 
					
				
		
02-24-2018 02:48 AM - edited 03-08-2019 02:00 PM
Hi Team,
I looked for this query for layer 2 but only found one for layer 3 switches so if there is already a discussion for this then please advise..Thanks in advance
1. Should a layer 2 switch be able to ping/telnet/traceroute to a router and vice versa using the ROAS model
2. Is it easier to telnet/ssh from the PC/server to switch then router or from PC directly to router or is that just a preference thing?
Solved! Go to Solution.
03-02-2018 10:35 AM - edited 03-13-2018 10:50 AM
Thanks for the update. The configst still have some issues.
1) on the router you added a subinterface under FA0/0. I am not sure what you intend to do with it.
2) there is still no subinterface for vlan 1 on the router, and so no entry for subnet 192.168.10.0
3) the subinterface on the router for vlan 3 still is configured so that it expects frames to be tagged. but the switch configures vlan 3 as the native vlan on the trunk and so will send frames with no tag.
4) the subinterface on the router for vlan 3 now has its network as 192.168.20.0. This is different from the last config that you posted. I am not sure why you changed it. And it produces a conflict with the switch config which puts 192.168.20.0 on vlan 4
5) the router now has only one static default route, which is probably better. But the new static default route
ip route 0.0.0.0 0.0.0.0 192.168.10.2
has a next hop in a subnet that is not known to the router. (where is subnet 192.168.10.0) so if you do show ip route on the router I expect you will find that there is not a gateway of last resort in the routing table
6) the switch has its default gateway as 192.168.10.1. There is only one active SVI on the switch (interfaces vlan 3 and 4 are shutdown) and its address is 192.168.10.2 and this vlan does not have a subinterface on the router. So I don't know how the switch will get to its gateway.
HTH
Rick
02-24-2018 04:56 AM
Hello,
1- An L2 switch should be able to ping/telnet/traceroute to a router and vice versa in a router on a stick scenario if everything is proper configured. (trunk, vlan/sub interfaces, default gateway, etc.).
2- It's more of a preference thing. Again, as long as everything is properly configured either should work just as well. I assume it would be easier just to telnet to the router, as opposed to making it a two step process.
Hope this helps
02-24-2018 02:20 PM
I like the answers from Chris and would like to expand a little on 2). Frequently it is a preference thing but sometimes it is not. I have worked with several customers who had security policies that certain devices (usually router) would accept connections from remote subnets while other devices (usually switches and other similar devices) would only accept connections from a "local" subnet. In that case you would need to telnet/SSH to the device that accepts remote connection requests and then connect to the other devices in that part of the network.
HTH
Rick
02-25-2018 03:40 AM
Thanks Chris and Richard for the replies.
Am unable to telnet from PC to switch 192.168.10.2 via putty
Last worked months ago.
Have entered all necessary details into putty
Connection type is telnet. Port 23. Enable TCP keepalives. IP version is auto.
Have ether cable from PC to fa0/5 on switch. Port is up and online as below output shows
Can connect to switch and router via serial OK
Port 23 isn't blocked
Save the config. then load. putty give a black screen with a green dot in top left corner for about a minute then Putty Fatal Error dialog box showing network error: connection timed out
telnet config on switch is below
switch
line con 0
 password TrustNo1
 login
 transport input none
 stopbits 1
line vty 0 4
 exec-timeout 60 0
 password xxxxxxxxxx
 login local
 transport input telnet
line vty 5 15
 exec-timeout 60 0
 password xxxxxxxx
 login local
Output of netstat -an |find /i "3389"
C:\Users\Administrator>netstat -an |find /i "3389"
 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
 TCP [::]:3389 [::]:0 LISTENING
Output of netstat -an | find /i "23"
C:\Users\Administrator>netstat -an | find /i "23"
 TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
 TCP 192.168.20.3:58224 64.233.188.188:443 ESTABLISHED
 TCP [::]:23 [::]:0 LISTENING
Need more info..please let me know...
02-25-2018 03:43 AM
Windows CLI error for telnet is...
C:\Users\Administrator>telnet 192.168.10.2
Connecting To 192.168.10.2...Could not open connection to the host, on port 23:
Connect failed
02-25-2018 04:07 AM
obvious question: can you actually ;ping the switch?
did you config telnet source ip adress if you have multiple IPs on that switch?
02-25-2018 05:21 AM
I agree that the question of can you ping the switch on that address is a key point. This could be a simple case of problem with IP connectivity. We do know from the partial config that telnet is enabled and that there is no access-class on the vty. So from that perspective telnet should work. We do not know about the port that the PC is connected to. What vlan is that in? What is the subnet of that vlan? What is the gateway of that vlan if that vlan is not in the subnet where the switch IP address is? Does the PC have the correct gateway configured if the switch IP address is not in the vlan/subnet where the PC is connected?
HTH
rick
02-26-2018 04:05 AM
Evening Richard and rest of techs. Thanks for your replies. My screen has just fizzed out and not have spare one. Be a couple of days for reply. :) Using work PC now ATM
02-26-2018 11:06 AM
Thanks for letting us know that there will be a delay in following up on this discussion. Sorry you ran into problems. Let us know when you are able to get back to this.
HTH
Rick
02-28-2018 03:43 AM
Evening Richard and team,
Have another screen.
Results of pinging from server 192.168.20.3
C:\Users\Administrator>ping 192.168.10.2(switch)
Pinging 192.168.10.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.10.2:
 Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Users\Administrator>
Perhaps you may also need a route print output?
thanks again..:)
02-28-2018 08:14 AM
Glad to see that you are back in action. The output of route print might be helpful. Also please verify the IP, mask, and (especially) gateway of the PC/server. In a previous post you indicate that you are connected on fa0/5. Is that still the case. In that case it looks like you are connecting in vlan 1 of the switch. What (and where) is the gateway for vlan 1? Would you post the output of these commands on the switch show interface status, show ip interface brief.
HTH
Rick
02-28-2018 08:02 PM
03-01-2018 04:07 AM
Gateway of server is 192.168.20.1(ISP modem)
Cisco router connects to this via FA0/0 whilst FA0/1 connects to FA0/24 on layer 2 switch via trunkport
The server IP is 192.168.20.3 via ISP modem.
Now I have a 2nd NIC on server that connects to port 4 on switch. This is the one I was going to use for telnet/ssh as the switch and router isn't always turned on. Only the ISP supplied router is. Hence the reason I was going to use a 2nd NIC card for when cisco router and switch are powered up if that makes sense
router and switch config as requested
03-01-2018 09:14 AM
I am a bit confused. In a previous post you gave us this
interface VLAN4
 description Data vlan 4
 ip address 10.100.10.1 255.0.0.0
 no ip directed-broadcast
 no ip route-cache
 shutdown
and now you give us this
interface VLAN4
 description Data vlan 4
 ip address 192.168.20.2 255.255.255.0
 no ip directed-broadcast
 no ip route-cache
 shutdown
At first I was concerned that the vlan interface is shut down. Then I realized that this does not matter because the gateway address should be on the router. But the shifting address is a bit confusing.
I have found several issues in the posted configs and probably any one of them would cause this problem:
1) there is no interface on the router which is in subnet 192.168.10.0 and no static route for that subnet. So any attempt to reach that address from the router will use the default route to the ISP and not to the switch.
2) the address that you are attempting to access 192.168.10.2 is the vlan 1 address on the switch. While it appears that vlan 1 is included on the trunk there is no vlan subinterface on the router for vlan 1.
3) the switch config makes the native vlan on the trunk be vlan 3 which says that the switch will send frames for vlan 3 with no tagging. But the vlan interface for vlan 3 on the router does not specify that it is the native vlan and so would expect any frame for vlan 3 to be tagged.
4) the server gateway address is 192.168.20.1. But that address is not found on the switch or on the router. So it looks to me like that server will not be able to access any resource that is outside of network 192.168.20.0.
5) You have this static route on the router
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.20.1
it specifies using the interface that connects to the ISP but specifies a next hop address that does not belong to the subnet of that interface. Instead that next hop is in the subnet of the vlan 4 subinterface. I suspect that this route is not being used because of that inconsistency
6) you also have this static default route
ip route 0.0.0.0 0.0.0.0 220.233.0.4
but I do not see anything in the config that tells where that next hop address is. If the router can not associate a next hop address with an interface then that static route can not be used.
HTH
Rick
03-02-2018 06:06 AM
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide