Home Lab Configs Wrong? HELP PLEASE!!!

g3nz0d227 · ‎11-04-2016

Hi. I'm trying to configure my home lab switch, but i'm not sure if it's right.

I have a NAC device with an IP of 192.168.0.10 (used as UN for the device's login), and I assigned that IP as VLAN 1 (192.168.0.10 /24).

Is this an issue? Should I set VLAN 1 to 192.168.0.0 /2?

Also,

The switch WILL NOT accept the crypto key generate command per SSH. I can't even telnet into the device as the session quickly disconnects after telnetting in.

Please help. Here are my configs:

User Access Verification

Password:
Password:
CAHN>en
Password:
CAHN#sh run
Building configuration...

Current configuration : 2747 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CAHN
!
enable secret ********
enable password *********
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
no ip domain-lookup
ip domain-name homelab.com
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.10
!
ip dhcp pool production
network 192.168.0.0 255.255.255.0
domain-name wr
lease 3
!
ip dhcp pool PROD
default-router 192.168.0.1
lease 3
!
ip dhcp pool management
default-router 192.168.0.1
lease 3
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
description to Eth0 on CT
switchport mode access
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
description SPAN PORT
switchport trunk encapsulation dot1q
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
description Link to ISP Router
switchport trunk encapsulation dot1q
switchport mode access
!
interface GigabitEthernet0/1
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1
!
interface Vlan1
ip address 192.168.0.10 255.255.255.0 (is this correct? Can the VLAN 1 IP be the same as what I assigned the NAC device?)
!
ip default-gateway 192.168.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
!
snmp-server community private RW
snmp-server community private1 RO
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps mac-notification
snmp-server host 192.168.0.10 private
!
control-plane
!
banner motd ^CCCHome Network.^C
!
line con 0
exec-timeout 5 0
password **********
logging synchronous
login
line vty 0 4
exec-timeout 5 0
password **********
login
transport input telnet (SSH UNSUCCESSFUL HERE, HENCE THE TELNET)
line vty 5 15
--More--

chrihussey · ‎03-13-2018

No the switch interface VLAN 1 IP cannot be the same as the NAC device.

You probably can't generate the crypto key because the code on the switch does not support it. (The image probably should have a "k9" in the name)

According the the config the telnet session should drop after 5 minutes of inactivity "exec-timeout 5 0", if this isn't the case something is wrong. Suggest removing it from the VTYs.

Hope this helps.