10-01-2007 05:31 AM - edited 03-05-2019 06:47 PM
Routing was a term I chose to use, I know it is not proper since I can route traffic with out complaint except the snmp, and SSH, traffic from the monitoring server.
I have a group of switches and routers that I monitor.
Site one has a VLAN 100 192.168.10.0 /24 used for switch management. It is connected to Site 2 via a T-1 and two 7200 routers. Site two has a VLAN 100 also 192.168.40./24. The core is 192.168.40.254, router is 192.168.40.253, a switch out on the site has the local user vlan 10, wireless vlan 11, and management vlan 100. The management vlan has an IP of 192.168.40.1. on vlan 10 they have a 10.40.0.0 /1 scheme.
I can monitor via SNMP the core and router using either vlan 10 or vlan 100. I can monitor servers in both vlan 10 and vlan 100. These all connected to the core via ports in the 4506 and the port mode is access. I can monitor the UPS connected to the switch in IDF 1. The switch coming off the 4506 is a trunk port. I can not pickup a thing off that switch. Now if I make that switch a none trunked switch, I can get to it. It is only when it is in trunk mode that I can not monitor the switch.
Snippets of configs ( let me know if you need more)
4506 port connecting to the IDF switch
interface GigabitEthernet3/4
description Uplink (LAIDF1, G1/0/1)
switchport trunk encapsulation dot1q
switchport mode trunk
flowcontrol receive off
storm-control broadcast level 70.00
interface Vlan100
description Management_VLAN
ip address 192.168.40.254 255.255.255.0
no ip redirects
no ip proxy-arp
end
sh ip route on the core shows
C 192.168.40.0/24 is directly connected, Vlan100
This switch can ping and ssh into the offending switch.
Next switch out IDF1
Interface connected to the core:
interface GigabitEthernet1/0/1
description Trunk_to_4506
switchport trunk encapsulation dot1q
switchport mode trunk
storm-control broadcast level 70.00
end
Vlan 100s config
interface Vlan100
description Switch_Management_VLAN
ip address 192.168.40.1 255.255.255.0
no ip redirects
no ip proxy-arp
end
SNMP commands:
access-list 40 remark **** SNMP Access ****
access-list 40 permit 192.168.10.250
snmp-server community Public RO 40
snmp-server community Private RW 40
snmp-server location Over the Rainbow
snmp-server contact John Doe
I can get to all devices on the network except these switches that are in the IDFs. And only the switches that are using trunk ports, we have some that we only move a access port to.
Let me know what else you might need to help figure this out.
I have attached a simple diagram that show where I can get and where I can. Green is good, red is bad.
TIA, Stephen
10-05-2007 12:53 PM
which vlan did you use between the switches to have the communication?
10-08-2007 01:55 AM
I have tried it both on vlan 10 and vlan 11
BTW, Typo VLAn 10 is suposed to be a /16 subnet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide