Setting up the ability to ssh into a layer 2 switch
Hello Cisco Experts,
This is going to seem like a basic question, but I’m going to ask it any ways. Let’s say I have the following setup:
• A layer 3 (Cisco 3560) distribution layer switch. This switch is named DIST-SW1.
• DIST-SW1 has two vlans (vlan 10 and vlan 20).
• The network associated with vlan 10 is 10.110.10.0 /24
• The network associated with vlan20 is 10.110.20.0 /24
• Loopback0 on DIST-SW1 has the IP of 10.10.10.12 255.255.255.0
• A layer 2 (Cisco 2960) access layer switch. This switch in named ACCS-SW1
• ACCS-SW1 is connected to DIST-SW1 via a trunk
• All of the ports on ACCS-SW1 are on vlan10
• Loopback0 on ACCS-SW1 has the IP address of 10.10.10.15 255.255.255.0
If I want to ssh into DIST-SW1, I do so using the ip of 10.10.10.12. I want to be able to SSH into ACCS-SW1 as well. When I try to ssh to 10.10.10.15, there is no connection. When I try to ping 10.10.10.15, I get no reply. If I look at the routing table in DIST-SW1, I don’t see a route to get me to 10.10.10.15. This explains why the ping doesn’t work. My thought to be able to ssh into ACCS-SW1 is to change the ip of loopback0 to an IP on the 10.110.10.0 network. Unfortunately I don’t have a lab to test this on right now, so I’m asking. Is this the right approach?
Thanks,
Nick
This is going to seem like a basic question, but I’m going to ask it any ways. Let’s say I have the following setup:
• A layer 3 (Cisco 3560) distribution layer switch. This switch is named DIST-SW1.
• DIST-SW1 has two vlans (vlan 10 and vlan 20).
• The network associated with vlan 10 is 10.110.10.0 /24
• The network associated with vlan20 is 10.110.20.0 /24
• Loopback0 on DIST-SW1 has the IP of 10.10.10.12 255.255.255.0
• A layer 2 (Cisco 2960) access layer switch. This switch in named ACCS-SW1
• ACCS-SW1 is connected to DIST-SW1 via a trunk
• All of the ports on ACCS-SW1 are on vlan10
• Loopback0 on ACCS-SW1 has the IP address of 10.10.10.15 255.255.255.0
If I want to ssh into DIST-SW1, I do so using the ip of 10.10.10.12. I want to be able to SSH into ACCS-SW1 as well. When I try to ssh to 10.10.10.15, there is no connection. When I try to ping 10.10.10.15, I get no reply. If I look at the routing table in DIST-SW1, I don’t see a route to get me to 10.10.10.15. This explains why the ping doesn’t work. My thought to be able to ssh into ACCS-SW1 is to change the ip of loopback0 to an IP on the 10.110.10.0 network. Unfortunately I don’t have a lab to test this on right now, so I’m asking. Is this the right approach?
Thanks,
Nick
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I never create loopback in the same address range as any of my VLAN on switch (I never tried to do that).
Usual way to manage switches is to create separate (management) VLAN for switch management, and for that purpose you need to create VLAN interface.
For management VLAN to be in up state you need to add ports to that VLAN (adding that VLAN to trunk port should do the trick).
If you create loopback in some other ip address range you need to have routes on that switch (or default gateway depending on config) so traffic can reach anything, and also you would need routes on other devices, so that destination can be reachable.
Usual way to manage switches is to create separate (management) VLAN for switch management, and for that purpose you need to create VLAN interface.
For management VLAN to be in up state you need to add ports to that VLAN (adding that VLAN to trunk port should do the trick).
If you create loopback in some other ip address range you need to have routes on that switch (or default gateway depending on config) so traffic can reach anything, and also you would need routes on other devices, so that destination can be reachable.
For DIST-SW1 to see the rest of 10.10.10.0/24 you would need to have interesting traffic passing through the box, which a virtual interface isn't going to generate that for you. You would need a static route to point to the respective location you want.
I would recommend what Predrag Jovic said and create a management VLAN for your switches and add it to the truck and you should be able to SSH to either device.
Also, you can't have 2 interfaces within the same subnet. If you are using 10.110.10.0/24 on VLAN10 then you can't put 1 of those 255 IP addresses as a Loopback, the Cisco will spit out an error like this:
% 10.110.10.250 overlaps with Vlan10
I would recommend what Predrag Jovic said and create a management VLAN for your switches and add it to the truck and you should be able to SSH to either device.
Also, you can't have 2 interfaces within the same subnet. If you are using 10.110.10.0/24 on VLAN10 then you can't put 1 of those 255 IP addresses as a Loopback, the Cisco will spit out an error like this:
% 10.110.10.250 overlaps with Vlan10
Premium Content
You need an Expert Office subscription to comment.Start Free Trial