SSH connection lost when assigning port to a VLAN

r.brandenburg · ‎03-08-2012

I have a very basic understanding about VLANS, and am sure that I am misunderstanding the configuration. That being said, I am having an issue assigning certain ports to a vlan.

When I attempt to assign a port (say fa0/1) to a vlan other than vlan 1, the SSH connection is lost upon issuing the switchport access vlan command.

I have created 3 VLANs (100,200,300) in addition to the default vlan 1. The PC I am using to access the swicth is connected to fa0/1. When I try to assign that port to one of the vlans (say vlan 200), the connection locks up.

Here are the commands I am using (its not rocket science):

Switch# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# interface fastethernet0/1

Switch(config-if)# switchport mode access

Switch(config-if)# switchport access vlan 200

<<--- terminal doesnt respond anymore ---->>

After this if I try to connect to the switch via SSH, the switch is no longer seen on the network from this PC.

If I switch the cable to another port, then I can connect to it. So, I am assuming that since the ports are on Vlan 1, they are accessible via SSH.

Also tried this under telnet, with the same results.

Any suggestions are welcome.

John Blakley · ‎03-08-2012

If I'm understanding you right, you're changing the port that you're PC is connected to to another vlan? If that's the case, yes, you'll lose your connection. VLANs are logical separations and usually separated by subnet. Let's assume that your vlan 1's subnet is 192.168.1.0/24 and your vlan 200 is 192.168.200.0/24. When you are on vlan 1, your PC's address could be 192.168.1.50, but when you flip over to vlan 200, now you're trying to route 192.168.1.0/24 over the 192.168.200.0/24 subnet which won't work. You'll need to release and renew your address after flipping over to the new vlan to get the proper address.

You'll also need a router to route the vlans if this isn't a L3 switch. So, when you flip over to the other vlan, you're in the wrong subnet which explains why you lose your connection.

Please rate useful posts...

HTH, John *** Please rate all useful posts ***

Dirk Woellhaf · ‎03-08-2012

Hi,

that´s a pretty basic problem. I guess you configured the ip-address of the switch under vlan-1. So if you change your port (fa0/1) to another VLAN you are nolonger able to reach the switch directly because your are then on another "broadcast"-domain. If you wann reach the switch over vlan-200, you have to configure a SVI (Switch virtual interface) on the switch:

You have to use a router to cross the vlan-boundary (vlan1 <-> vlan2 )

do a "show ip interface brief | exclude unassinged" to verify where ip-address are configured

regards,

Dirk

BTW: please rate if useful

regards, Dirk (Please rate if helpful)

r.brandenburg · ‎03-08-2012

Here is our use case, we have a training system with a group of PCs on a closed network connected to a 2960 switch.

We need to assign the PCs to a specifiec vlan dynamically (at run time) based on user configuration. I am using Expect TCL scripts to provide the commands to the switch. The Expect TCL scripts work fine up until the point where I move the connected PC to the specified VLAN (100).

My original thought was to have 3 VLANs (100,200,300), but I think I need to keep one of them to be the default VLAN, so 1, 200, 300. The PC that controls the assignment script will always be in the first VLAN so I think I can use the default instead of 100.

Thanks for the input, I will test this theory out n the morning - will post if I need more advice.

Thanks again for the input!