We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

CISCO 3750 management via telnet

Medium Priority
2,120 Views
Last Modified: 2012-05-06
Hi All
I understand that the cisco 3750 catalyst swtiches do not have any management vlan, and you can telnet to any of the vlan interfaces to manage the switch. If I have 3 of these switches connected via trunk ports, and all the vlans and vlan interfaces are created on Switch A, how do I access via telnet the other 2 swtiches ? Switches B and C will not have any vlan interfaces defined on them correct ?

My other question is what commands do I need to run to find out the ip address of the last computer that telnet into to the swtich and the last set of commands that were run and the date they were executed ?
Comment
Watch Question

Don JohnstonInstructor
CERTIFIED EXPERT
Top Expert 2015

Commented:
If the other two switches are not configured to do any routing (just a simple layer 2 switch), then create a single VLAN interface on each switch and assign an IP address to the VLAN interface and define a default-gateway. Then you would telnet to that IP address.

If buffer logging is enabled (which it is by default) "show logging" will display a line like this:

Feb  7 09:58:36: %SYS-5-CONFIG_I: Configured from console by vty1 (192.168.255.12)

As for being able to what commands were issued, that's a whole 'nother ballgame. :-)

I suggest to start with this.
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html

Here's some configuration information:
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml

I guess the bottom line is that implementing AAA is not a trivial undertaking.
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
> Switches B and C will not have any vlan interfaces defined on them correct ?
They don't have to, but VLAN1 interface is enabled by default and generally this interface has the IP address for the switch itself. Oftentimes we setup a separate Management VLAN to put all the other switches on a different vlan other than Vlan1 for management purposes only. Then you can restrict who has access to this VLAN IP address. You can always restrict access to ALL VLAN interface IP's with a simple acl applied to the vty. Example:

access-list 61 permit <my host ip>
access-list 61 permit <my assistant IP>
line vty 0 15
 access-class 61 in

The next step would be as donjohnston suggests to set up AAA authorization and accounting using an external AAA server and external syslog server.

Author

Commented:
Is it possible to create Vlan 20 on Switch A and assign an ip address eg. 10.0.0.1 to the VLAN 20 virtual interface and then on Switch B assign another ip address eg 10.0.0.2 to VLAN 20 interface on that switch  B ? (VLAN 20 would have propagated to Switch B by VTP)
I would like to know if that is possible
Don JohnstonInstructor
CERTIFIED EXPERT
Top Expert 2015

Commented:
Yes. You can use any VLAN for management.

Author

Commented:
Suppose Switch A has vlan 20 interface 10.0.0.1 and vlan 10 interface 192.168.0.1.
Switch B has vlan 20 interface 10.0.0.2

A computer on VLAN 20 on Switch B  has its default gateway set as 10.0.0.2.
 The computer sends a data packet destined for a computer on Switch A that is on VLAN 10.
I assume the packet first goes to the vlan 20 interface on switch B. What happens next ??

Don JohnstonInstructor
CERTIFIED EXPERT
Top Expert 2015

Commented:
If switch B isn't performing routing functions, the packet is dropped.

It sounds like Switch A is doing the routing. The VLAN 20 interface on Switch A should be the default gateway.
Sorry if this might seem a bit obvious in places -- just wanted to make sure there are no confusions

Make trunk links between all 3 switches:  ( also enable ip routing-- conf t > ip routing)

eg:
interface GigabitEthernet  x/x
 switchport trunk encapsulation dot1q
 switchport mode trunk

then make switch A your vtp server

conf t
vtp domain  domainvtp
vtp mode server

make switch B and C  vtp clients:

vtp domain domainvtp
vtp mode client

On switch A, your vlans will now propagate to others  when you make or delete vlans .

Create Vlan 20 on Switch A   (vlan 20 is your management Vlan)  and also any other vlans you want to make , eg Vlan 10  (PC)  , Vlan 30 (Voice)


Making management Vlan

Switch A:

create Interface on vlan:

Interface vlan 20
ip address 10.0.0.1 255.255.255.0


Switch B

Interface vlan 20
ip address 10.0.0.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.0.0.1

Switch C

Interface vlan 20
ip address 10.0.0.3 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.0.0.1


so now you have your management Vlan and can reach the 3 switches.

Point to note here is , Switch B and C will only do routing for your management Vlan and nothing Else. Switch A  will be the Gateway of all your Vlans,

so for examlple if you have PC network  -- Vlan 10

create vlan on Switch A

and Create Interface Vlan

Interface vlan 10
ip address 192.168.10.1 255.255.255.0

when you add a device to this network -- like a computer ,  all you need to do is make sure default gateway is set to 192.168.10.1   and you can put this on any switch  as long as configure access port :

switchport mode access
switchport access vlan 10


Switch A will do all of your intervlan routing.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Ok peter, Ok I have configured my switches as you have described above.
My PC is connected to switch A and is on VLAN 10.
I can telnet successfully to the VLAN 20 interface on switch A, but
I cannot telnet to the VLAN 20 interface on switch B or Switch C.
However if I telnet into switch A vlan 20 interface, from that console I
can then telnet into the other switches. Why can't I telnet directly from
my PC ?
do the switches have the default gateway set to point to switch A?


also what is Ip address of your PC  and vlan  and where is it connected?


Author

Commented:
Yes the switch B and C have their gateway set to switch A.
My PC ip is 192.168.10.20 gateway 192.68.10.1 and the port it is connected to is on VLAN 10.
can you do a show ip route  on switch A

also make sure ip routing is enabled on switch A

conf t,
Ip routing.

Author

Commented:
Does ip routing have to be enabled to route between vlans ?
yes i believe so.



Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
Yes. IP routing does have to be enabled.

Author

Commented:
Ok I'll check the switch ip route config. Does anyone know how to clear the command history ?
I know what 'show history' does.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.