cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2229
Views
0
Helpful
12
Replies

unable to telnet across vlans

pacsniffing
Level 1
Level 1

Hey all,

our infrastructure initially had a cluster of 3750 switches as the core and it also did routing.  it is a small network of less than 200 systems we started experiencing problems with the cluster and ended up replacing it with 3 individual 3560 switches and a 2821 router. all vlans remained and subinterfaces are created on the router.. .From the router i can telnet to the management vlan of any of the switches and from any other subnet i can ping the ip address of the switches, however i can't telnet to the switches directly.  if i telnet to the router and then to the switches, that works has anybody ever had that problem before?

12 Replies 12

fgasimzade
Level 4
Level 4

Check if there are any access-lists configured on the switches for line vty

glen.grant
VIP Alumni
VIP Alumni

  what message do you get when trying to telnet ?   Look for ACL's , also verify the switches have the default gateway or a default static route for your switch management vlan configured on the 3560's .

thanks for the responses guys, yea there are no ACLs on either the switches or the router at the moment, wanted to ensure everything was working properly first before i started implementing access lists.  also each switch has a default gateway that is the ip of the subinterface to which they belong.  like i said the weird thing is that from the other subnets i can ping the switches so the routing isn't a problem but when i try to telnet that is where the problem is.

sounds like a default gateway and/or default route somewhere is not set to the same as the router's.

that was the first thing i thought but i have verified the default gateway on all the switches.  Telnet was working before when i had a cluster of 3750's as the core.  i replaced the 3750's with the 2821 and gave it the same IP as was on the 3750 so don't understand why it suddenly stopped working.

Question??? Could the ISO on the router be affecting the communication between the subinterfaces?

this is the image i am currently running:

flash:c2800nm-advsecurityk9-mz.124-24.T.bin

this is the current config on the device, just in case somebody can see something that i may have done wrong

Current configuration : 7866 bytes
!
! Last configuration change at 17:50:45 UTC Thu Jun 9 2011 by s*************
! NVRAM config last updated at 17:50:51 UTC Thu Jun 9 2011 by s************
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname G***********
!
boot-start-marker
boot system flash c2800nm-adventerprisek9-mz.124-23.bin
boot system tftp c2800nm-adventerprisek9-mz.124-23 172.20.11.72
boot system flash:c2800nm-advsecurityk9-mz.124-24.T.bin
boot-end-marker
!
logging message-counter syslog
no logging buffered
enable secret 5 ------------------------------------------------------
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name xxxxxxxxxxxxxx
ntp update-calendar
ntp server 172.20.11.6 prefer
!
multilink bundle-name authenticated
!
!
!
!
!
!
username xxxxx privilege 15 password 7 ------------------------------------------
username xxxxx privilege 15 password 7---------------------------------------------
username consultant privilege 15 password 7 ----------------------------------------
archive
log config
  hidekeys
!
!
!
!
!
ip ssh time-out 60
ip ssh version 2
!
!
!
interface GigabitEthernet0/0
no ip address
duplex full
speed 1000
!
interface GigabitEthernet0/0.1
description Connection to Current Sever VLAN
encapsulation dot1Q 1 native
ip address 172.20.11.254 255.255.255.0
!
interface GigabitEthernet0/0.5
description COnnection to XXXXXXXXXX printing
encapsulation dot1Q 5
ip address 172.20.12.1 255.255.255.0
ip flow ingress
!
interface GigabitEthernet0/0.27
description Connection to Management VLAN
encapsulation dot1Q 27
ip address 172.20.26.1 255.255.255.128
ip flow ingress
!
interface GigabitEthernet0/0.28
description VLAN for XXXXXXXXXX STAFF
encapsulation dot1Q 28
ip address 172.20.26.129 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.29
description VLAN for Dispatch 1st Floor HQ CMP
encapsulation dot1Q 29
ip address 172.20.27.1 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.30
description VLAN for Dispatch Ground Floor  HQ Compound
encapsulation dot1Q 30
ip address 172.20.27.129 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.31
description VLAN for HQ 2nd floor Main Building
encapsulation dot1Q 31
ip address 172.20.28.1 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.32
description Vlan for Training
encapsulation dot1Q 32
ip address 172.20.28.129 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.33
description VLAN for Information Systems
encapsulation dot1Q 33
ip address 172.20.29.1 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.34
description VLAN for Finance & Human Resources
encapsulation dot1Q 34
ip address 172.20.29.129 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.35
description VLAN for the TEST Environment
encapsulation dot1Q 35
ip address 172.20.30.1 255.255.255.0
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.36
description VLAN for HQ main Building Ground Floor
encapsulation dot1Q 36
ip address 172.20.31.1 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.37
description Connection to XXXXXXXXXX VLAN
encapsulation dot1Q 37
ip address 172.20.31.129 255.255.255.128
ip flow ingress
!
interface GigabitEthernet0/0.38
description Connection to Wireless VLAN
encapsulation dot1Q 38
ip address 172.20.32.1 255.255.255.128
ip flow ingress
!
interface GigabitEthernet0/0.39
description Connection to Internal IP Telephony Network
encapsulation dot1Q 39
ip helper-address 172.20.34.1
ip flow ingress
!
interface GigabitEthernet0/0.40
description Connection to Call Center Telephony
encapsulation dot1Q 40
ip helper-address 172.20.35.1
ip flow ingress
!
interface GigabitEthernet0/0.41
description Connection to VOIP Router
encapsulation dot1Q 41
ip address 172.20.37.1 255.255.255.0
ip flow ingress
!
interface GigabitEthernet0/0.42
ip flow ingress
!
interface GigabitEthernet0/0.78
description Connection to XXXXX Network
encapsulation dot1Q 78
ip address 192.6.21.254 255.255.255.0
ip flow ingress
!
interface GigabitEthernet0/0.81
description VLAN for CCTV
encapsulation dot1Q 81
ip address 172.19.0.1 255.255.255.0
ip flow ingress
!
interface GigabitEthernet0/0.82
description Connection Staff WLAN
encapsulation dot1Q 82
ip address 172.20.39.1 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.83
description Connection to IS WLAN
encapsulation dot1Q 83
ip address 172.20.39.129 255.255.255.128
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.110
encapsulation dot1Q 110
ip address 172.20.15.1 255.255.255.0
ip helper-address 172.20.11.10
ip flow ingress
!
interface GigabitEthernet0/0.125
description Connection to CORE Network
encapsulation dot1Q 125
ip address 172.30.1.1 255.255.255.192
ip flow ingress
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip default-gateway 172.20.11.91
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.20.11.91
ip route 10.0.0.0 255.255.255.128 172.20.11.91
ip route 10.10.10.0 255.255.255.0 172.20.11.76
ip route 10.96.7.0 255.255.255.0 172.20.11.76
ip route 10.111.101.0 255.255.255.0 172.20.11.76
ip route 172.16.0.0 255.255.255.0 172.30.1.2
ip route 172.16.2.0 255.255.255.0 172.20.11.76
ip route 172.20.1.0 255.255.255.0 172.30.1.2
ip route 172.20.2.0 255.255.255.0 172.20.26.41
ip route 172.20.3.0 255.255.255.0 172.20.11.76
ip route 172.20.4.0 255.255.255.0 172.20.11.74
ip route 172.20.5.0 255.255.255.0 172.20.11.74
ip route 172.20.6.0 255.255.255.0 172.20.11.74
ip route 172.20.7.0 255.255.255.0 172.20.11.74
ip route 172.20.8.0 255.255.255.0 172.30.1.3
ip route 172.20.9.0 255.255.255.0 172.20.11.77
ip route 172.20.10.0 255.255.255.0 172.20.11.74
ip route 172.20.11.0 255.255.255.0 GigabitEthernet0/0.1
ip route 172.20.13.0 255.255.255.0 172.20.11.79
ip route 172.20.14.0 255.255.255.0 172.20.11.77
ip route 172.20.16.0 255.255.255.0 172.30.1.2
ip route 172.20.19.0 255.255.255.0 172.20.11.76
ip route 172.20.25.0 255.255.255.0 172.20.11.76
ip route 172.20.26.0 255.255.255.128 GigabitEthernet0/0.27
ip route 172.20.34.0 255.255.255.0 172.20.37.2
ip route 172.20.35.0 255.255.255.0 172.20.37.2
ip route 172.21.2.0 255.255.255.224 172.20.26.41
ip route 172.21.5.0 255.255.255.0 172.30.1.5
ip route 172.21.8.0 255.255.255.0 172.30.1.3
ip route 192.168.0.0 255.255.255.0 172.20.11.76
ip route 192.168.6.0 255.255.255.240 172.20.11.76
ip route 192.168.8.0 255.255.255.0 172.20.11.76
ip route 192.168.13.0 255.255.255.240 172.20.11.76
ip route 192.168.50.0 255.255.255.240 172.20.11.91
ip route 192.168.66.0 255.255.255.0 172.20.11.91
ip route 192.168.77.0 255.255.255.0 172.20.11.76
ip route 192.168.104.0 255.255.252.0 172.20.11.76
ip route 192.168.168.0 255.255.255.0 172.20.11.76
ip http server
no ip http secure-server
!
!
!
logging 172.20.11.68
!
!
!
!
snmp-server community XXXXXXXXXXXXXXX
!
control-plane
!
banner motd ^C
-+
| |
| *** Unauthorized Use or Access Prohibited *** |
| |
| For Authorized Official Use Only |
| You must have explicit permission to access or |
| configure this device. All activities performed |
| on this device may be logged, and violations of |
| this policy may result in disciplinary action, and |
| may be reported to law enforcement authorities. |
| |
| There is no right to privacy on this device. |
| |
-+
^C
!
line con 0
login local
line aux 0
line vty 0 4
password 7 XYZXYZXYZ
login local
transport input telnet ssh
!
scheduler allocate 20000 1000

glen.grant
VIP Alumni
VIP Alumni

   If you are using a default gateway statement  in the 3560's make sure "ip routing "  is turned off (no ip routing) otherwise that gateway statement is useless and you must use a default static route instead .  Otherwise maybe you can post the 3560 config and we can see if there is anything wrong witht he trunking statements .

thanks for the response, this is the config for one of the switches.

Current configuration : 13231 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname HQ_1st_Flr_3560

!

enable secret 5 $1$OXQ5$XWqWnxAMuZlwF82QbcLEk0

!

username ***** privilege 15 password 7 **************************

username ******* privilege 15 password 7 *-***********************3

username ******* privilege 15 password 7 *************************

username ****** privilege 15 password 7 *****************************

username consultant privilege 15 password 7 ******************************

no aaa new-model

ip subnet-zero

!

!

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos srr-queue input bandwidth 90 10

mls qos srr-queue input threshold 1 8 16

mls qos srr-queue input threshold 2 34 66

mls qos srr-queue input buffers 67 33

mls qos srr-queue input cos-map queue 1 threshold 2  1

mls qos srr-queue input cos-map queue 1 threshold 3  0

mls qos srr-queue input cos-map queue 2 threshold 1  2

mls qos srr-queue input cos-map queue 2 threshold 2  4 6 7

mls qos srr-queue input cos-map queue 2 threshold 3  3 5

mls qos srr-queue input dscp-map queue 1 threshold 2  9 10 11 12 13 14 15

mls qos srr-queue input dscp-map queue 1 threshold 3  0 1 2 3 4 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 3  32

mls qos srr-queue input dscp-map queue 2 threshold 1  16 17 18 19 20 21 22 23

mls qos srr-queue input dscp-map queue 2 threshold 2  33 34 35 36 37 38 39 48

mls qos srr-queue input dscp-map queue 2 threshold 2  49 50 51 52 53 54 55 56

mls qos srr-queue input dscp-map queue 2 threshold 2  57 58 59 60 61 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31

mls qos srr-queue input dscp-map queue 2 threshold 3  40 41 42 43 44 45 46 47

mls qos srr-queue output cos-map queue 1 threshold 3  5

mls qos srr-queue output cos-map queue 2 threshold 3  3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3  2 4

mls qos srr-queue output cos-map queue 4 threshold 2  1

mls qos srr-queue output cos-map queue 4 threshold 3  0

mls qos srr-queue output dscp-map queue 1 threshold 3  40 41 42 43 44 45 46 47

mls qos srr-queue output dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31

mls qos srr-queue output dscp-map queue 2 threshold 3  48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3  56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3  16 17 18 19 20 21 22 23

mls qos srr-queue output dscp-map queue 3 threshold 3  32 33 34 35 36 37 38 39

mls qos srr-queue output dscp-map queue 4 threshold 1  8

mls qos srr-queue output dscp-map queue 4 threshold 2  9 10 11 12 13 14 15

mls qos srr-queue output dscp-map queue 4 threshold 3  0 1 2 3 4 5 6 7

mls qos queue-set output 1 threshold 1 138 138 92 138

mls qos queue-set output 1 threshold 2 138 138 92 400

mls qos queue-set output 1 threshold 3 36 77 100 318

mls qos queue-set output 1 threshold 4 20 50 67 400

mls qos queue-set output 2 threshold 1 149 149 100 149

mls qos queue-set output 2 threshold 2 118 118 100 235

mls qos queue-set output 2 threshold 3 41 68 100 272

mls qos queue-set output 2 threshold 4 42 72 100 242

mls qos queue-set output 1 buffers 10 10 26 54

mls qos queue-set output 2 buffers 16 6 17 61

mls qos

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

description ********

switchport trunk encapsulation dot1q

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/2

description ***********

switchport trunk encapsulation dot1q

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/3

description COnnection to********* Apr 29th 2009

switchport trunk encapsulation dot1q

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/4

description*******

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/5

description Connection to *************  Apr 27th 2009

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/6

description Connection to ********** in HR May 14th 2009

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/7

description ************

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/8

description ************

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/9

description Connection for ***********

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/10

description **************

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/11

description Connection to ****************Apr 29th 2009

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/12

description Connection to ***************  Apr 29th 2009

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/13

description Connection to ****************Apr 29th 2009

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/14

description Connection to *******************t Apr 30th 2009

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/15

description **************

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/16

description Connection to Conference room 7940 IP phone

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/17

description COnnection to ************ arp 27th 2009

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/18

description COnnection to ***********Apr 27th 2009

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/19

description **************

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/20

description Connection to **************

switchport access vlan 102

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/21

description Connection to *************** August 4th 2009

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

speed 100

duplex full

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/22

description ******************

switchport access vlan 34

switchport trunk encapsulation dot1q

switchport mode access

switchport voice vlan 39

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/23

description WIFI

switchport access vlan 38

switchport trunk encapsulation dot1q

switchport mode access

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

!

interface FastEthernet0/24

description Uplink to 2900

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-115,1002-1005

switchport mode trunk

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-117,125

switchport mode trunk

!

interface GigabitEthernet0/2

description Connection to Cluster

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-117,125

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape  10  0  0  0

queue-set 2

mls qos trust cos

auto qos voip trust

!

interface Vlan1

no ip address

shutdown

!

interface Vlan3

description Switch Management

no ip address

!

interface Vlan27

description Monitoring Network

ip address 172.20.26.2 255.255.255.128

!

ip default-gateway 172.20.26.1

ip classless

ip http server

!

logging 172.20.11.68

snmp-server community *************RW

snmp-server community ********* RO

snmp-server community ******* RO

snmp-server community ****** RW

!

control-plane

!

!

line con 0

login local

line vty 0 4

password 7 ***************

login local

line vty 5 15

no login Current configuration : 13231 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname HQ_1st_Flr_3560
!
enable secret 5 $1$OXQ5$XWqWnxAMuZlwF82QbcLEk0
!
username ***** privilege 15 password 7 **************************
username ******* privilege 15 password 7 *-***********************3
username ******* privilege 15 password 7 *************************
username ****** privilege 15 password 7 *****************************
username consultant privilege 15 password 7 ******************************
no aaa new-model
ip subnet-zero
!
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2  1
mls qos srr-queue input cos-map queue 1 threshold 3  0
mls qos srr-queue input cos-map queue 2 threshold 1  2
mls qos srr-queue input cos-map queue 2 threshold 2  4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3  3 5
mls qos srr-queue input dscp-map queue 1 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3  0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3  32
mls qos srr-queue input dscp-map queue 2 threshold 1  16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2  33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2  49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2  57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3  5
mls qos srr-queue output cos-map queue 2 threshold 3  3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3  2 4
mls qos srr-queue output cos-map queue 4 threshold 2  1
mls qos srr-queue output cos-map queue 4 threshold 3  0
mls qos srr-queue output dscp-map queue 1 threshold 3  40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3  48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3  56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3  16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3  32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1  8
mls qos srr-queue output dscp-map queue 4 threshold 2  9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3  0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
description ********
switchport trunk encapsulation dot1q
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/2
description ***********
switchport trunk encapsulation dot1q
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/3
description COnnection to********* Apr 29th 2009
switchport trunk encapsulation dot1q
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/4
description*******
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/5
description Connection to *************  Apr 27th 2009
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/6
description Connection to ********** in HR May 14th 2009
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/7
description ************
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/8
description ************
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/9
description Connection for ***********
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/10
description **************
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/11
description Connection to ****************Apr 29th 2009
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/12
description Connection to ***************  Apr 29th 2009
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/13
description Connection to ****************Apr 29th 2009
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/14
description Connection to *******************t Apr 30th 2009
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/15
description **************
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/16
description Connection to Conference room 7940 IP phone
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/17
description COnnection to ************ arp 27th 2009
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/18
description COnnection to ***********Apr 27th 2009
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/19
description **************
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/20
description Connection to **************
switchport access vlan 102
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/21
description Connection to *************** August 4th 2009
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/22
description ******************
switchport access vlan 34
switchport trunk encapsulation dot1q
switchport mode access
switchport voice vlan 39
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/23
description WIFI
switchport access vlan 38
switchport trunk encapsulation dot1q
switchport mode access
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
!
interface FastEthernet0/24
description Uplink to 2900
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-115,1002-1005
switchport mode trunk
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-117,125
switchport mode trunk
!
interface GigabitEthernet0/2
description Connection to Cluster
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-117,125
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape  10  0  0  0
queue-set 2
mls qos trust cos
auto qos voip trust
!
interface Vlan1
no ip address
shutdown
!
interface Vlan3
description Switch Management
no ip address
!
interface Vlan27
description Monitoring Network
ip address 172.20.26.2 255.255.255.128
!
ip default-gateway 172.20.26.1
ip classless
ip http server
!
logging 172.20.11.68
snmp-server community *************RW
snmp-server community ********* RO
snmp-server community ******* RO
snmp-server community ****** RW
!
control-plane
!
!
line con 0
login local
line vty 0 4
password 7 ***************
login local
line vty 5 15
no login

"From the router I can telnet  to the management vlan of any of the switches" OK

"If i telnet to the router and then to the switches,  that works" OK

Questions:-
"From any other subnet i  can ping the ip address of the switches"
What subnets/vlans are you testing from and is it from a host attached to the switch itself?
I was going to suggest try turing on intervlan routing/ip routing but you say ICMP is working ok...
"However i can't telnet to the  switches directly."
Where are you trying to telnet from?  Switch > Switch?
Its been a while since I've played around with routing but one other thing to consider is:-
Host > different subnet > telnet out > frames go out over the trunk > packets hits the 28xx layer 3 > how would it know how to route the packet if there is no route to the other management subnet?  I can see you only have the following static route:-

ip route 172.20.26.0 255.255.255.128 GigabitEthernet0/0.27

Therefore would you not need something like this:-

ip route 172.x.x.x 'mask' GigabitEthernet0/0.27

thanks for the reply Mohammed,

i'm trying to telnet from workstations in vlan 1 to the switches and equipment on vlna 27 which is the management vlans for the networking equipment.  however i was looking along the lines that the 2800 is the gateway for both vlan 1 and 27 and as such it should know how to find equipment in both subnets.  that's basically why i hadn't initially put in the static routing statements.  i had been doing a little reading and one site had mentioned trying the static route statement and that is what prompted me to put in the first 172.20.26.0/25 g0/0.27.

Still Pending, anybody have any other ideas that i could try??

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: