01-20-2016 06:17 AM - edited 03-08-2019 03:28 AM
Hi,
I am able to access this switch only from 40 ( 192.168.40.0/24 ) VLAN and am unable to ping or ssh into it from any other VLAN. I have pasted below the running config of the switch. Please advice what could be preventing the switch from being accessed from the other VLANs.
BSL-BNG-S001#sh run
Building configuration...Current configuration : 7302 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec localtime year
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname BSL-BNG-S001
!
boot-start-marker
boot-end-marker
!
logging buffered 65535
enable secret 5 xxx
enable password 7 xxx
!
username netadmin privilege 15 password 7 xxx
username administrator privilege 15 secret 5 xxx
!
!
aaa new-model
!
!
aaa group server radius BETSOL_ADS
server-private 192.168.1.7 auth-port 1645 acct-port 1646 key 7
server-private 192.168.1.9 auth-port 1645 acct-port 1646 key 7
!
aaa authentication login default group BETSOL_ADS local
aaa authorization exec default group BETSOL_ADS local
!
!
!
aaa session-id common
clock timezone IST 5 30
system mtu routing 1500
!
!
ip domain-name betsol.com
!
!
crypto pki trustpoint TP-self-signed-xxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxx
revocation-check none
rsakeypair TP-self-signed-xxx
!
!
crypto pki certificate chain TP-self-signed-xx
certificate self-signed 01
quit
!
!
!
archive
log config
logging enable
logging size 1000
notify syslog contenttype plaintext
hidekeys
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,10,20,30,40 priority 4096
!
vlan internal allocation policy ascending
!
ip ssh authentication-retries 5
!
!
interface FastEthernet0/1
description Untangle
switchport access vlan 50
!
interface FastEthernet0/2
description WAP_1_80.25
switchport access vlan 80
srr-queue bandwidth limit 30
!
interface FastEthernet0/3
description DHCP_DNS_Servers
!
interface FastEthernet0/4
description Server_Ports
!
interface FastEthernet0/5
description Server_Ports
!
interface FastEthernet0/6
description Server_Ports
!
interface FastEthernet0/7
description Server_Ports
!
interface FastEthernet0/8
description Server_Ports
!
interface FastEthernet0/9
description Server_Ports
!
interface FastEthernet0/10
description Server_Ports
!
interface FastEthernet0/11
description DECK01
switchport mode access
!
interface FastEthernet0/12
description DECK02
switchport access vlan 80
!
interface FastEthernet0/13
!
interface FastEthernet0/14
description ***PRINTER***
!
interface FastEthernet0/15
switchport access vlan 40
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
description WAP_3_80.29
switchport access vlan 80
!
interface FastEthernet0/22
switchport access vlan 80
switchport mode access
!
interface FastEthernet0/23
description Port_Mirror
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/24
description Downlink_G04
switchport mode trunk
!
interface GigabitEthernet0/1
description Uplink_Router
switchport trunk allowed vlan 1-59,61-69,71-4094
switchport mode trunk
!
interface GigabitEthernet0/2
description Downlink_G01
switchport mode trunk
!
interface Vlan1
ip address 192.168.1.50 255.255.255.0
ip helper-address 192.168.1.1
!
interface Vlan10
ip address 192.168.10.10 255.255.255.0
ip helper-address 192.168.10.1
!
interface Vlan20
ip address 192.168.20.10 255.255.255.0
ip helper-address 192.168.20.1
!
interface Vlan30
ip address 192.168.30.10 255.255.255.0
ip helper-address 192.168.30.1
!
interface Vlan40
ip address 192.168.40.10 255.255.255.0
ip helper-address 192.168.40.1
!
interface Vlan50
ip address 192.168.50.10 255.255.255.0
!
interface Vlan60
ip address 192.168.60.10 255.255.255.0
ip helper-address 192.168.60.1
!
interface Vlan70
ip address 192.168.70.10 255.255.255.0
ip helper-address 192.168.70.1
!
interface Vlan80
ip address 192.168.80.10 255.255.255.0
!
interface Vlan100
ip address 192.168.100.10 255.255.255.0
ip helper-address 192.168.100.1
!
ip http server
ip http secure-server
logging trap debugging
logging source-interface Vlan1
logging 192.168.1.5
snmp-server community xxx RO
snmp-server community xxx RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps tty
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps power-ethernet group 1
snmp-server enable traps power-ethernet police
snmp-server enable traps fru-ctrl
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps energywise
snmp-server enable traps rtr
snmp-server enable traps vstack
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
!
line con 0
password 7 xxx
line vty 0 1
privilege level 15
password 7 xxx
transport input ssh
line vty 2 4
privilege level 15
transport input ssh
line vty 5 15
!
endBSL-BNG-S001#
Solved! Go to Solution.
01-21-2016 06:48 AM
That command is added under config mode not interface mode.
By the way if you pick an SVI you need to shut the others down.
If it is acting as L2 switch it should only have one SVI up.
Only L3 switches should have multiple SVIs up.
Jon
01-20-2016 06:29 AM
Is this switch meant to be acting as L3 ie. routing between vlans because you have a trunk uplink to a router which suggests it is not.
If it is not meant to be routing between vlans then why does it have all those SVIs ("int vlan x") configured.
From a client that cannot ping, what is the client's IP address and default gateway ?
Jon
01-20-2016 11:32 AM
The switch is an L2 device and is the primary trunk link to a Firewall which does the routing. The routing has the default Gateway IPs ( .1 ) for all the VLANs. The Int Vlans were created as a means of troubleshooting in case of connectivity issues.
An example of a client that cannot ping is 192.168.80.100 which has a default gateway of 192.168.80.1 ( Firewall )
01-20-2016 12:08 PM
Then you need a default gateway on your switch.
The switch should use one of the vlans for managing it ie. choose one of the SVIs and then add this to your switch -
"ip default-gateway x.x.x.x"
where x.x.x.x is the firewalls IP address for the vlan you have chosen to manage the switch with.
Jon
01-20-2016 12:52 PM
I agree with Jon that the lack of a configured default-gateway prevents the switch from communicating with multiple vlans. I am curious why the switch does communicate with vlan 40. Could you post the output of these commands
show vlan
show interface trunk
show interface status
HTH
Rick
01-20-2016 06:47 PM
I shall try configuring the default Gateway as suggested , meanwhile here is the output asked for:
BSL-BNG-S001#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/13, Fa0/14, Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20
10 TSE active
20 CSE active
30 DEV active Fa0/23
40 Admin active Fa0/15
50 Untangle active Fa0/1
80 Wireless active Fa0/2, Fa0/12, Fa0/21, Fa0/22
100 Voice active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsupVLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
80 enet 100080 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------BSL-BNG-S001#
BSL-BNG-S001#show interface trunkPort Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1Port Vlans allowed on trunk
Fa0/24 1-4094
Gi0/1 1-59,61-69,71-4094
Gi0/2 1-4094Port Vlans allowed and active in management domain
Fa0/24 1,10,20,30,40,50,80,100
Gi0/1 1,10,20,30,40,50,80,100
Gi0/2 1,10,20,30,40,50,80,100Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1,10,20,30,40,80,100
Gi0/1 1,10,20,30,40,50,80,100
Gi0/2 1,10,20,30,40,50,80,100
BSL-BNG-S001#show interface statusPort Name Status Vlan Duplex Speed Type
Fa0/1 Untangle notconnect 50 auto auto 10/100BaseTX
Fa0/2 WAP_1_80.25 connected 80 a-full a-100 10/100BaseTX
Fa0/3 DHCP_DNS_Servers connected 1 a-full a-100 10/100BaseTX
Fa0/4 Server_Ports notconnect 1 auto auto 10/100BaseTX
Fa0/5 Server_Ports connected 1 a-full a-100 10/100BaseTX
Fa0/6 Server_Ports connected 1 a-full a-100 10/100BaseTX
Fa0/7 Server_Ports connected 1 a-full a-100 10/100BaseTX
Fa0/8 Server_Ports connected 1 a-full a-100 10/100BaseTX
Fa0/9 Server_Ports connected 1 a-full a-100 10/100BaseTX
Fa0/10 Server_Ports notconnect 1 auto auto 10/100BaseTX
Fa0/11 DECK01 notconnect 1 auto auto 10/100BaseTX
Fa0/12 DECK02 notconnect 80 auto auto 10/100BaseTX
Fa0/13 connected 1 a-half a-10 10/100BaseTX
Fa0/14 ***PRINTER*** connected 1 a-full a-100 10/100BaseTX
Fa0/15 connected 40 a-full a-100 10/100BaseTX
Fa0/16 notconnect 1 auto auto 10/100BaseTX
Fa0/17 connected 1 a-full a-100 10/100BaseTX
Fa0/18 notconnect 1 auto auto 10/100BaseTX
Fa0/19 notconnect 1 auto auto 10/100BaseTX
Fa0/20 notconnect 1 auto auto 10/100BaseTX
Fa0/21 WAP_3_80.29 connected 80 a-full a-100 10/100BaseTXPort Name Status Vlan Duplex Speed Type
Fa0/22 notconnect 80 auto auto 10/100BaseTX
Fa0/23 Port_Mirror connected 30 a-full a-100 10/100BaseTX
Fa0/24 Downlink_G04 connected trunk a-full a-100 10/100BaseTX
Gi0/1 Uplink_Router connected trunk a-full a-1000 10/100/1000BaseTX
Gi0/2 Downlink_G01 connected trunk a-full a-1000 10/100/1000BaseTX
BSL-BNG-S001#
01-20-2016 06:49 PM
I am afraid the Cisco 2960 thatg we have does not permit us to add this command under config-if mode:
BSL-BNG-S001(config)#int vlan 80
BSL-BNG-S001(config-if)#ip def
BSL-BNG-S001(config-if)#ip def?
% Unrecognized command
BSL-BNG-S001(config-if)#ip ?
Interface IP configuration subcommands:
access-group Specify access control for packets
accounting Enable IP accounting on this interface
address Set the IP address of an interface
admission Apply Network Admission Control
auth-proxy Apply authenticaton proxy
broadcast-address Set the broadcast address of an interface
dhcp Configure DHCP parameters for this interface
directed-broadcast Enable forwarding of directed broadcasts
helper-address Specify a destination address for UDP broadcasts
information-reply Enable sending ICMP Information Reply messages
local-proxy-arp Enable local-proxy ARP
mask-reply Enable sending ICMP Mask Reply messages
mtu Set IP Maximum Transmission Unit
probe Enable HP Probe support
proxy-arp Enable proxy ARP
rarp-server Enable RARP server for static arp entries
redirects Enable sending ICMP Redirect messages
route-cache Enable fast-switching cache for outgoing packets
security DDN IP Security Option
sticky-arp Allow the creation of sticky ARP entries
tcp TCP interface commands
unnumbered Enable IP processing without an explicit address
unreachables Enable sending ICMP Unreachable messages
verify Enable per packet validation
01-21-2016 06:48 AM
That command is added under config mode not interface mode.
By the way if you pick an SVI you need to shut the others down.
If it is acting as L2 switch it should only have one SVI up.
Only L3 switches should have multiple SVIs up.
Jon
01-21-2016 06:48 AM
I agree with both of Jon's points: the default gateway is configured in global config mode, and that a layer 2 switch should have one SVI. I am still not clear what causes vlan 40 to be the one that communicates and I wonder if that might change if the switch rebooted. But probably this is mostly a curiosity question and not significant in getting the switch to communicate with multiple vlans.
HTH
Rick
01-21-2016 07:59 AM
Thanks Jon, Richard,
I shall try deleting the other SVIs except for vlan 1 and shall try and report.
01-26-2016 11:04 PM
Thanks! That solution worked!! Thanks a lot for helping me!
02-08-2016 02:24 AM
please can you tell me in details i did not get you ans..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide