[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

CISCO 3750 management via telnet

Posted on 2009-02-15
15
Medium Priority
?
1,932 Views
Last Modified: 2012-05-06
Hi All
I understand that the cisco 3750 catalyst swtiches do not have any management vlan, and you can telnet to any of the vlan interfaces to manage the switch. If I have 3 of these switches connected via trunk ports, and all the vlans and vlan interfaces are created on Switch A, how do I access via telnet the other 2 swtiches ? Switches B and C will not have any vlan interfaces defined on them correct ?

My other question is what commands do I need to run to find out the ip address of the last computer that telnet into to the swtich and the last set of commands that were run and the date they were executed ?
0
Comment
Question by:anarine
  • 6
  • 4
  • 3
  • +1
15 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 23644772
If the other two switches are not configured to do any routing (just a simple layer 2 switch), then create a single VLAN interface on each switch and assign an IP address to the VLAN interface and define a default-gateway. Then you would telnet to that IP address.

If buffer logging is enabled (which it is by default) "show logging" will display a line like this:

Feb  7 09:58:36: %SYS-5-CONFIG_I: Configured from console by vty1 (192.168.255.12)

As for being able to what commands were issued, that's a whole 'nother ballgame. :-)

I suggest to start with this.
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfaaa.html

Here's some configuration information:
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml

I guess the bottom line is that implementing AAA is not a trivial undertaking.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 23644804
> Switches B and C will not have any vlan interfaces defined on them correct ?
They don't have to, but VLAN1 interface is enabled by default and generally this interface has the IP address for the switch itself. Oftentimes we setup a separate Management VLAN to put all the other switches on a different vlan other than Vlan1 for management purposes only. Then you can restrict who has access to this VLAN IP address. You can always restrict access to ALL VLAN interface IP's with a simple acl applied to the vty. Example:

access-list 61 permit <my host ip>
access-list 61 permit <my assistant IP>
line vty 0 15
 access-class 61 in

The next step would be as donjohnston suggests to set up AAA authorization and accounting using an external AAA server and external syslog server.
0
 

Author Comment

by:anarine
ID: 23645072
Is it possible to create Vlan 20 on Switch A and assign an ip address eg. 10.0.0.1 to the VLAN 20 virtual interface and then on Switch B assign another ip address eg 10.0.0.2 to VLAN 20 interface on that switch  B ? (VLAN 20 would have propagated to Switch B by VTP)
I would like to know if that is possible
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 50

Expert Comment

by:Don Johnston
ID: 23645139
Yes. You can use any VLAN for management.
0
 

Author Comment

by:anarine
ID: 23646478
Suppose Switch A has vlan 20 interface 10.0.0.1 and vlan 10 interface 192.168.0.1.
Switch B has vlan 20 interface 10.0.0.2

A computer on VLAN 20 on Switch B  has its default gateway set as 10.0.0.2.
 The computer sends a data packet destined for a computer on Switch A that is on VLAN 10.
I assume the packet first goes to the vlan 20 interface on switch B. What happens next ??

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 23646558
If switch B isn't performing routing functions, the packet is dropped.

It sounds like Switch A is doing the routing. The VLAN 20 interface on Switch A should be the default gateway.
0
 
LVL 4

Accepted Solution

by:
peterelvidge earned 150 total points
ID: 23651762
Sorry if this might seem a bit obvious in places -- just wanted to make sure there are no confusions

Make trunk links between all 3 switches:  ( also enable ip routing-- conf t > ip routing)

eg:
interface GigabitEthernet  x/x
 switchport trunk encapsulation dot1q
 switchport mode trunk

then make switch A your vtp server

conf t
vtp domain  domainvtp
vtp mode server

make switch B and C  vtp clients:

vtp domain domainvtp
vtp mode client

On switch A, your vlans will now propagate to others  when you make or delete vlans .

Create Vlan 20 on Switch A   (vlan 20 is your management Vlan)  and also any other vlans you want to make , eg Vlan 10  (PC)  , Vlan 30 (Voice)


Making management Vlan

Switch A:

create Interface on vlan:

Interface vlan 20
ip address 10.0.0.1 255.255.255.0


Switch B

Interface vlan 20
ip address 10.0.0.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.0.0.1

Switch C

Interface vlan 20
ip address 10.0.0.3 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.0.0.1


so now you have your management Vlan and can reach the 3 switches.

Point to note here is , Switch B and C will only do routing for your management Vlan and nothing Else. Switch A  will be the Gateway of all your Vlans,

so for examlple if you have PC network  -- Vlan 10

create vlan on Switch A

and Create Interface Vlan

Interface vlan 10
ip address 192.168.10.1 255.255.255.0

when you add a device to this network -- like a computer ,  all you need to do is make sure default gateway is set to 192.168.10.1   and you can put this on any switch  as long as configure access port :

switchport mode access
switchport access vlan 10


Switch A will do all of your intervlan routing.


0
 

Author Comment

by:anarine
ID: 23657999
Ok peter, Ok I have configured my switches as you have described above.
My PC is connected to switch A and is on VLAN 10.
I can telnet successfully to the VLAN 20 interface on switch A, but
I cannot telnet to the VLAN 20 interface on switch B or Switch C.
However if I telnet into switch A vlan 20 interface, from that console I
can then telnet into the other switches. Why can't I telnet directly from
my PC ?
0
 
LVL 4

Expert Comment

by:peterelvidge
ID: 23658015
do the switches have the default gateway set to point to switch A?


also what is Ip address of your PC  and vlan  and where is it connected?


0
 

Author Comment

by:anarine
ID: 23658119
Yes the switch B and C have their gateway set to switch A.
My PC ip is 192.168.10.20 gateway 192.68.10.1 and the port it is connected to is on VLAN 10.
0
 
LVL 4

Expert Comment

by:peterelvidge
ID: 23658131
can you do a show ip route  on switch A

also make sure ip routing is enabled on switch A

conf t,
Ip routing.

0
 

Author Comment

by:anarine
ID: 23658682
Does ip routing have to be enabled to route between vlans ?
0
 
LVL 4

Expert Comment

by:peterelvidge
ID: 23658722
yes i believe so.



0
 
LVL 79

Expert Comment

by:lrmoore
ID: 23659354
Yes. IP routing does have to be enabled.
0
 

Author Comment

by:anarine
ID: 23691301
Ok I'll check the switch ip route config. Does anyone know how to clear the command history ?
I know what 'show history' does.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question