Solved

Remote Access to Cisco 2960 switch

Posted on 2012-03-21
9
1,578 Views
Last Modified: 2012-03-27
We had a Cisco 2960 switch that I rebuilt.  I copied the running config from an existing switch that is identical to this switch.  both are access point switches that are plugged into our core switch.  The rebuilt switch has an IP of 10.38.36.40.  Everything plugged into the switch (printers, cameras, and workstations) is working fine.  I can ping everything on the switch, but I can't ping or remote connect into the switch itself.  I have unplugged the switch and brought it back up 3 times, but still no remote connection.

Here is the running config:
Using 5659 out of 65536 bytes
!
version 12.2
no service slave-log
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service linenumber
service pt-vty-logging
service sequence-numbers
!
hostname DHS-RM11-AS01
!
boot-start-marker
boot-end-marker
!
logging buffered 8192
logging rate-limit 10 except errors
!
username admin privilege 15 password 7 0020362A340A52505B
username taylorp privilege 15 password 7 13311F1700050A2D7A
no aaa new-model
clock timezone CDT -6
clock summer-time CST recurring
system mtu routing 1500
ip subnet-zero
!
no ip domain-lookup
ip domain-name net.dwight.k12.il.us
!
!
crypto pki trustpoint TP-self-signed-1445844480
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1445844480
 revocation-check none
 rsakeypair TP-self-signed-1445844480
!
!
crypto pki certificate chain TP-self-signed-1445844480
 certificate self-signed 01 nvram:IOS-Self-Sig#3002.cer
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/13
 description RM11 PRINTERS
 switchport access vlan 20
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 201
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/21
 description SECURITY CAMERAS
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/22
 description SECURITY CAMERAS
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/23
 description SECURITY CAMERAS
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/24
 description SECURITY CAMERAS
 switchport access vlan 50
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet0/1
 description UPLINK TO DHS-MDC-CS01
 switchport mode trunk
!
interface GigabitEthernet0/2
 description NOT IN USE
 switchport mode trunk
 shutdown
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan10
 ip address 10.38.36.40 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.38.36.1
no ip http server
ip http secure-server
logging 192.168.145.110
access-list 90 remark SNMP RO Management
access-list 90 permit 192.168.145.0 0.0.0.255
access-list 90 permit 10.38.38.0 0.0.0.255
access-list 91 remark SNMP RW Management
access-list 91 permit 10.38.38.200
snmp-server community DPS5NMP$RO RO 90
snmp-server community DPS5NMP$RW RW 91
snmp-server trap-source Vlan10
snmp-server system-shutdown
snmp-server enable traps snmp coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps cpu threshold
snmp-server enable traps syslog
snmp-server host 10.38.38.200 DPS5NMP$RW
snmp ifmib ifindex persist
!
control-plane
!
banner motd ^C
Notice:
-------
This system is for the use of authorized users only. Individuals using
this computing system without authority, or in excess of their authority,
are subject to having all of their activities on this system monitored
and recorded by system personnel.
In the course of monitoring individuals improperly using this system,
or in the course of system maintenance, the activities of authorized
users may be monitored.
Anyone using this system expressly consents to such monitoring and is
advised that if such monitoring reveals possible evidence of criminal
activity, system personnel may provide the evidence of such monitoring
to law enforcement officials.
^C
!
line con 0
 login local
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login local
 transport input ssh
!
ntp clock-period 36028992
ntp server 10.38.36.1
end
0
Comment
Question by:tails71
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 7

Expert Comment

by:raeldri
ID: 37748453
have you generated the RSA key on the switch?

for example:
crypto key generate rsa general-keys modulus 1024

Open in new window

0
 
LVL 22

Expert Comment

by:eeRoot
ID: 37748455
The lines, "transport input ssh," mean the switch is accessable via SSH.  Are you trying to access the switch with an SSH client such as putty?  Also, are you trying to ping it from a VLAN10, or VLAN201 device?  If VLAN201, then you may need to add these lines:

conf t
interface Vlan201
 no ip address
 no ip route-cache
 no shutdown
end
0
 

Expert Comment

by:sstire
ID: 37748666
You have:
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan10
 ip address 10.38.36.40 255.255.255.0
 no ip route-cache
---------------------------------------------------------
I would also add all other vlan interfaces that the switch contains as you did for int vlan1. eg-
interface Vlan50
no ip address
no ip route-cache


If the switch is on Vlan10, -does your PC have the rights to cross vlans on the core router via access lists?
0
 

Author Comment

by:tails71
ID: 37748679
I have generated the RSA Key.

I'm using PuTTy to access my switches.  I'm trying to ping the switch from VLAN201.  We have an identical switch in a different room, that is working and accessed the same way.  The config is the same except for the hostname and ip address of the switch.  The "interface Vlan201" section is not present.

The only thing I'm wondering is these lines:

      access-list 91 permit 10.38.38.200

      snmp-server host 10.38.38.200 DPS5NMP$RW


They point to an old server that was shutdown.  These lines are present in the switch that is accessible.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Expert Comment

by:sstire
ID: 37748684
Also, if you're wanting to telnet into the switch you'd want to configure your VTY lines to include: transport input telnet ssh
that way it gives you both telnet AND ssh access to the vty's.
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 37750731
Can you post the port config of the switch, that this switch uplinks to?
0
 

Author Comment

by:tails71
ID: 37754613
This is the port on the core switch that the switch (trouble accessing one) is connected to:

interface GigabitEthernet0/14
 description UPLINK TO DHS-RM11-AS01
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast
0
 

Accepted Solution

by:
tails71 earned 0 total points
ID: 37755006
I talked with a buddy from Cisco.  He told me to do a "show vlan".  We discovered that VLAN 10 (our management vlan) wasn't appearing.

I added VLAN 10 to the switch, and presto.  Remote access.
0
 

Author Closing Comment

by:tails71
ID: 37770445
I did a "show cdp neighbor detail" cmd.  I discovered that the switch was appearing, but not it's IP address.  This lead me down the pass of seeing what VLANs were active on the switch.  Then discovering I had to add our management VLAN.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now