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DMHYDTCSW001 con0 is now available

 

 

Press RETURN to get started.

 

 

 

 

HI there,

Your access switchports are either default (VLAN1) or using VLAN11 which doesn't have a SVI configured.

 

If you connect your PC to Gi1/0/1 and assign your PC and address in the range 10.10.2.2 - 254 then you should be able to SSH to the IP 10.10.2.1 . Depending on whether you have SSH enabled (follow the steps in my earlier post) will determine if you see the login prompt. 

 

cheers,

Seb.

when i connect the laptop to the switch then 10.10.0.0 series is releasing

Hello,

I see two issues here.

 

a) the log message says that you have connected two switches on a port that is Vlan11 on your side and vlan1 on the other side

May 20 15:22:01.916: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/24 (1), with DMHYDTCSW001.dizimonk.com GigabitEthernet1/0/16 (11). This can even happen if you have connected two ports on the same switch. If this is the case remove the cable. If the switch is different correct the configuration on one side, otherwise you have joined two Vlans using two access ports.

 

b) You have no aaa new-model

But login local is not configured on all vty

the first line vty 0 1 ad line vty 2 3 have

no login

Please put l

login local

under all of your VTI lines as you cannot know to which line vty you will connect.

You need a consistent configuration to be able to access the switch.

 

Follow all the suggestions provided by colleagues too.

 

Hope to help

Giuseppe

 

 

Hope to help

Giuseppe

 

The console port should connect no matter what. Does the Putty screen show anything at all ?

 

Also, what is the IP address of your PC ? And what is the configuration of the port on the switch it is connected to ?

interface Vlan1
ip address 10.10.2.1 255.255.255.0
!
interface Vlan2
ip address 10.10.1.1 255.255.255.0
!
interface Vlan10
ip address 10.10.0.1 255.255.255.0
!
interface Vlan99
ip address 10.10.99.1 255.255.255.0
!

 

then what is the ip address to communicate with switch

Hello,

 

from where are you trying to use Putty ? You need a VLAN interface with an IP address, and the PC (if it is a PC you are connecting from) needs to have an IP address in the same VLAN/subnet..,also, the port the PC is connected to needs to be in that VLAN (switchport access vlan x)....

ramakanth
Level 1
Level 1

I want to open the switch through putty through vlan 10 only

If you want to restrict SSH access to VLAN10 SVI only then you need to look at MPP:

https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_mgmt_plane_prot.html

 

cheers,

Seb.

Hello ramakanth,

if you want to allow SSH from users in Vlan 10 only:

you can achieve by using a standard ACL like

access-list 11 permit 10.10.10.0 0.0.0.255    ! IP subnet of Vlan 10

 

then line vty 0 1 , line vty 2 3 , line vty 4 15

access-class 11 in

 

Edit:

if you want to be able to SSH only to SVI  Vlan10 follow Seb's suggestion for management plane protection.

With that you can decide to enable SSH only on SVI Vlan 10.

 

Hope to help

Giuseppe

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco