Switch interface vlan 1 cannot ping, cannot SSH into it

leam2 · ‎05-24-2018

Hello.
The switch is a Cisco Catalyst WS_C2960L_24TS_LL.
I have configured the "interface vlan 1" with
"ip address 192.168.3.40 255.255.255.0"
Then I configured the 24 switchports as trunk ports.
Since then, I cannot "ping 192.168.3.40" and cannot SSH into the switch using this IP.
I used to ping the switch and to SSH into it using this IP address.
How can I investigate the cause of the problem?

Additional question:

- is this interface "vlan 1" the "management" interface of the switch?

- why is it "vlan 1"; does it have something to do with the default VLAN?

Thank you.

Seb Rupik · ‎05-24-2018

Hi there,
Was the device you used to SSH from connected directly to the switch? If it was, then by changing its switchport to a trunk port you will have made it start dropping the tagged packets.
Change your devices connected switchport back to an access port.

Regarding your additional questions, in your instance yes the VLAN1 SVI is the management interface. The management interface can technically be any Layer3 interface on a switch/interface. It is up to the admin to decided which one will be used for management. From that point onwards it would be further secured via ACLs and VRFs.

Yes, VLAN1 is the default VLAN.

cheers,
Seb.

leam2 · ‎05-24-2018

Hello.

Seb_Rupik> Was the device you used to SSH from connected directly to the switch?

Yes, the computer running SSH is connected to the switch interface Gi 0/13, see below:

(config)#do show interfaces gigabitEthernet 0/13 trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/13      on               802.1q         trunking      7

Port        Vlans allowed on trunk
Gi0/13      1,7

Port        Vlans allowed and active in management domain
Gi0/13      1,7

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/13      1,7

Seb_Rupik> If it was, then by changing its switchport to a trunk port you will have made it start dropping the tagged packets.

Given how I configured the switchport, I don't see why packets are dropped.

Which interface is dropping packets? Gi0/13 or Vlan1?

I don't think Gi0/13 is.

How to prevent Vlan1 from dropping the packets it receives?

At first I just needed Gi0/13 (and also the other switchports) to be aware of the fact that the native VLAN number is 7 (and not 1 by default). Someone told me to set Gi0/13 as a trunk port which I did.

Jon Marshall · ‎05-24-2018

If you configure a port as a trunk port then the device connected to that port needs to be capable of tagging frames.

If you have not setup your device to do that then just configure it as an access port as it was before .

Why do all the ports need to be aware of the native vlan ?

Jon

leam2 · ‎05-24-2018

It would help if you could answer my question: which interface is dropping packets?

Jon Marshall · ‎05-24-2018

The switch because for vlan 1 it is expecting a tag and your end device is not configured for tagging.

Jon

Seb Rupik · ‎05-24-2018

As Jon points out, unless an interface is in promiscuous mode, any VLAN tagged frames will be dropped.

In your setup, by setting VLAN7 as the native VLAN on Gi0/13, any VLAN7 traffic leaving that interface will go out untagged and any untagged traffic received on Gi0/13 will be placed in VLAN7.
Since you are trying to access the VLAN1 SVI, if you want to persevere with the trunk port setup you need to make the native VLAN id 1 .

cheers,
Seb.

leam2 · ‎05-24-2018

Hello.

Thank you for your answers.

I declared "interface vlan 7" and gave it an "ip address 192.168.3.40 255.255.255.0" which I can now ping and use to connect via SSH into the switch.

Best regards.