Solved: Unable to Ping/SSH to Interface on 3925

mario11584 · ‎01-10-2013

I just barely put in a Cisco 3925 on our network. I've configured gigabitethernet 0/2 to live on our management VLAN with an IP address of 10.129.0.31/16. I did a "no shut" on the interface. Everything should be ready to allow me to ping and/or SSH to that interface but I can't. It's really weird because I've done this a thousand times (at least on ASAs). I must be missing something. At any rate, the default gateway of the management VLAN is 10.129.0.1. I can ping that from the router. I can also ping that from my laptop (which lives on a completely different VLAN). But I can't ping the router from my laptop or vice versa. Any help would be appreciated.

Building configuration...

Current configuration : 1360 bytes

!

! Last configuration change at 19:05:13 UTC Thu Jan 10 2013

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname border01

!

boot-start-marker

boot-end-marker

!

enable password 7 12091D1808010F542872702625

!

no aaa new-model

!

no ipv6 cef

ip source-route

!

ip cef

!

no ip domain lookup

ip domain name blah blah

!

multilink bundle-name authenticated

!

username dengel privilege 15 password 7 121815051B072E112D737D7963

!

redundancy

!

interface GigabitEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 10.129.0.31 255.255.0.0

ip access-group 100 in

duplex auto

speed auto

!

interface GigabitEthernet0/3

no ip address

shutdown

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

access-list 100 permit tcp any any

access-list 100 permit icmp any any

!

control-plane

!

line con 0

password 7 051B1E003B464D591B5C431C1D

line aux 0

line vty 0 4

privilege level 15

login

transport input ssh

line vty 5 924

privilege level 15

login

transport input ssh

!

scheduler allocate 20000 1000

end

Gregory Snipes · ‎01-10-2013

I do not see any default route or routing protocol configured. Is the network this is connected to an entirely flat layer 2 network? If not you will need to configure some way for it to leave the local subnet.

Also you should have "login local" on the VTY lines to make use of a local username as the authentication method.

View solution in original post

Gregory Snipes · ‎01-10-2013

I do not see any default route or routing protocol configured. Is the network this is connected to an entirely flat layer 2 network? If not you will need to configure some way for it to leave the local subnet.

Also you should have "login local" on the VTY lines to make use of a local username as the authentication method.

mario11584 · ‎01-10-2013

Gregory, thanks for the help. I feel incredibly embarrassed now but I was missing my default route. I added

ip route 0.0.0.0 0.0.0.0 10.129.0.1 to my config and ping and SSH are working great!

On the other hand I do have another question regarding my routes. Something I've not run into (or noticed before). Below you'll see my little routing table. I understand "L" means local but why is that listed there? I've only ever seen just directly connected routes (or dynamic routes) show up in the routing table. The subnet is also showing a /32 which is not what I configured on that interface. Any thoughts? Hopefully I'm not going to embarrass myself again.

border01#show ip route

Gateway of last resort is 10.129.0.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.129.0.1

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.129.0.0/16 is directly connected, GigabitEthernet0/2

L 10.129.0.31/32 is directly connected, GigabitEthernet0/2

glen.grant · ‎01-10-2013

What you said is a little confusing you said you put 10.129.0.31/16 on g0/2 but you are saying the default gateway is 10.129.0.1 . So where is the 10.129.0.1 interface , you can't have the same ip address range on 2 different interfaces . 10.129.0.31/16 covers everything from 10.129.0.0 to 10.129.255.255 . Sounds like you are trying to overlap address ranges. If g0/2 is the interface running your management vlan then the default gateway for that vlan should be 10.129.0.31 not .1 . Maybe you can clarify your setup , where is this .1 located as it overlaps with your g0/2 interface.

mario11584 · ‎01-10-2013

Sorry for the confusion. Let me try to clarify. I have a router that will eventually be setup with BGP. It will be inline between our ISP and our firewall. Right now we are just setting up management until we get all the BGP stuff figured out. Right now our setup is like this:

router --> L3 switch --> firewall

The router is connected to a set of stacked layer 3 switches with dozens of VLANs. One of those VLANs is a management VLAN. The router is connected to the L3 switch, where the 10.129.0.1 interface resides, not on the router. All routing is done on the switch and we have a routing subnet between the switch and the firewall (probably more information than is needed). So, 10.129.0.31 is configured on the router and 10.129.0.1 is configured on the switch. Two separate devices but both live on the same network/VLAN.