tails71
asked on
Remote Access to Cisco 2960 switch
We had a Cisco 2960 switch that I rebuilt. I copied the running config from an existing switch that is identical to this switch. both are access point switches that are plugged into our core switch. The rebuilt switch has an IP of 10.38.36.40. Everything plugged into the switch (printers, cameras, and workstations) is working fine. I can ping everything on the switch, but I can't ping or remote connect into the switch itself. I have unplugged the switch and brought it back up 3 times, but still no remote connection.
Here is the running config:
Using 5659 out of 65536 bytes
!
version 12.2
no service slave-log
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service pt-vty-logging
service sequence-numbers
!
hostname DHS-RM11-AS01
!
boot-start-marker
boot-end-marker
!
logging buffered 8192
logging rate-limit 10 except errors
!
username admin privilege 15 password 7 0020362A340A52505B
username taylorp privilege 15 password 7 13311F1700050A2D7A
no aaa new-model
clock timezone CDT -6
clock summer-time CST recurring
system mtu routing 1500
ip subnet-zero
!
no ip domain-lookup
ip domain-name net.dwight.k12.il.us
!
!
crypto pki trustpoint TP-self-signed-1445844480
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1445844480
!
!
crypto pki certificate chain TP-self-signed-1445844480
certificate self-signed 01 nvram:IOS-Self-Sig#3002.ce
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/13
description RM11 PRINTERS
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/21
description SECURITY CAMERAS
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/22
description SECURITY CAMERAS
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/23
description SECURITY CAMERAS
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/24
description SECURITY CAMERAS
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
description UPLINK TO DHS-MDC-CS01
switchport mode trunk
!
interface GigabitEthernet0/2
description NOT IN USE
switchport mode trunk
shutdown
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
ip address 10.38.36.40 255.255.255.0
no ip route-cache
!
ip default-gateway 10.38.36.1
no ip http server
ip http secure-server
logging 192.168.145.110
access-list 90 remark SNMP RO Management
access-list 90 permit 192.168.145.0 0.0.0.255
access-list 90 permit 10.38.38.0 0.0.0.255
access-list 91 remark SNMP RW Management
access-list 91 permit 10.38.38.200
snmp-server community DPS5NMP$RO RO 90
snmp-server community DPS5NMP$RW RW 91
snmp-server trap-source Vlan10
snmp-server system-shutdown
snmp-server enable traps snmp coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps cpu threshold
snmp-server enable traps syslog
snmp-server host 10.38.38.200 DPS5NMP$RW
snmp ifmib ifindex persist
!
control-plane
!
banner motd ^C
Notice:
-------
This system is for the use of authorized users only. Individuals using
this computing system without authority, or in excess of their authority,
are subject to having all of their activities on this system monitored
and recorded by system personnel.
In the course of monitoring individuals improperly using this system,
or in the course of system maintenance, the activities of authorized
users may be monitored.
Anyone using this system expressly consents to such monitoring and is
advised that if such monitoring reveals possible evidence of criminal
activity, system personnel may provide the evidence of such monitoring
to law enforcement officials.
^C
!
line con 0
login local
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
ntp clock-period 36028992
ntp server 10.38.36.1
end
Here is the running config:
Using 5659 out of 65536 bytes
!
version 12.2
no service slave-log
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service pt-vty-logging
service sequence-numbers
!
hostname DHS-RM11-AS01
!
boot-start-marker
boot-end-marker
!
logging buffered 8192
logging rate-limit 10 except errors
!
username admin privilege 15 password 7 0020362A340A52505B
username taylorp privilege 15 password 7 13311F1700050A2D7A
no aaa new-model
clock timezone CDT -6
clock summer-time CST recurring
system mtu routing 1500
ip subnet-zero
!
no ip domain-lookup
ip domain-name net.dwight.k12.il.us
!
!
crypto pki trustpoint TP-self-signed-1445844480
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1445844480
!
!
crypto pki certificate chain TP-self-signed-1445844480
certificate self-signed 01 nvram:IOS-Self-Sig#3002.ce
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/13
description RM11 PRINTERS
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/21
description SECURITY CAMERAS
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/22
description SECURITY CAMERAS
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/23
description SECURITY CAMERAS
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/24
description SECURITY CAMERAS
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
description UPLINK TO DHS-MDC-CS01
switchport mode trunk
!
interface GigabitEthernet0/2
description NOT IN USE
switchport mode trunk
shutdown
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
ip address 10.38.36.40 255.255.255.0
no ip route-cache
!
ip default-gateway 10.38.36.1
no ip http server
ip http secure-server
logging 192.168.145.110
access-list 90 remark SNMP RO Management
access-list 90 permit 192.168.145.0 0.0.0.255
access-list 90 permit 10.38.38.0 0.0.0.255
access-list 91 remark SNMP RW Management
access-list 91 permit 10.38.38.200
snmp-server community DPS5NMP$RO RO 90
snmp-server community DPS5NMP$RW RW 91
snmp-server trap-source Vlan10
snmp-server system-shutdown
snmp-server enable traps snmp coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps cpu threshold
snmp-server enable traps syslog
snmp-server host 10.38.38.200 DPS5NMP$RW
snmp ifmib ifindex persist
!
control-plane
!
banner motd ^C
Notice:
-------
This system is for the use of authorized users only. Individuals using
this computing system without authority, or in excess of their authority,
are subject to having all of their activities on this system monitored
and recorded by system personnel.
In the course of monitoring individuals improperly using this system,
or in the course of system maintenance, the activities of authorized
users may be monitored.
Anyone using this system expressly consents to such monitoring and is
advised that if such monitoring reveals possible evidence of criminal
activity, system personnel may provide the evidence of such monitoring
to law enforcement officials.
^C
!
line con 0
login local
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
ntp clock-period 36028992
ntp server 10.38.36.1
end
The lines, "transport input ssh," mean the switch is accessable via SSH. Are you trying to access the switch with an SSH client such as putty? Also, are you trying to ping it from a VLAN10, or VLAN201 device? If VLAN201, then you may need to add these lines:
conf t
interface Vlan201
no ip address
no ip route-cache
no shutdown
end
conf t
interface Vlan201
no ip address
no ip route-cache
no shutdown
end
You have:
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
ip address 10.38.36.40 255.255.255.0
no ip route-cache
--------------------------
I would also add all other vlan interfaces that the switch contains as you did for int vlan1. eg-
interface Vlan50
no ip address
no ip route-cache
If the switch is on Vlan10, -does your PC have the rights to cross vlans on the core router via access lists?
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
ip address 10.38.36.40 255.255.255.0
no ip route-cache
--------------------------
I would also add all other vlan interfaces that the switch contains as you did for int vlan1. eg-
interface Vlan50
no ip address
no ip route-cache
If the switch is on Vlan10, -does your PC have the rights to cross vlans on the core router via access lists?
ASKER
I have generated the RSA Key.
I'm using PuTTy to access my switches. I'm trying to ping the switch from VLAN201. We have an identical switch in a different room, that is working and accessed the same way. The config is the same except for the hostname and ip address of the switch. The "interface Vlan201" section is not present.
The only thing I'm wondering is these lines:
access-list 91 permit 10.38.38.200
snmp-server host 10.38.38.200 DPS5NMP$RW
They point to an old server that was shutdown. These lines are present in the switch that is accessible.
I'm using PuTTy to access my switches. I'm trying to ping the switch from VLAN201. We have an identical switch in a different room, that is working and accessed the same way. The config is the same except for the hostname and ip address of the switch. The "interface Vlan201" section is not present.
The only thing I'm wondering is these lines:
access-list 91 permit 10.38.38.200
snmp-server host 10.38.38.200 DPS5NMP$RW
They point to an old server that was shutdown. These lines are present in the switch that is accessible.
Also, if you're wanting to telnet into the switch you'd want to configure your VTY lines to include: transport input telnet ssh
that way it gives you both telnet AND ssh access to the vty's.
that way it gives you both telnet AND ssh access to the vty's.
Can you post the port config of the switch, that this switch uplinks to?
ASKER
This is the port on the core switch that the switch (trouble accessing one) is connected to:
interface GigabitEthernet0/14
description UPLINK TO DHS-RM11-AS01
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/14
description UPLINK TO DHS-RM11-AS01
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did a "show cdp neighbor detail" cmd. I discovered that the switch was appearing, but not it's IP address. This lead me down the pass of seeing what VLANs were active on the switch. Then discovering I had to add our management VLAN.
for example:
Open in new window