Hi BB

Thanks for your answer!

Switch IP address: 10.24.0.245

Interface VLAN 240

DG: 10.24.0.254

I'm able to ping gateway both from the switch and my computer; I have access to the switch, but only through another switch which has address in the same subnet (10.24.0.240) and same gateway.

Thanks a lot

if you able to access from same network then it should be some routing issue.

from switch are you able to ping PC  IP ?

can you post show ip route from switch and also from 10.24.0.254

Thanks for the additional information. Can you tell us whether ip routing is enabled on the switch 10.24.0.240? Perhaps the output of these commands from that switch might be helpful

show ip protocol

show ip route 

show arp

Hi Rick,

The commands 'show ip route' and 'show ip protocol' are not valid commands; however show arp has given the following results:

MBT11A-ACC1#sho arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.150.11.10            -   f872.ea89.7ec1  ARPA   Vlan11

Internet  10.24.0.240            11   0015.62ba.b9c0  ARPA   Vlan240

Internet  10.24.0.245             -   f872.ea89.7ec4  ARPA   Vlan240

Internet  10.24.0.248            12   001f.9dbe.13c1  ARPA   Vlan240

Internet  10.24.0.254             0   cc03.d99b.5a60  ARPA   Vlan240

Internet  10.24.1.253             -   f872.ea89.7ec0  ARPA   Vlan1

and from the switch which is fully functional:

TorMbtExpSw016#sho arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.24.0.79              0   0050.568c.f70b  ARPA   Vlan240

Internet  10.24.0.240             -   0015.62ba.b9c0  ARPA   Vlan240

Internet  10.24.0.246            33   ecc8.82f1.ff41  ARPA   Vlan240

Internet  10.24.0.245            20   f872.ea89.7ec4  ARPA   Vlan240

Internet  10.24.0.254             0   cc03.d99b.5a60  ARPA   Vlan240

For information:

MBT11A-ACC1 is a C3750 switch with IP address 10.24.0.245, and this is the one that I can't telnet/SSH/ping directly

TorMbtExpSw016 is a C2950 switch with IP address 10.24.0.240, which I can telnet & ping.

I assume 'show IP route' command doesn't work on that one as it's just a layer 2 switch, and I guess 'show IP route' doesn't work on the C3750 (10.24.0.245) maybe because no static routes have been configured or IP routing has not been enabled, but that's just my assumption with the few network knowledge I have.

Many thanks for your support

And please find those additional information from MBT11A-ACC1 which is the failing switch:

interface Vlan240

 ip address 10.24.0.245 255.255.255.0

 no ip route-cache

!

ip default-gateway 10.24.0.254

line vty 0 4

 exec-timeout 0 0

 password 7 14341D19050A1E2436263A3030

 logging synchronous

 login authentication TOR-LOCAL

 transport input telnet ssh

line vty 5 15

 exec-timeout 0 0

 password 7 14341D19050A1E2436263A3030

 logging synchronous

 login authentication TOR-LOCAL

 transport input telnet ssh

I've also found it's impossible for this switch to ping any IP address outside of the subnet (10.24.0.0)

Thanks

and which mac-address / IP is your lap-top ??

 - Start by having a test with 'open SSH' access and remove the 'attached' radius requirements.

 M.

I've already removed AAA configuration and tried with login local access but same results; I'm currently working from MacOS, but unfortunately I don't know how to perform a test with open SSH access; I've succeeded reaching the switch via Telnet but only from another switch; sorry I'm not skilled enough for making an open SSH test I think

And thanks for your suggestion Marce1000!

 - With 'open ssh test' I only mean no backyard authentications such as radius , only local-authentication on the switch. What error  do you get when trying to connect trough SSH ?

 M.

If the original post had said that the only problems were with access using telnet and SSH then the questions about authentication would be quite appropriate. But the original post also says it is not possible to ping the switch. This suggests that there is a routing issue - and if there is a routing issue it needs to be solved before we worry about authentication.

So please provide some more information about this topology. What is the IP of your computer? What is the gateway of your computer? Can you post the output of traceroute from your computer to the switch?

Hi and thanks for your support!

Computer IP: 10.24.1.76

GW: 10.24.1.254

Tracert to 10.24.0.240 from my computer: 

C:\WINDOWS\system32>tracert 10.24.0.240

Traceroute to 10.24.0.240 64 hops max, 52 packets

1 62 ms 3 ms 2 ms 10.24.1.254

2 9 ms 5 ms 4 ms 10.24.0.240

10.24.0.240 is the switch on which I have access directly from my computer, whether I'm using Windows or MACOS;

10.24.0.245 is the switch for which I have no direct access via Telnet/SSH, and can't be pinged; I only have access by telnet it from 10.24.0.240 for instance (or 10.24.0.248, which is a distribution switch)

Thanks