Link to home
Start Free TrialLog in
Avatar of anarine
anarineFlag for Trinidad and Tobago

asked on

CISCO 3750 management via telnet

Hi All
I understand that the cisco 3750 catalyst swtiches do not have any management vlan, and you can telnet to any of the vlan interfaces to manage the switch. If I have 3 of these switches connected via trunk ports, and all the vlans and vlan interfaces are created on Switch A, how do I access via telnet the other 2 swtiches ? Switches B and C will not have any vlan interfaces defined on them correct ?

My other question is what commands do I need to run to find out the ip address of the last computer that telnet into to the swtich and the last set of commands that were run and the date they were executed ?
Avatar of Don Johnston
Don Johnston
Flag of United States of America image

If the other two switches are not configured to do any routing (just a simple layer 2 switch), then create a single VLAN interface on each switch and assign an IP address to the VLAN interface and define a default-gateway. Then you would telnet to that IP address.

If buffer logging is enabled (which it is by default) "show logging" will display a line like this:

Feb  7 09:58:36: %SYS-5-CONFIG_I: Configured from console by vty1 (192.168.255.12)

As for being able to what commands were issued, that's a whole 'nother ballgame. :-)

I suggest to start with this.
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html

Here's some configuration information:
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml

I guess the bottom line is that implementing AAA is not a trivial undertaking.
> Switches B and C will not have any vlan interfaces defined on them correct ?
They don't have to, but VLAN1 interface is enabled by default and generally this interface has the IP address for the switch itself. Oftentimes we setup a separate Management VLAN to put all the other switches on a different vlan other than Vlan1 for management purposes only. Then you can restrict who has access to this VLAN IP address. You can always restrict access to ALL VLAN interface IP's with a simple acl applied to the vty. Example:

access-list 61 permit <my host ip>
access-list 61 permit <my assistant IP>
line vty 0 15
 access-class 61 in

The next step would be as donjohnston suggests to set up AAA authorization and accounting using an external AAA server and external syslog server.
Avatar of anarine

ASKER

Is it possible to create Vlan 20 on Switch A and assign an ip address eg. 10.0.0.1 to the VLAN 20 virtual interface and then on Switch B assign another ip address eg 10.0.0.2 to VLAN 20 interface on that switch  B ? (VLAN 20 would have propagated to Switch B by VTP)
I would like to know if that is possible
Yes. You can use any VLAN for management.
Avatar of anarine

ASKER

Suppose Switch A has vlan 20 interface 10.0.0.1 and vlan 10 interface 192.168.0.1.
Switch B has vlan 20 interface 10.0.0.2

A computer on VLAN 20 on Switch B  has its default gateway set as 10.0.0.2.
 The computer sends a data packet destined for a computer on Switch A that is on VLAN 10.
I assume the packet first goes to the vlan 20 interface on switch B. What happens next ??

If switch B isn't performing routing functions, the packet is dropped.

It sounds like Switch A is doing the routing. The VLAN 20 interface on Switch A should be the default gateway.
ASKER CERTIFIED SOLUTION
Avatar of peterelvidge
peterelvidge

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of anarine

ASKER

Ok peter, Ok I have configured my switches as you have described above.
My PC is connected to switch A and is on VLAN 10.
I can telnet successfully to the VLAN 20 interface on switch A, but
I cannot telnet to the VLAN 20 interface on switch B or Switch C.
However if I telnet into switch A vlan 20 interface, from that console I
can then telnet into the other switches. Why can't I telnet directly from
my PC ?
Avatar of peterelvidge
peterelvidge

do the switches have the default gateway set to point to switch A?


also what is Ip address of your PC  and vlan  and where is it connected?


Avatar of anarine

ASKER

Yes the switch B and C have their gateway set to switch A.
My PC ip is 192.168.10.20 gateway 192.68.10.1 and the port it is connected to is on VLAN 10.
can you do a show ip route  on switch A

also make sure ip routing is enabled on switch A

conf t,
Ip routing.

Avatar of anarine

ASKER

Does ip routing have to be enabled to route between vlans ?
yes i believe so.



Yes. IP routing does have to be enabled.
Avatar of anarine

ASKER

Ok I'll check the switch ip route config. Does anyone know how to clear the command history ?
I know what 'show history' does.