Configuring Cisco 2948GL3 Switch for telnet access
Here is my config. I had gotten suggestions on another Question to create a BVI interface to telnet to the switch. It's not working.
After about 6 hours on this and a router problem my brain is mush.
In answers please don't assume I know what you're talking about. A one sentence explanation of the commands would be very helpful.
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname blah
!
enable secret 5 $1$Exd$qbBBh.46MxG.UVrqs34
!
clock timezone Eastern -4
sdm size ipx-bvi-network 32
sdm size ip-adjacency 2048
sdm size ipx-node 2048
sdm size ip-prefix 8192
sdm size ipx-network 6144
sdm size ip-mcast 3072
sdm size udp-flooding 256
sdm size l2-switching 1024
sdm autolearn
ip subnet-zero
no ip routing
ip multicast-routing
ip dvmrp route-limit 20000
!
!
!
interface FastEthernet1
no ip address
no ip directed-broadcast
no ip mroute-cache
bridge-group 1
!
<Interface 2 to 23 configured same as previous one>
interface FastEthernet24
ip address E.F.G.H 255.255.255.0 <I replaced a valid IP with E.F.G.H>
no ip directed-broadcast
no ip mroute-cache
bridge-group 1
<Interface 25 to 47 configured same as next one>
!
interface FastEthernet48
no ip addres
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface GigabitEthernet49
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface GigabitEthernet50
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface BVI1
ip address A.B.C.D 255.255.255.0
no ip directed-broadcast
no ip route-cache ref
!
ip classless
!
bridge 1 protocol ieee
bridge 1 priority 1
bridge 1 route ip
!
bridge 2 protocol ieee
bridge 2 priority 1
!
line con 0
transport input none
line aux 0
line vty 0
password duh
login
line vty 1 4
login
!
ntp peer 198.176.37.238
end
After about 6 hours on this and a router problem my brain is mush.
In answers please don't assume I know what you're talking about. A one sentence explanation of the commands would be very helpful.
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname blah
!
enable secret 5 $1$Exd$qbBBh.46MxG.UVrqs34
!
clock timezone Eastern -4
sdm size ipx-bvi-network 32
sdm size ip-adjacency 2048
sdm size ipx-node 2048
sdm size ip-prefix 8192
sdm size ipx-network 6144
sdm size ip-mcast 3072
sdm size udp-flooding 256
sdm size l2-switching 1024
sdm autolearn
ip subnet-zero
no ip routing
ip multicast-routing
ip dvmrp route-limit 20000
!
!
!
interface FastEthernet1
no ip address
no ip directed-broadcast
no ip mroute-cache
bridge-group 1
!
<Interface 2 to 23 configured same as previous one>
interface FastEthernet24
ip address E.F.G.H 255.255.255.0 <I replaced a valid IP with E.F.G.H>
no ip directed-broadcast
no ip mroute-cache
bridge-group 1
<Interface 25 to 47 configured same as next one>
!
interface FastEthernet48
no ip addres
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface GigabitEthernet49
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface GigabitEthernet50
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
!
interface BVI1
ip address A.B.C.D 255.255.255.0
no ip directed-broadcast
no ip route-cache ref
!
ip classless
!
bridge 1 protocol ieee
bridge 1 priority 1
bridge 1 route ip
!
bridge 2 protocol ieee
bridge 2 priority 1
!
line con 0
transport input none
line aux 0
line vty 0
password duh
login
line vty 1 4
login
!
ntp peer 198.176.37.238
end
ASKER
On this switch I have created a second bridge-group which needs to stay totally separate from bridge-group 1. The servers on each "VLAN" do not play well together.
How do I do a loopback address for management purposes? That might be a better solution.
What will enabling ip routing do? Will traffic from one VLAN reach the other?
Brent (a.k.a clueless)
How do I do a loopback address for management purposes? That might be a better solution.
What will enabling ip routing do? Will traffic from one VLAN reach the other?
Brent (a.k.a clueless)
Can you post result of 'sho version' ? I'd like to see the exact version you are running...
Now that I understand your situation a little better....
Reference link:
http://www.cisco.com/univercd/cc/td/doc/product/l3sw/4908g_l3/ios_12/18w522a/config/init_cfg.htm#1024711
Enabling IP routing will let the two vlans talk to each other if you want. Since you want full separation, then don't enable the BVI interfaces...
no interface bvi 1
no interface bvi 2
//-- since you already have this interface configured, we'll use it to manage the switch
interface FastEthernet24
ip address E.F.G.H 255.255.255.0 <I replaced a valid IP with E.F.G.H>
no ip directed-broadcast
no ip mroute-cache
no bridge-group 1 <== remove this line
no shutdown <== make sure it is enabled
//-- we need the VTY lines in order to telnet to it. You currently only have line 0 enabled, let's go ahead and enable all 5
line vty 0 4
password duh
Now, if you connect a PC directly to interface 24, with an IP address in the same subnet, then you should be able to now telnet directly to E.F.G.H
Now that I understand your situation a little better....
Reference link:
http://www.cisco.com/univercd/cc/td/doc/product/l3sw/4908g_l3/ios_12/18w522a/config/init_cfg.htm#1024711
Enabling IP routing will let the two vlans talk to each other if you want. Since you want full separation, then don't enable the BVI interfaces...
no interface bvi 1
no interface bvi 2
//-- since you already have this interface configured, we'll use it to manage the switch
interface FastEthernet24
ip address E.F.G.H 255.255.255.0 <I replaced a valid IP with E.F.G.H>
no ip directed-broadcast
no ip mroute-cache
no bridge-group 1 <== remove this line
no shutdown <== make sure it is enabled
//-- we need the VTY lines in order to telnet to it. You currently only have line 0 enabled, let's go ahead and enable all 5
line vty 0 4
password duh
Now, if you connect a PC directly to interface 24, with an IP address in the same subnet, then you should be able to now telnet directly to E.F.G.H
ASKER
Here is the version information:
Cisco Internetwork Operating System Software
IOS (tm) L3 Switch/Router Software (CAT2948G-IN-M), Version 12.0(7)WX5(15a) REL
EASE SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Thu 06-Jan-00 18:31 by integ
Image text-base: 0x60010928, data-base: 0x605A0000
ROM: System Bootstrap, Version 12.0(7)W5(15) RELEASE SOFTWARE
RichmondSTC uptime is 2 years, 47 weeks, 4 days, 21 hours, 41 minutes
System restarted by power-on
System image file is "bootflash:cat2948g-in-mz.
cisco Cat2948G (R5000) processor with 57344K/8192K bytes of memory.
R5000 processor, Implementation 35, Revision 2.1
Last reset from power-on
48 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3z interface(s)
121K bytes of non-volatile configuration memory.
16384K bytes of processor board Boot flash (Read/Write)
Configuration register is 0x2101
Cisco Internetwork Operating System Software
IOS (tm) L3 Switch/Router Software (CAT2948G-IN-M), Version 12.0(7)WX5(15a) REL
EASE SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Thu 06-Jan-00 18:31 by integ
Image text-base: 0x60010928, data-base: 0x605A0000
ROM: System Bootstrap, Version 12.0(7)W5(15) RELEASE SOFTWARE
RichmondSTC uptime is 2 years, 47 weeks, 4 days, 21 hours, 41 minutes
System restarted by power-on
System image file is "bootflash:cat2948g-in-mz.
cisco Cat2948G (R5000) processor with 57344K/8192K bytes of memory.
R5000 processor, Implementation 35, Revision 2.1
Last reset from power-on
48 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3z interface(s)
121K bytes of non-volatile configuration memory.
16384K bytes of processor board Boot flash (Read/Write)
Configuration register is 0x2101
Complete configuration guide for that version for future reference
http://www.cisco.com/univercd/cc/td/doc/product/l3sw/2948g-l3/rel_12_0/7wx515a/config_g/index.htm
http://www.cisco.com/univercd/cc/td/doc/product/l3sw/2948g-l3/rel_12_0/7wx515a/config_g/index.htm
ASKER
Is there any way to configure it so I can telnet from any machine on bridge-group 1?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
---Start comment---
You create multiple bridge groups, and assign physical interfaces into the respective bridge groups. This creates the layer 2 separation, which is the same concept as VLAN's in the switch world.
Now, to access the switch itself, you have to create Bridge Virtual Interfaces.
interface bvi 1
ip address 192.168.1.100 255.255.255.0
interface bvi 2
ip address 192.168.2.100 255.255.255.0
Any host attached to an interface in the bridge group 2 (VLAN2) should have a 192.168.2.x IP address
Any host attached to an interface in the bridge group 1 (VLAN1) should have a 192.168.1.x IP address
Any host in the 192.168.1.x IP address should be able to ping/telnet to 192.168.1.100
Any host in the 192.168.2.x IP subnet should be ablt to ping/telnet to 192.168.2.100
-if- you set either a static route or default route on a host in VLAN1 that points to the BVI address, then you should be able to ping BOTH bvi interfaces.
You may have to enable routing
!
ip routing
!
Just like with a router, you can always create a loopback interface with an IP adress that will be used primarily for managment purposes.
---End Comment---