Hi all,I have remotely logged

sulinder1 · ‎02-03-2015

Hi all,

I have a curious issue, I lose telnet access and cannot even ping the management interface of all the cisco switch in a flat network,

I have a core 2750x with 5 trunks using ISL to 5 x3560x, Traffic seems to pass through these switches fine as I have a wireless controller

connected to the core and AP's hanging of these switches and all AP's never lose connectivity with the controller, The AP sends Hello packets every 30 seconds and there will be notifications if these are not received.

Sometimes I have no issues and can telnet from the core or any other switch to one another,

when I log in the next day or even after a few hours the problem manifests, There are no error or dropped packet on all switches, port utilization and CPU utilization are low, Also I have set up port forwarding on the firewall to give me remote access via telnet to the switches this always works?

whilst this problem occurs I can telnet to any switch from the WAN but cannot telnet locally from the switches CLI

any idea's what may be causing this ?

any help would be appreciated

sulinder1 · ‎02-03-2015

sorry the core switch is a 3570x to amend to my remarks above

nate fitzgerald · ‎02-11-2015

Can you see the 3750X IP address from the other switches using CDP ??

Do you have the following ?

SVI (switched virtual interface for network connectivity)

Interface vlan 1 <----- assuming you are using vlan 1 since you only have one subnet on the network as you mentioned above

ip address 10.1.1.1 255.255.255.0

no shut

!

TELNET/SSH ACCESS

Line vty 0 15

!

login ( or login local)

password cisco1234 (if not using local credentials)

transport input all

!

exit

!

Verify you can at least ping the 3750x from the other switches, there could be something blocking it, if not can you post the running config from the 3750x and the running config from the switch/switches you are trying to telnet from.

Thanks

sulinder1 · ‎02-14-2015

Hi Nate,

There are no firewall or ACL's in place to block wired traffic,

I have remotely logged in via telnet and got the running config and cdp neighbors report below,

all 5 switches are configured the same with trunk ports connected the this switch 192.168.7.254 (3750x), They all have a mgt IP on vlan1 192.168.7.254-249)via telnet via port forwarding on the firewall, once I connect to the core switch or any other via a remote session I cannot telnet from one switch to another?

The switchport mode on the trunk ports is set to "dynamic desirable" so they use cisco propriety ISL protocol for trunking to the other cisco switches.

As mentioned I can connect to all switches remotely via telnet through the firewall

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.02.15 15:09:46 =~=~=~=~=~=~=~=~=~=~=~=

User Access Verification

Password:
core1>enable
Password:
core1#show running-config
Building configuration...

Current configuration : 3281 bytes
!
! No configuration change since last restart
! NVRAM config last updated at 14:41:53 UTC Tue Feb 3 2015
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname core1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$xk7W$yvKinhgotTezJlDIW6WrC1
enable password xxxx
!
no aaa new-model
switch 1 provision ws-c3750x-12s
system mtu routing 1500
!

!
!
crypto pki trustpoint TP-self-signed-1635187968
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1635187968
revocation-check none
rsakeypair TP-self-signed-1635187968
!
!
crypto pki certificate chain TP-self-signed-1635187968
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363335 31383739 3638301E 170D3933 30333031 30303031
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36333531
38373936 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B25B 0C075343 DD51B86D 6871C9BF 79F552EE DDBC1B3D 58C8D4A0 2EC6063C
D77D72AC FBD2583A 68F04CFB 3E2FAC06 19409670 0FB57C71 96118E7E A21BF5D9
61B22332 EE6921B0 5D93C879 67A0AC6F 413EDAD6 8C815BCC A7DE1134 56735697
A693494E E1FEFBA8 6A246A32 F066E721 701601E6 03F8E255 EFBD0B70 DE028D19
DCC10203 010001A3 65306330 0F060355 1D130101 FF040530 030101FF 30100603
551D1104 09300782 05636F72 6531301F 0603551D 23041830 16801458 BE03F383
B255507B 93814AD7 0027E8C3 3A160E30 1D060355 1D0E0416 041458BE 03F383B2
55507B93 814AD700 27E8C33A 160E300D 06092A86 4886F70D 01010405 00038181
0054608D 266B667D AE9114ED E75B2D73 CF1A4B2B 4C770E90 6DDB7162 60E90E3D
C9338345 5EF3DD54 9E35C50A 7164910A 84219F96 0826AF3C C1FAD7CD B9789857
EF144F76 8B7FEBD2 041B2393 D6D58458 7F6078B2 6211D6EA 19AB1F56 372CE2B9
D546D232 FE962CE6 832D46F6 4D51ED69 8765CC77 90882B2C B72825D1 B50F757E E8
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1

interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 192.168.7.254 255.255.248.0
!
ip default-gateway 192.168.1.254
ip http server
ip http secure-server
!
!
logging esm config
!
!
line con 0
line vty 0 4
password xxxxxx
login
length 0
line vty 5 15
password xxxxxx
login
!
end

core1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability Platform Port ID
switch2          Gig 1/0/11        163              S I   WS-C3560X Gig 1/1
switch3          Gig 1/0/7         157              S I   WS-C3560X Gig 1/1
switch1          Gig 1/0/5         168              S I   WS-C3560X Gig 1/1
switch4          Gig 1/0/9         150              S I   WS-C3560X Gig 1/1
switch5          Gig 1/0/3         148              S I   WS-C3560X Gig 1/1
core1# exit

thsnks

Jerry Paul · ‎02-04-2015

Hi,

Read your question again...2750x switch does not exist. It will be 3750x.

If you have any dedicated/Live IP then you can telnet your network from WAN.

You will need to assign an IP to switch and that IP must be a live IP.

sulinder1 · ‎02-04-2015

hi Jerry,

i have no problems to telnet to the switches via the WAN, problem is telneting from one switch to another, sometimes works and sometimes cant connect even wont respond to pings

Jerry Paul · ‎02-11-2015

Hi,

First of all you must assign an IP address to VLAN on every switch. Then set tellnet password and enable password.

Then you will be able to access LAN switches.

nate fitzgerald · ‎02-10-2015

The other switches you are trying to telnet from are they in the same subnet as you core switch for instance are trying to telnet from switch 1 IP address 10.1.1.1 to switch 2 10.2.2.2 ? if so then since the subnet is different you would need the ip default-gateway command added to the switch, or since these are Layer 3 switches and if you have the command ip routing enabled, the you can add the ip route statement, that way the switches know how to get from one subnet to another

sulinder1 · ‎02-10-2015

Hi Nate, all switches are on the same subnet just a layer 2 environment with a single gateway for my remote access,

thanks

LJ Gabrillo · ‎02-10-2015

Can we get the logs of the devices.

#show running-config
#show cdp neighbors -Helps us see where/how you connected them

A network diagram as well, that would be nice

sulinder1 · ‎02-10-2015

Hi,

I am currently on-site in another state and have access controls on the FW so can only log into the switches when I am back in the office as they are also a another location, I will get the config to you next week, that's for looking at this, will update you early next week

regards

Sulinder

sulinder1 · ‎02-14-2015

Hi all,

I have remotely logged in via telnet and got the running config and cdp neighbors report below,

all 5 switches are configured the same with trunk ports connected the this switch 192.168.7.254 (3750x), They all have a mgt IP on vlan1 192.168.7.254-249)via telnet via port forwarding on the firewall, once I connect to the core switch or any other via a remote session I cannot telnet from one switch to another?

The switchport mode on the trunk ports is set to "dynamic desirable" so they use cisco propriety ISL protocol for trunking to the other cisco switches.

As mentioned I can connect to all switches remotely

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.02.15 15:09:46 =~=~=~=~=~=~=~=~=~=~=~=

User Access Verification

Password:
core1>enable
Password:
core1#show running-config
Building configuration...

Current configuration : 3281 bytes
!
! No configuration change since last restart
! NVRAM config last updated at 14:41:53 UTC Tue Feb 3 2015
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname core1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$xk7W$yvKinhgotTezJlDIW6WrC1
enable password xxxx
!
no aaa new-model
switch 1 provision ws-c3750x-12s
system mtu routing 1500
!

!
!
crypto pki trustpoint TP-self-signed-1635187968
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1635187968
revocation-check none
rsakeypair TP-self-signed-1635187968
!
!
crypto pki certificate chain TP-self-signed-1635187968
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363335 31383739 3638301E 170D3933 30333031 30303031
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36333531
38373936 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B25B 0C075343 DD51B86D 6871C9BF 79F552EE DDBC1B3D 58C8D4A0 2EC6063C
D77D72AC FBD2583A 68F04CFB 3E2FAC06 19409670 0FB57C71 96118E7E A21BF5D9
61B22332 EE6921B0 5D93C879 67A0AC6F 413EDAD6 8C815BCC A7DE1134 56735697
A693494E E1FEFBA8 6A246A32 F066E721 701601E6 03F8E255 EFBD0B70 DE028D19
DCC10203 010001A3 65306330 0F060355 1D130101 FF040530 030101FF 30100603
551D1104 09300782 05636F72 6531301F 0603551D 23041830 16801458 BE03F383
B255507B 93814AD7 0027E8C3 3A160E30 1D060355 1D0E0416 041458BE 03F383B2
55507B93 814AD700 27E8C33A 160E300D 06092A86 4886F70D 01010405 00038181
0054608D 266B667D AE9114ED E75B2D73 CF1A4B2B 4C770E90 6DDB7162 60E90E3D
C9338345 5EF3DD54 9E35C50A 7164910A 84219F96 0826AF3C C1FAD7CD B9789857
EF144F76 8B7FEBD2 041B2393 D6D58458 7F6078B2 6211D6EA 19AB1F56 372CE2B9
D546D232 FE962CE6 832D46F6 4D51ED69 8765CC77 90882B2C B72825D1 B50F757E E8
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1

interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
switchport mode dynamic desirable
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 192.168.7.254 255.255.248.0
!
ip default-gateway 192.168.1.254
ip http server
ip http secure-server
!
!
logging esm config
!
!
line con 0
line vty 0 4
password xxxxxx
login
length 0
line vty 5 15
password xxxxxx
login
!
end

core1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability Platform Port ID
switch2          Gig 1/0/11        163              S I   WS-C3560X Gig 1/1
switch3          Gig 1/0/7         157              S I   WS-C3560X Gig 1/1
switch1          Gig 1/0/5         168              S I   WS-C3560X Gig 1/1
switch4          Gig 1/0/9         150              S I   WS-C3560X Gig 1/1
switch5          Gig 1/0/3         148              S I   WS-C3560X Gig 1/1
core1# exit

Regards

sulinder

sulinder1 · ‎02-14-2015

Oh yea forgot the network topology is just a star the all other 5 switches just connect to the 3750,

no loops in the network pretty basic setup,

Basically 5 different building connected to the core, main building which provides internet access,

seems traffic is passing through the switches fine without any problems

management Interface not responding to telnet or pings