Solved: Re: Telnet to switch issue

JohnTylerPearce · ‎08-31-2011

For some reason I cannot telnet to the management IP address of our coreswitch (I can connect to other interfaces btw).

The management IP address is 192.168.2.1. I am trying to telnet to this address from a different vlan (192.168.13.0/24).

This switch is currently setup for IP routing.

This is the routing table from the 3750

------------------------------------------------------

Gateway of last resort is 192.168.9.3 to network 0.0.0.0

C    192.168.13.0/24 is directly connected, Vlan913
S    192.168.15.0/24 [1/0] via 192.168.9.1
S    204.110.216.0/24 [1/0] via 192.168.9.1
C    192.168.9.0/24 is directly connected, Vlan909
S    192.168.10.0/24 [1/0] via 192.168.9.3
     172.17.0.0/23 is subnetted, 2 subnets
S       172.17.4.0 [1/0] via 192.168.9.6
C       172.17.2.0 is directly connected, Vlan762
C    192.168.55.0/24 is directly connected, Vlan955
S    204.110.213.0/24 [1/0] via 192.168.9.1
S    204.110.212.0/24 [1/0] via 192.168.9.1
     192.168.5.0/24 is variably subnetted, 5 subnets, 2 masks
S       192.168.5.81/32 [1/0] via 192.168.9.1
S       192.168.5.63/32 [1/0] via 192.168.9.1
S       192.168.5.62/32 [1/0] via 192.168.9.1
S       192.168.5.49/32 [1/0] via 192.168.9.1
S       192.168.5.0/24 [1/0] via 192.168.9.1
S    204.110.215.0/24 [1/0] via 192.168.9.1
S    204.110.214.0/24 [1/0] via 192.168.9.1
S    192.168.7.0/24 [1/0] via 192.168.9.3
S    204.110.209.0/24 [1/0] via 192.168.9.1
S    192.168.50.0/24 [1/0] via 192.168.9.1
S    204.110.208.0/24 [1/0] via 192.168.9.1
C    192.168.2.0/24 is directly connected, Vlan1
S    204.110.211.0/24 [1/0] via 192.168.9.1
S    204.110.210.0/24 [1/0] via 192.168.9.1
S*   0.0.0.0/0 [1/0] via 192.168.9.3

Interface IP-Address OK? Method Status Protocol

Vlan1 192.168.2.1 YES NVRAM up up

Vlan762 172.17.2.255 YES NVRAM up up

Vlan909 192.168.9.2 YES NVRAM up up

Vlan913 192.168.13.1 YES NVRAM up up

Vlan955 192.168.55.1 YES NVRAM up up

The host IP address is 192.168.13.11/24 DG 192.168.13.1

If I connect to the switch on 192.168.13.1 I can then telnet from there

to anything on the 192.168.2.0 subnet.

Any ideas?

Julio Garcia · ‎09-01-2011

John ,

are you telneting from a windows client ? , can you do a 'route print' on that box , because as far as i can see -- the 3750 looks ok.

Can you ping the management interface from your 192.168.13.x device?

View solution in original post

Antonio Knox · ‎08-31-2011

Are there any ACLs applied to Vlan1 or Vlan 913?

Alexander Maroukian · ‎08-31-2011

Hi,

What setting do you have for this vlan? Do you have any restrictions for your management interface?

Regards,

Alex

JohnTylerPearce · ‎08-31-2011

There are no ACLs on the line interfaces and or VLAN interfaces.

Antonio Knox · ‎08-31-2011

May help if you post some configs. If nothing else, at least the interface configs.

Sebastian Helmer · ‎08-31-2011

Hi John,

are you able to ping the Management IP, if not try a trace and check where the problem is. Do you use the correct IP config with correct gateway on the client?

Maybe the config without any password, etc information shoul help us to see the problem.

Otherwise I have no idea if you configure no special things on the switch like source interface for telnet or source routing etc..

regards,

Sebastian

JohnTylerPearce · ‎08-31-2011

I'll post the total configuration tomorrow morning. Thanks for all the help guys. Also, the client

has the correct ip configuration and gateway.

JohnTylerPearce · ‎09-01-2011

Current configuration : 6725 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxxxxxxxxx
!
enable secret 5 xxxxxxxxxx
!
username xxxxx privilege 15 password 7 xxxxxxxxx
username xxxxx privilege 15 password 7 xxxxxxxxx
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
ip routing
no ip domain-lookup
!
!
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 510
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
description ASA Public Outside
switchport access vlan 510
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/3
description ASA Public Inside
switchport access vlan 909
switchport mode access
duplex full
speed 100
!
interface GigabitEthernet0/4
description VPN Outside Interface
switchport access vlan 510
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/5
description VPN Inside Interface
switchport access vlan 909
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/6
description DMZ2 ASA Public
switchport access vlan 907
switchport mode access
!
interface GigabitEthernet0/7
switchport access vlan 510
spanning-tree portfast
!
interface GigabitEthernet0/8
description Domain Controller
switchport access vlan 913
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 913
!
interface GigabitEthernet0/10
switchport access vlan 913
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport access vlan 913
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 913
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport access vlan 909
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport access vlan 510
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport access vlan 955
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
switchport access vlan 920
spanning-tree portfast
!
interface GigabitEthernet0/19
description ASA DMZ, gi0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,920
switchport mode trunk
no cdp enable
!
interface GigabitEthernet0/20
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
!
interface GigabitEthernet0/21
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
!
interface GigabitEthernet0/22
switchport access vlan 907
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 907
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/24
switchport access vlan 920
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/25

switchport trunk encapsulation dot1q
switchport mode trunk
switchport priority extend trust
!
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
switchport mode trunk
switchport priority extend trust
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
ip address 192.168.2.1 255.255.255.0
!
interface Vlan762
ip address 172.17.2.255 255.255.254.0
!
interface Vlan909
ip address 192.168.9.2 255.255.255.0
!
interface Vlan913
ip address 192.168.13.1 255.255.255.0
!
interface Vlan955
ip address 192.168.55.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.9.3
ip route 172.17.2.0 255.255.254.0 192.168.9.5
ip route 172.17.4.0 255.255.254.0 192.168.9.6
ip route 192.168.5.0 255.255.255.0 192.168.9.1
ip route 192.168.5.49 255.255.255.255 192.168.9.1
ip route 192.168.5.62 255.255.255.255 192.168.9.1
ip route 192.168.5.63 255.255.255.255 192.168.9.1
ip route 192.168.5.81 255.255.255.255 192.168.9.1
ip route 192.168.7.0 255.255.255.0 192.168.9.3
ip route 192.168.10.0 255.255.255.0 192.168.9.3
ip route 192.168.15.0 255.255.255.0 192.168.9.1
ip route 192.168.50.0 255.255.255.0 192.168.9.1
ip route 204.110.208.0 255.255.255.0 192.168.9.1
ip route 204.110.209.0 255.255.255.0 192.168.9.1
ip route 204.110.210.0 255.255.255.0 192.168.9.1
ip route 204.110.211.0 255.255.255.0 192.168.9.1
ip route 204.110.212.0 255.255.255.0 192.168.9.1
ip route 204.110.213.0 255.255.255.0 192.168.9.1
ip route 204.110.214.0 255.255.255.0 192.168.9.1
ip route 204.110.215.0 255.255.255.0 192.168.9.1
ip route 204.110.216.0 255.255.255.0 192.168.9.1
no ip http server
!
logging trap warnings
logging 204.110.208.75
snmp-server community xxxxx RO 2
snmp-server community xxxxx RW 2
snmp-server enable traps tty
snmp-server enable traps stpx root-inconsistency loop-inconsistency
!
control-plane
!
banner motd ^C
******************************
AUTHORIZED ACCESS ONLY!!!!
******************************^C
privilege exec level 1 traceroute
privilege exec level 1 ping
privilege exec level 1 terminal monitor
privilege exec level 1 terminal
privilege exec level 1 show line
privilege exec level 1 show arp
privilege exec level 1 show snmp
privilege exec level 1 show users
privilege exec level 1 show sessions
privilege exec level 1 show version
privilege exec level 1 show reload
privilege exec level 1 show debugging
privilege exec level 1 show controllers
privilege exec level 1 show access-lists
privilege exec level 1 show privilege
privilege exec level 1 show interfaces
privilege exec level 1 show running-config
privilege exec level 1 show configuration
privilege exec level 1 show
privilege exec level 1 clear counters
privilege exec level 1 clear
!
line con 0
exec-timeout 0 0
login
line vty 0 4
exec-timeout 30 0
password 7 xxxxxxxxxx
login local
transport preferred none
line vty 5 15
password 7 xxxxxxxxxx
login local
!
ntp clock-period 36028733
ntp server 70.85.30.20
ntp server 69.49.141.146
!
end

There is the switch configuration.

JohnTylerPearce · ‎09-01-2011

It's nothing that requires immediate assisitance because I can still connect and manage the switch.

I just can't figure out why I can't connect to any of the Switch management IP addresses.

Sebastian Helmer · ‎09-01-2011

Hey,

for me everything looks fine. The only thing I'm not sure is the "transport preferred none" under the vty 0 4.

Just for playing I would give them a change and delete that command, but I' not really sure. On the other hand I see nothing which could prevent you to telnet to vlan 1. My last check would be a ping or trace. Or anybody else see the problem...

regards,

Sebastian

for your reference to the command I marked:

http://www.cisco.com/en/US/docs/ios/12_0/dial/configuration/guide/dctermop.html

IAN WHITMORE · ‎09-01-2011

I've had this problem before on some 6509, but I can't for the life of me remeber why or how we got it working again...it was well over a year ago...and a lot has happened since then.

Check VLANs on your trunks between switches. Looks like you use vlan 1 as your native anyway. Could be something along those lines.

Ian

JohnTylerPearce · ‎09-01-2011

Yeah, the management VLAN is using VLAN1. 99% of that config was put in there

before me so there is no telling what is going on. I have looked at the config and

everything seemed ok. I did some research on "transport preferred none", because

I thought that was interface; never saw that command before. From what I understand

when you type a name such as (blah) or a name it doesn't understand it will try to look

it up via DNS by default. so the transport preferred none command prevents

that from happening. So I can't see that being the issue. I wish

you were an elephant IAN lol..

Julio Garcia · ‎09-01-2011

John ,

are you telneting from a windows client ? , can you do a 'route print' on that box , because as far as i can see -- the 3750 looks ok.

Can you ping the management interface from your 192.168.13.x device?

JohnTylerPearce · ‎09-01-2011

I always forgot that windows have their routing table. When I used the route print command I found the

following entry.

192.168.2.0 255.255.255.0 192.168.2.5 192.168.2.5 10

The default gateway for 192.168.2.0 is 192.168.2.5 which is actually the ip address

of the physical management ip address on the windows machine. I was able to

go to another machine within the 192.168.13.0/24 range and successfully ping 192.168.2.1.

I just have to figure out how to delete that specific route.

Sebastian Helmer · ‎09-01-2011

route delete .....

regards,

Sebastian Helmer

(send via mobile)