08-31-2011 08:24 AM - edited 03-07-2019 01:59 AM
For some reason I cannot telnet to the management IP address of our coreswitch (I can connect to other interfaces btw).
The management IP address is 192.168.2.1. I am trying to telnet to this address from a different vlan (192.168.13.0/24).
This switch is currently setup for IP routing.
This is the routing table from the 3750
------------------------------------------------------
Gateway of last resort is 192.168.9.3 to network 0.0.0.0
C 192.168.13.0/24 is directly connected, Vlan913
S 192.168.15.0/24 [1/0] via 192.168.9.1
S 204.110.216.0/24 [1/0] via 192.168.9.1
C 192.168.9.0/24 is directly connected, Vlan909
S 192.168.10.0/24 [1/0] via 192.168.9.3
172.17.0.0/23 is subnetted, 2 subnets
S 172.17.4.0 [1/0] via 192.168.9.6
C 172.17.2.0 is directly connected, Vlan762
C 192.168.55.0/24 is directly connected, Vlan955
S 204.110.213.0/24 [1/0] via 192.168.9.1
S 204.110.212.0/24 [1/0] via 192.168.9.1
192.168.5.0/24 is variably subnetted, 5 subnets, 2 masks
S 192.168.5.81/32 [1/0] via 192.168.9.1
S 192.168.5.63/32 [1/0] via 192.168.9.1
S 192.168.5.62/32 [1/0] via 192.168.9.1
S 192.168.5.49/32 [1/0] via 192.168.9.1
S 192.168.5.0/24 [1/0] via 192.168.9.1
S 204.110.215.0/24 [1/0] via 192.168.9.1
S 204.110.214.0/24 [1/0] via 192.168.9.1
S 192.168.7.0/24 [1/0] via 192.168.9.3
S 204.110.209.0/24 [1/0] via 192.168.9.1
S 192.168.50.0/24 [1/0] via 192.168.9.1
S 204.110.208.0/24 [1/0] via 192.168.9.1
C 192.168.2.0/24 is directly connected, Vlan1
S 204.110.211.0/24 [1/0] via 192.168.9.1
S 204.110.210.0/24 [1/0] via 192.168.9.1
S* 0.0.0.0/0 [1/0] via 192.168.9.3
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.2.1 YES NVRAM up up
Vlan762 172.17.2.255 YES NVRAM up up
Vlan909 192.168.9.2 YES NVRAM up up
Vlan913 192.168.13.1 YES NVRAM up up
Vlan955 192.168.55.1 YES NVRAM up up
The host IP address is 192.168.13.11/24 DG 192.168.13.1
If I connect to the switch on 192.168.13.1 I can then telnet from there
to anything on the 192.168.2.0 subnet.
Any ideas?
Solved! Go to Solution.
09-01-2011 09:15 AM
John ,
are you telneting from a windows client ? , can you do a 'route print' on that box , because as far as i can see -- the 3750 looks ok.
Can you ping the management interface from your 192.168.13.x device?
08-31-2011 08:29 AM
Are there any ACLs applied to Vlan1 or Vlan 913?
08-31-2011 08:31 AM
Hi,
What setting do you have for this vlan? Do you have any restrictions for your management interface?
Regards,
Alex
08-31-2011 08:37 AM
There are no ACLs on the line interfaces and or VLAN interfaces.
08-31-2011 11:05 AM
May help if you post some configs. If nothing else, at least the interface configs.
08-31-2011 10:30 AM
Hi John,
are you able to ping the Management IP, if not try a trace and check where the problem is. Do you use the correct IP config with correct gateway on the client?
Maybe the config without any password, etc information shoul help us to see the problem.
Otherwise I have no idea if you configure no special things on the switch like source interface for telnet or source routing etc..
regards,
Sebastian
08-31-2011 04:31 PM
I'll post the total configuration tomorrow morning. Thanks for all the help guys. Also, the client
has the correct ip configuration and gateway.
09-01-2011 07:49 AM
Current configuration : 6725 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxxxxxxxxx
!
enable secret 5 xxxxxxxxxx
!
username xxxxx privilege 15 password 7 xxxxxxxxx
username xxxxx privilege 15 password 7 xxxxxxxxx
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
ip routing
no ip domain-lookup
!
!
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 510
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
description ASA Public Outside
switchport access vlan 510
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/3
description ASA Public Inside
switchport access vlan 909
switchport mode access
duplex full
speed 100
!
interface GigabitEthernet0/4
description VPN Outside Interface
switchport access vlan 510
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/5
description VPN Inside Interface
switchport access vlan 909
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/6
description DMZ2 ASA Public
switchport access vlan 907
switchport mode access
!
interface GigabitEthernet0/7
switchport access vlan 510
spanning-tree portfast
!
interface GigabitEthernet0/8
description Domain Controller
switchport access vlan 913
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 913
!
interface GigabitEthernet0/10
switchport access vlan 913
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport access vlan 913
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 913
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 909
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 510
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 955
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
switchport access vlan 920
spanning-tree portfast
!
interface GigabitEthernet0/19
description ASA DMZ, gi0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,920
switchport mode trunk
no cdp enable
!
interface GigabitEthernet0/20
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
!
interface GigabitEthernet0/21
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
!
interface GigabitEthernet0/22
switchport access vlan 907
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 907
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/24
switchport access vlan 920
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
switchport mode trunk
switchport priority extend trust
!
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
switchport mode trunk
switchport priority extend trust
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
ip address 192.168.2.1 255.255.255.0
!
interface Vlan762
ip address 172.17.2.255 255.255.254.0
!
interface Vlan909
ip address 192.168.9.2 255.255.255.0
!
interface Vlan913
ip address 192.168.13.1 255.255.255.0
!
interface Vlan955
ip address 192.168.55.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.9.3
ip route 172.17.2.0 255.255.254.0 192.168.9.5
ip route 172.17.4.0 255.255.254.0 192.168.9.6
ip route 192.168.5.0 255.255.255.0 192.168.9.1
ip route 192.168.5.49 255.255.255.255 192.168.9.1
ip route 192.168.5.62 255.255.255.255 192.168.9.1
ip route 192.168.5.63 255.255.255.255 192.168.9.1
ip route 192.168.5.81 255.255.255.255 192.168.9.1
ip route 192.168.7.0 255.255.255.0 192.168.9.3
ip route 192.168.10.0 255.255.255.0 192.168.9.3
ip route 192.168.15.0 255.255.255.0 192.168.9.1
ip route 192.168.50.0 255.255.255.0 192.168.9.1
ip route 204.110.208.0 255.255.255.0 192.168.9.1
ip route 204.110.209.0 255.255.255.0 192.168.9.1
ip route 204.110.210.0 255.255.255.0 192.168.9.1
ip route 204.110.211.0 255.255.255.0 192.168.9.1
ip route 204.110.212.0 255.255.255.0 192.168.9.1
ip route 204.110.213.0 255.255.255.0 192.168.9.1
ip route 204.110.214.0 255.255.255.0 192.168.9.1
ip route 204.110.215.0 255.255.255.0 192.168.9.1
ip route 204.110.216.0 255.255.255.0 192.168.9.1
no ip http server
!
logging trap warnings
logging 204.110.208.75
snmp-server community xxxxx RO 2
snmp-server community xxxxx RW 2
snmp-server enable traps tty
snmp-server enable traps stpx root-inconsistency loop-inconsistency
!
control-plane
!
banner motd ^C
******************************
AUTHORIZED ACCESS ONLY!!!!
******************************^C
privilege exec level 1 traceroute
privilege exec level 1 ping
privilege exec level 1 terminal monitor
privilege exec level 1 terminal
privilege exec level 1 show line
privilege exec level 1 show arp
privilege exec level 1 show snmp
privilege exec level 1 show users
privilege exec level 1 show sessions
privilege exec level 1 show version
privilege exec level 1 show reload
privilege exec level 1 show debugging
privilege exec level 1 show controllers
privilege exec level 1 show access-lists
privilege exec level 1 show privilege
privilege exec level 1 show interfaces
privilege exec level 1 show running-config
privilege exec level 1 show configuration
privilege exec level 1 show
privilege exec level 1 clear counters
privilege exec level 1 clear
!
line con 0
exec-timeout 0 0
login
line vty 0 4
exec-timeout 30 0
password 7 xxxxxxxxxx
login local
transport preferred none
line vty 5 15
password 7 xxxxxxxxxx
login local
!
ntp clock-period 36028733
ntp server 70.85.30.20
ntp server 69.49.141.146
!
end
There is the switch configuration.
09-01-2011 07:59 AM
It's nothing that requires immediate assisitance because I can still connect and manage the switch.
I just can't figure out why I can't connect to any of the Switch management IP addresses.
09-01-2011 08:20 AM
Hey,
for me everything looks fine. The only thing I'm not sure is the "transport preferred none" under the vty 0 4.
Just for playing I would give them a change and delete that command, but I' not really sure. On the other hand I see nothing which could prevent you to telnet to vlan 1. My last check would be a ping or trace. Or anybody else see the problem...
regards,
Sebastian
for your reference to the command I marked:
http://www.cisco.com/en/US/docs/ios/12_0/dial/configuration/guide/dctermop.html
09-01-2011 08:25 AM
I've had this problem before on some 6509, but I can't for the life of me remeber why or how we got it working again...it was well over a year ago...and a lot has happened since then.
Check VLANs on your trunks between switches. Looks like you use vlan 1 as your native anyway. Could be something along those lines.
Ian
09-01-2011 08:51 AM
Yeah, the management VLAN is using VLAN1. 99% of that config was put in there
before me so there is no telling what is going on. I have looked at the config and
everything seemed ok. I did some research on "transport preferred none", because
I thought that was interface; never saw that command before. From what I understand
when you type a name such as (blah) or a name it doesn't understand it will try to look
it up via DNS by default. so the transport preferred none command prevents
that from happening. So I can't see that being the issue. I wish
you were an elephant IAN lol..
09-01-2011 09:15 AM
John ,
are you telneting from a windows client ? , can you do a 'route print' on that box , because as far as i can see -- the 3750 looks ok.
Can you ping the management interface from your 192.168.13.x device?
09-01-2011 09:58 AM
I always forgot that windows have their routing table. When I used the route print command I found the
following entry.
192.168.2.0 255.255.255.0 192.168.2.5 192.168.2.5 10
The default gateway for 192.168.2.0 is 192.168.2.5 which is actually the ip address
of the physical management ip address on the windows machine. I was able to
go to another machine within the 192.168.13.0/24 range and successfully ping 192.168.2.1.
I just have to figure out how to delete that specific route.
09-01-2011 10:49 AM
route delete .....
regards,
Sebastian Helmer
(send via mobile)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide