Setting up the ability to ssh into a layer 2 switch
This is going to seem like a basic question, but I’m going to ask it any ways. Let’s say I have the following setup:
• A layer 3 (Cisco 3560) distribution layer switch. This switch is named DIST-SW1.
• DIST-SW1 has two vlans (vlan 10 and vlan 20).
• The network associated with vlan 10 is 10.110.10.0 /24
• The network associated with vlan20 is 10.110.20.0 /24
• Loopback0 on DIST-SW1 has the IP of 10.10.10.12 255.255.255.0
• A layer 2 (Cisco 2960) access layer switch. This switch in named ACCS-SW1
• ACCS-SW1 is connected to DIST-SW1 via a trunk
• All of the ports on ACCS-SW1 are on vlan10
• Loopback0 on ACCS-SW1 has the IP address of 10.10.10.15 255.255.255.0
If I want to ssh into DIST-SW1, I do so using the ip of 10.10.10.12. I want to be able to SSH into ACCS-SW1 as well. When I try to ssh to 10.10.10.15, there is no connection. When I try to ping 10.10.10.15, I get no reply. If I look at the routing table in DIST-SW1, I don’t see a route to get me to 10.10.10.15. This explains why the ping doesn’t work. My thought to be able to ssh into ACCS-SW1 is to change the ip of loopback0 to an IP on the 10.110.10.0 network. Unfortunately I don’t have a lab to test this on right now, so I’m asking. Is this the right approach?
Thanks,
Nick
Who is Participating?
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialI would recommend what Predrag Jovic said and create a management VLAN for your switches and add it to the truck and you should be able to SSH to either device.
Also, you can't have 2 interfaces within the same subnet. If you are using 10.110.10.0/24 on VLAN10 then you can't put 1 of those 255 IP addresses as a Loopback, the Cisco will spit out an error like this:
% 10.110.10.250 overlaps with Vlan10
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Excel 2010 Basic 264 lessons
Experts Exchange Solution brought to you by
Usual way to manage switches is to create separate (management) VLAN for switch management, and for that purpose you need to create VLAN interface.
For management VLAN to be in up state you need to add ports to that VLAN (adding that VLAN to trunk port should do the trick).
If you create loopback in some other ip address range you need to have routes on that switch (or default gateway depending on config) so traffic can reach anything, and also you would need routes on other devices, so that destination can be reachable.