cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5578
Views
0
Helpful
18
Replies

telnet query from switch to router with ROAS

John Cheetley
Level 3
Level 3

Hi Team,

I looked for this query for layer 2 but only found one for layer 3 switches so if there is already a discussion for this then please advise..Thanks in advance

 

1. Should a layer 2 switch be able to ping/telnet/traceroute to a router and vice versa using the ROAS model

2. Is it easier to telnet/ssh from the PC/server to switch then router or from PC directly to router or is that just a preference thing?

1 Accepted Solution

Accepted Solutions

Thanks for the update. The configst still have some issues.

1) on the router you added a subinterface under FA0/0. I am not sure what you intend to do with it.

2) there is still no subinterface for vlan 1 on the router, and so no entry for subnet 192.168.10.0

3) the subinterface on the router for vlan 3 still is configured so that it expects frames to be tagged. but the switch configures vlan 3 as the native vlan on the trunk and so will send frames with no tag.

4) the subinterface on the router for vlan 3 now has its network as 192.168.20.0. This is different from the last config that you posted. I am not sure why you changed it. And it produces a conflict with the switch config which puts 192.168.20.0 on vlan 4

5) the router now has only one static default route, which is probably better. But the new static default route

ip route 0.0.0.0 0.0.0.0 192.168.10.2

has a next hop in a subnet that is not known to the router. (where is subnet 192.168.10.0) so if you do show ip route on the router I expect you will find that there is not a gateway of last resort in the routing table

6) the switch has its default gateway as 192.168.10.1. There is only one active SVI on the switch (interfaces vlan 3 and 4 are shutdown) and its address is 192.168.10.2 and this vlan does not have a subinterface on the router. So I don't know  how the switch will get to its gateway.

 

HTH

 

Rick

 

HTH

Rick

View solution in original post

18 Replies 18

chrihussey
VIP Alumni
VIP Alumni

Hello,

1- An L2 switch should be able to ping/telnet/traceroute to a router and vice versa in a router on a stick scenario if everything is proper configured. (trunk, vlan/sub interfaces, default gateway, etc.).

 

2- It's more of a preference thing. Again, as long as everything is properly configured either should work just as well. I assume it would be easier just to telnet to the router, as opposed to making it a two step process.

 

Hope this helps

I like the answers from Chris and would like to expand a little on 2). Frequently it is a preference thing but sometimes it is not. I have worked with several customers who had security policies that certain devices (usually router) would accept connections from remote subnets while other devices (usually switches and other similar devices) would only accept connections from a "local" subnet. In that case you would need to telnet/SSH to the device that accepts remote connection requests and then connect to the other devices in that part of the network.

 

HTH

 

Rick

HTH

Rick

Thanks Chris and Richard for the replies.

Am unable to telnet from PC  to switch 192.168.10.2 via putty

Last worked months ago. 

Have entered all necessary details into putty

Connection type is telnet. Port 23. Enable TCP keepalives. IP version is auto.

Have ether cable from PC to fa0/5 on switch. Port is up and online as below output shows

Can connect to switch and router via serial OK

Port 23 isn't blocked

Save the config. then load. putty give a black screen with a green dot in top left corner for about a minute then Putty Fatal Error dialog box showing network error: connection timed out

 

telnet config on switch is below

 

switch
line con 0
password TrustNo1
login
transport input none
stopbits 1
line vty 0 4
exec-timeout 60 0
password xxxxxxxxxx
login local
transport input telnet
line vty 5 15
exec-timeout 60 0
password xxxxxxxx
login local

 

Output of netstat -an |find /i "3389"

C:\Users\Administrator>netstat -an |find /i "3389"
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP [::]:3389 [::]:0 LISTENING

 

Output of netstat -an | find /i "23"

C:\Users\Administrator>netstat -an | find /i "23"
TCP 0.0.0.0:23 0.0.0.0:0 LISTENING
TCP 192.168.20.3:58224 64.233.188.188:443 ESTABLISHED
TCP [::]:23 [::]:0 LISTENING

 

Need more info..please let me know...

 

 

 

 

 

 

Windows CLI error for telnet is...

C:\Users\Administrator>telnet 192.168.10.2
Connecting To 192.168.10.2...Could not open connection to the host, on port 23:
Connect failed

obvious question: can you actually ;ping the switch?

 

did you config telnet source ip adress if you have multiple IPs on that switch?

Please remember to rate useful posts, by clicking on the stars below.

I agree that the question of can you ping the switch on that address is a key point. This could be a simple case of problem with IP connectivity. We do know from the partial config that telnet is enabled and that there is no access-class on the vty. So from that perspective telnet should work. We do not know about the port that the PC is connected to. What vlan is that in? What is the subnet of that vlan? What is the gateway of that vlan if that vlan is not in the subnet where the switch IP address is? Does the PC have the correct gateway configured if the switch IP address is not in the vlan/subnet where the PC is connected?

 

HTH

 

rick 

HTH

Rick

Evening Richard and rest of techs. Thanks for your replies. My screen has just fizzed out and not have spare one. Be a couple of days for reply. :) Using work PC now ATM

Thanks for letting us know that there will be a delay in following up on this discussion. Sorry you ran into problems. Let us know when you are able to get back to this.

 

HTH

 

Rick

HTH

Rick

Evening Richard and team,

Have another screen. 

Results of pinging from server 192.168.20.3

C:\Users\Administrator>ping 192.168.10.2(switch)

Pinging 192.168.10.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.10.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\Administrator>

 

Perhaps you may also need a route print output?

thanks again..:) 

Glad to see that you are back in action. The output of route print might be helpful. Also please verify the IP, mask, and (especially) gateway of the PC/server. In a previous post you indicate that you are connected on fa0/5. Is that still the case. In that case it looks like you are connecting in vlan 1 of the switch. What (and where) is the gateway for vlan 1? Would you post the output of these commands on the switch show interface status, show ip interface brief.

 

HTH

 

Rick

HTH

Rick

No Using FA0/4 with vlan4 with IP 10.100.10.1/24

Gway 192.168.20.1

Post switch config tonight and router config..

 

Gateway of server is 192.168.20.1(ISP modem)

Cisco router connects to this via FA0/0 whilst FA0/1 connects to FA0/24 on layer 2 switch via trunkport

The server IP is 192.168.20.3 via ISP modem.

Now I have a 2nd NIC on server that connects to port 4 on switch. This is the one I was going to use for telnet/ssh as the switch and router isn't always turned on. Only the ISP supplied router is. Hence the reason I was going to use a 2nd NIC card for when cisco router and switch are powered up if that makes sense

 

router and switch config as requested

 

 

I am a bit confused. In a previous post you gave us this

interface VLAN4
description Data vlan 4
ip address 10.100.10.1 255.0.0.0
no ip directed-broadcast
no ip route-cache
shutdown

 

and now you give us this
interface VLAN4
description Data vlan 4
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
shutdown

 

At first I was concerned that the vlan interface is shut down. Then I realized that this does not matter because the gateway address should be on the router. But the shifting address is a bit confusing.

 

I have found several issues in the posted configs and probably any one of them would cause this problem:

1) there is no interface on the router which is in subnet 192.168.10.0 and no static route for that subnet. So any attempt to reach that address from the router will use the default route to the ISP and not to the switch.

2) the address that you are attempting to access 192.168.10.2 is the vlan 1 address on the switch. While it appears that vlan 1 is included on the trunk there is no vlan subinterface on the router for vlan 1.

3) the switch config makes the native vlan on the trunk be vlan 3 which says that the switch will send frames for vlan 3 with no tagging. But the vlan interface for vlan 3 on the router does not specify that it is the native vlan and so would expect any frame for vlan 3 to be tagged.

4) the server gateway address is 192.168.20.1. But that address is not found on the switch or on the router. So it looks to me like that server will not be able to access any resource that is outside of network 192.168.20.0.

5) You have this static route on the router

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.20.1

it specifies using the interface that connects to the ISP but specifies a next hop address that does not belong to the subnet of that interface. Instead that next hop is in the subnet of the vlan 4 subinterface. I suspect that this route is not being used because of that inconsistency

6) you also have this static default route

ip route 0.0.0.0 0.0.0.0 220.233.0.4

but I do not see anything in the config that tells where that next hop address is. If the router can not associate a next hop address with an interface then that static route can not be used.

 

HTH

 

Rick

 

 

HTH

Rick

Hi Richard, 

IP address 10.100.10.1 255.0.0.0 was just a muck around IP.  Forget to update this. Sorry

Both router and switch updated.. what a learning curve.config attached..

Please let me know your thoughts...