Unable to telnet to Catalyst switches on different subnets

Discussion in 'Cisco' started by ttripp@magnoliamanor.com, Dec 28, 2005.

  1. Guest

    My problem is this: I have two Catalyst switches (a 2950 LRE and a
    2950T) on remote subnets that I cannot telnet or http to. While the
    subnets are remote (different cities), they are all connected through
    the Internet via VPN tunnels. I can ping the switches from my subnet
    (192.168.1.x, the switches are on subnets 192.168.7.x and 192.168.9.x),
    but I cannot telnet or http to them.

    Making things more interesting: if I take remote control of a user's
    computer (RDP or SMS remote tools) that is on the same subnet as the
    switch, I CAN telnet or http to the switch!

    No other devices seem to have this problem (HP switches, which are
    basically rebadged Cisco switches, or a older Cat1900, and no Cats on
    my local subnet). I thought it might be some weirdness with the VLANs,
    but all my equipment is set to VLAN1, Cisco and non-Cisco alike.

    Here are the configs for the two switches (modified for my protection,
    natch)


    SWITCH ON THE 192.168.7.X SUBNET
    ------------------------------------------------------------------------------------------
    sh run
    Building configuration...

    Current configuration : 2436 bytes
    !
    ! Last configuration change at 12:26:29 EST Wed Dec 28 2005
    ! NVRAM config last updated at 12:26:29 EST Wed Dec 28 2005
    !
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Cat2950T
    !
    enable secret xxxxxxxxxx
    !
    clock timezone EST -5
    ip subnet-zero
    !
    ip domain-name xxxxxxxxx
    !
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    !
    !
    !
    !
    interface FastEthernet0/1
    !
    interface FastEthernet0/2
    !
    interface FastEthernet0/3
    !
    interface FastEthernet0/4
    !
    interface FastEthernet0/5
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    !
    interface FastEthernet0/10
    !
    interface FastEthernet0/11
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
    !
    interface FastEthernet0/14
    !
    interface FastEthernet0/15
    !
    interface FastEthernet0/16
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface GigabitEthernet0/1
    !
    interface GigabitEthernet0/2
    !
    interface Vlan1
    ip address 192.168.7.5 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 192.168.7.1
    ip http server

    (bunch of snmp stuff deleted)

    !
    line con 0
    line vty 0 4
    password yyyyyyyy
    login
    line vty 5 15
    password yyyyyyyyyy
    login
    !
    ntp clock-period 17179946
    ntp server 192.168.1.81
    !
    end
    ------------------------------------------------------------------------------------------


    SWITCH ON THE 192.168.9.X SUBNET
    -------------------------------------------------------------------------------------------
    Current configuration : 1485 bytes
    !
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname CiscoCat2950LRE
    !
    enable secret xxxxxxxxxxxxxxx
    !
    ip subnet-zero
    !
    !
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    !
    !
    !
    controller LongReachEthernet 0
    !
    !
    interface GigabitEthernet0/1
    !
    interface GigabitEthernet0/2
    !
    interface LongReachEthernet0/1
    cpe type CISCO575-LRE
    flowcontrol receive on
    flowcontrol send on
    !
    interface LongReachEthernet0/2
    flowcontrol receive on
    flowcontrol send on
    !
    interface LongReachEthernet0/3
    flowcontrol receive on
    flowcontrol send on
    !
    interface LongReachEthernet0/4
    flowcontrol receive on
    flowcontrol send on
    !
    interface LongReachEthernet0/5
    flowcontrol receive on
    flowcontrol send on
    !
    interface LongReachEthernet0/6
    flowcontrol receive on
    flowcontrol send on
    !
    interface LongReachEthernet0/7
    flowcontrol receive on
    flowcontrol send on
    !
    interface LongReachEthernet0/8
    flowcontrol receive on
    flowcontrol send on
    !
    interface Vlan1
    ip address 192.168.10.5 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 192.168.10.1
    ip http server

    (bunch of snmp stuff deleted)

    !
    line con 0
    line vty 0 4
    password yyyyyyyyy
    login
    line vty 5 15
    login
    !
    !
    end
    ------------------------------------------------------------------------------------------------------

    As you can see, no access-lists blocking anything. As I said, I can
    ping OK, and SNMP queries (I deleted all the SNMP stuff above to make
    this long post a bit shorter) are returned w/ no problems. The VPNs
    are working OK, and there's nothing in the firewall rules (SonicWALL
    firewalls) to block anything on the VPN. And as I said, telnet and
    http work fine as long as I'm on a computer that's on the same subnet.

    I've never come across this sort of problem with Cisco equipment, but
    I've always played in pure Cisco environments, not one with a mix of
    Cisco and non-Cisco equipment like this.

    Anyone? Anyone? Bueller?
     
    , Dec 28, 2005
    #1
    1. Advertising

  2. Igor Mamuzic Guest

    It seems that switches are ok, so problem could be somewhere on the path
    between your network and remote network where switches resides...
    If you are able to connect to the HP devices are you sure that there is no
    some ACL's along the path that blocks communication with cisco equipment
    explicitly?

    B.R.
    Igor


    <> wrote in message
    news:...
    > My problem is this: I have two Catalyst switches (a 2950 LRE and a
    > 2950T) on remote subnets that I cannot telnet or http to. While the
    > subnets are remote (different cities), they are all connected through
    > the Internet via VPN tunnels. I can ping the switches from my subnet
    > (192.168.1.x, the switches are on subnets 192.168.7.x and 192.168.9.x),
    > but I cannot telnet or http to them.
    >
    > Making things more interesting: if I take remote control of a user's
    > computer (RDP or SMS remote tools) that is on the same subnet as the
    > switch, I CAN telnet or http to the switch!
    >
    > No other devices seem to have this problem (HP switches, which are
    > basically rebadged Cisco switches, or a older Cat1900, and no Cats on
    > my local subnet). I thought it might be some weirdness with the VLANs,
    > but all my equipment is set to VLAN1, Cisco and non-Cisco alike.
    >
    > Here are the configs for the two switches (modified for my protection,
    > natch)
    >
    >
    > SWITCH ON THE 192.168.7.X SUBNET
    > ------------------------------------------------------------------------------------------
    > sh run
    > Building configuration...
    >
    > Current configuration : 2436 bytes
    > !
    > ! Last configuration change at 12:26:29 EST Wed Dec 28 2005
    > ! NVRAM config last updated at 12:26:29 EST Wed Dec 28 2005
    > !
    > version 12.1
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > no service password-encryption
    > !
    > hostname Cat2950T
    > !
    > enable secret xxxxxxxxxx
    > !
    > clock timezone EST -5
    > ip subnet-zero
    > !
    > ip domain-name xxxxxxxxx
    > !
    > spanning-tree mode pvst
    > no spanning-tree optimize bpdu transmission
    > spanning-tree extend system-id
    > !
    > !
    > !
    > !
    > interface FastEthernet0/1
    > !
    > interface FastEthernet0/2
    > !
    > interface FastEthernet0/3
    > !
    > interface FastEthernet0/4
    > !
    > interface FastEthernet0/5
    > !
    > interface FastEthernet0/6
    > !
    > interface FastEthernet0/7
    > !
    > interface FastEthernet0/8
    > !
    > interface FastEthernet0/9
    > !
    > interface FastEthernet0/10
    > !
    > interface FastEthernet0/11
    > !
    > interface FastEthernet0/12
    > !
    > interface FastEthernet0/13
    > !
    > interface FastEthernet0/14
    > !
    > interface FastEthernet0/15
    > !
    > interface FastEthernet0/16
    > !
    > interface FastEthernet0/17
    > !
    > interface FastEthernet0/18
    > !
    > interface FastEthernet0/19
    > !
    > interface FastEthernet0/20
    > !
    > interface FastEthernet0/21
    > !
    > interface FastEthernet0/22
    > !
    > interface FastEthernet0/23
    > !
    > interface FastEthernet0/24
    > !
    > interface GigabitEthernet0/1
    > !
    > interface GigabitEthernet0/2
    > !
    > interface Vlan1
    > ip address 192.168.7.5 255.255.255.0
    > no ip route-cache
    > !
    > ip default-gateway 192.168.7.1
    > ip http server
    >
    > (bunch of snmp stuff deleted)
    >
    > !
    > line con 0
    > line vty 0 4
    > password yyyyyyyy
    > login
    > line vty 5 15
    > password yyyyyyyyyy
    > login
    > !
    > ntp clock-period 17179946
    > ntp server 192.168.1.81
    > !
    > end
    > ------------------------------------------------------------------------------------------
    >
    >
    > SWITCH ON THE 192.168.9.X SUBNET
    > -------------------------------------------------------------------------------------------
    > Current configuration : 1485 bytes
    > !
    > version 12.1
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > no service password-encryption
    > !
    > hostname CiscoCat2950LRE
    > !
    > enable secret xxxxxxxxxxxxxxx
    > !
    > ip subnet-zero
    > !
    > !
    > spanning-tree mode pvst
    > no spanning-tree optimize bpdu transmission
    > spanning-tree extend system-id
    > !
    > !
    > !
    > controller LongReachEthernet 0
    > !
    > !
    > interface GigabitEthernet0/1
    > !
    > interface GigabitEthernet0/2
    > !
    > interface LongReachEthernet0/1
    > cpe type CISCO575-LRE
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/2
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/3
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/4
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/5
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/6
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/7
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/8
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface Vlan1
    > ip address 192.168.10.5 255.255.255.0
    > no ip route-cache
    > !
    > ip default-gateway 192.168.10.1
    > ip http server
    >
    > (bunch of snmp stuff deleted)
    >
    > !
    > line con 0
    > line vty 0 4
    > password yyyyyyyyy
    > login
    > line vty 5 15
    > login
    > !
    > !
    > end
    > ------------------------------------------------------------------------------------------------------
    >
    > As you can see, no access-lists blocking anything. As I said, I can
    > ping OK, and SNMP queries (I deleted all the SNMP stuff above to make
    > this long post a bit shorter) are returned w/ no problems. The VPNs
    > are working OK, and there's nothing in the firewall rules (SonicWALL
    > firewalls) to block anything on the VPN. And as I said, telnet and
    > http work fine as long as I'm on a computer that's on the same subnet.
    >
    > I've never come across this sort of problem with Cisco equipment, but
    > I've always played in pure Cisco environments, not one with a mix of
    > Cisco and non-Cisco equipment like this.
    >
    > Anyone? Anyone? Bueller?
    >
    >
     
    Igor Mamuzic, Dec 28, 2005
    #2
    1. Advertising

  3. Guest

    The only places any ACL's would be located are on the SonicWALL
    firewalls, and I've rechecked those; no ACL blocks anywhere.
     
    , Dec 28, 2005
    #3
  4. Telus Guest

    You might have a problem with your default gateway command - the 'default
    gateway' command only sets the DGW for the console. It's the 'ip route'
    command that determines routes for the interfaces.

    If you can ping the router, the 'ip route' is correct. If you can't telnet,
    you need to fix your 'default gateway'.




    <> wrote in message
    news:...
    > My problem is this: I have two Catalyst switches (a 2950 LRE and a
    > 2950T) on remote subnets that I cannot telnet or http to. While the
    > subnets are remote (different cities), they are all connected through
    > the Internet via VPN tunnels. I can ping the switches from my subnet
    > (192.168.1.x, the switches are on subnets 192.168.7.x and 192.168.9.x),
    > but I cannot telnet or http to them.
    >
    > Making things more interesting: if I take remote control of a user's
    > computer (RDP or SMS remote tools) that is on the same subnet as the
    > switch, I CAN telnet or http to the switch!
    >
    > No other devices seem to have this problem (HP switches, which are
    > basically rebadged Cisco switches, or a older Cat1900, and no Cats on
    > my local subnet). I thought it might be some weirdness with the VLANs,
    > but all my equipment is set to VLAN1, Cisco and non-Cisco alike.
    >
    > Here are the configs for the two switches (modified for my protection,
    > natch)
    >
    >
    > SWITCH ON THE 192.168.7.X SUBNET
    > --------------------------------------------------------------------------

    ----------------
    > sh run
    > Building configuration...
    >
    > Current configuration : 2436 bytes
    > !
    > ! Last configuration change at 12:26:29 EST Wed Dec 28 2005
    > ! NVRAM config last updated at 12:26:29 EST Wed Dec 28 2005
    > !
    > version 12.1
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > no service password-encryption
    > !
    > hostname Cat2950T
    > !
    > enable secret xxxxxxxxxx
    > !
    > clock timezone EST -5
    > ip subnet-zero
    > !
    > ip domain-name xxxxxxxxx
    > !
    > spanning-tree mode pvst
    > no spanning-tree optimize bpdu transmission
    > spanning-tree extend system-id
    > !
    > !
    > !
    > !
    > interface FastEthernet0/1
    > !
    > interface FastEthernet0/2
    > !
    > interface FastEthernet0/3
    > !
    > interface FastEthernet0/4
    > !
    > interface FastEthernet0/5
    > !
    > interface FastEthernet0/6
    > !
    > interface FastEthernet0/7
    > !
    > interface FastEthernet0/8
    > !
    > interface FastEthernet0/9
    > !
    > interface FastEthernet0/10
    > !
    > interface FastEthernet0/11
    > !
    > interface FastEthernet0/12
    > !
    > interface FastEthernet0/13
    > !
    > interface FastEthernet0/14
    > !
    > interface FastEthernet0/15
    > !
    > interface FastEthernet0/16
    > !
    > interface FastEthernet0/17
    > !
    > interface FastEthernet0/18
    > !
    > interface FastEthernet0/19
    > !
    > interface FastEthernet0/20
    > !
    > interface FastEthernet0/21
    > !
    > interface FastEthernet0/22
    > !
    > interface FastEthernet0/23
    > !
    > interface FastEthernet0/24
    > !
    > interface GigabitEthernet0/1
    > !
    > interface GigabitEthernet0/2
    > !
    > interface Vlan1
    > ip address 192.168.7.5 255.255.255.0
    > no ip route-cache
    > !
    > ip default-gateway 192.168.7.1
    > ip http server
    >
    > (bunch of snmp stuff deleted)
    >
    > !
    > line con 0
    > line vty 0 4
    > password yyyyyyyy
    > login
    > line vty 5 15
    > password yyyyyyyyyy
    > login
    > !
    > ntp clock-period 17179946
    > ntp server 192.168.1.81
    > !
    > end
    > --------------------------------------------------------------------------

    ----------------
    >
    >
    > SWITCH ON THE 192.168.9.X SUBNET
    > --------------------------------------------------------------------------

    -----------------
    > Current configuration : 1485 bytes
    > !
    > version 12.1
    > no service pad
    > service timestamps debug uptime
    > service timestamps log uptime
    > no service password-encryption
    > !
    > hostname CiscoCat2950LRE
    > !
    > enable secret xxxxxxxxxxxxxxx
    > !
    > ip subnet-zero
    > !
    > !
    > spanning-tree mode pvst
    > no spanning-tree optimize bpdu transmission
    > spanning-tree extend system-id
    > !
    > !
    > !
    > controller LongReachEthernet 0
    > !
    > !
    > interface GigabitEthernet0/1
    > !
    > interface GigabitEthernet0/2
    > !
    > interface LongReachEthernet0/1
    > cpe type CISCO575-LRE
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/2
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/3
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/4
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/5
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/6
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/7
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface LongReachEthernet0/8
    > flowcontrol receive on
    > flowcontrol send on
    > !
    > interface Vlan1
    > ip address 192.168.10.5 255.255.255.0
    > no ip route-cache
    > !
    > ip default-gateway 192.168.10.1
    > ip http server
    >
    > (bunch of snmp stuff deleted)
    >
    > !
    > line con 0
    > line vty 0 4
    > password yyyyyyyyy
    > login
    > line vty 5 15
    > login
    > !
    > !
    > end
    > --------------------------------------------------------------------------

    ----------------------------
    >
    > As you can see, no access-lists blocking anything. As I said, I can
    > ping OK, and SNMP queries (I deleted all the SNMP stuff above to make
    > this long post a bit shorter) are returned w/ no problems. The VPNs
    > are working OK, and there's nothing in the firewall rules (SonicWALL
    > firewalls) to block anything on the VPN. And as I said, telnet and
    > http work fine as long as I'm on a computer that's on the same subnet.
    >
    > I've never come across this sort of problem with Cisco equipment, but
    > I've always played in pure Cisco environments, not one with a mix of
    > Cisco and non-Cisco equipment like this.
    >
    > Anyone? Anyone? Bueller?
    >
     
    Telus, Dec 28, 2005
    #4
  5. Telus Guest

    Sorry - you said SWITCHES... The default-gateway command is the only option
    on switches...

    If they were routers, it would matter. In this case it doesn't.

    Please disregard my post.




    "Telus" <> wrote in message
    news:cMDsf.13339$AP5.8098@edtnps84...
    > You might have a problem with your default gateway command - the 'default
    > gateway' command only sets the DGW for the console. It's the 'ip route'
    > command that determines routes for the interfaces.
    >
    > If you can ping the router, the 'ip route' is correct. If you can't

    telnet,
    > you need to fix your 'default gateway'.
    >
    >
    >
    >
    > <> wrote in message
    > news:...
    > > My problem is this: I have two Catalyst switches (a 2950 LRE and a
    > > 2950T) on remote subnets that I cannot telnet or http to. While the
    > > subnets are remote (different cities), they are all connected through
    > > the Internet via VPN tunnels. I can ping the switches from my subnet
    > > (192.168.1.x, the switches are on subnets 192.168.7.x and 192.168.9.x),
    > > but I cannot telnet or http to them.
    > >
    > > Making things more interesting: if I take remote control of a user's
    > > computer (RDP or SMS remote tools) that is on the same subnet as the
    > > switch, I CAN telnet or http to the switch!
    > >
    > > No other devices seem to have this problem (HP switches, which are
    > > basically rebadged Cisco switches, or a older Cat1900, and no Cats on
    > > my local subnet). I thought it might be some weirdness with the VLANs,
    > > but all my equipment is set to VLAN1, Cisco and non-Cisco alike.
    > >
    > > Here are the configs for the two switches (modified for my protection,
    > > natch)
    > >
    > >
    > > SWITCH ON THE 192.168.7.X SUBNET

    >
    > --------------------------------------------------------------------------
    > ----------------
    > > sh run
    > > Building configuration...
    > >
    > > Current configuration : 2436 bytes
    > > !
    > > ! Last configuration change at 12:26:29 EST Wed Dec 28 2005
    > > ! NVRAM config last updated at 12:26:29 EST Wed Dec 28 2005
    > > !
    > > version 12.1
    > > no service pad
    > > service timestamps debug uptime
    > > service timestamps log uptime
    > > no service password-encryption
    > > !
    > > hostname Cat2950T
    > > !
    > > enable secret xxxxxxxxxx
    > > !
    > > clock timezone EST -5
    > > ip subnet-zero
    > > !
    > > ip domain-name xxxxxxxxx
    > > !
    > > spanning-tree mode pvst
    > > no spanning-tree optimize bpdu transmission
    > > spanning-tree extend system-id
    > > !
    > > !
    > > !
    > > !
    > > interface FastEthernet0/1
    > > !
    > > interface FastEthernet0/2
    > > !
    > > interface FastEthernet0/3
    > > !
    > > interface FastEthernet0/4
    > > !
    > > interface FastEthernet0/5
    > > !
    > > interface FastEthernet0/6
    > > !
    > > interface FastEthernet0/7
    > > !
    > > interface FastEthernet0/8
    > > !
    > > interface FastEthernet0/9
    > > !
    > > interface FastEthernet0/10
    > > !
    > > interface FastEthernet0/11
    > > !
    > > interface FastEthernet0/12
    > > !
    > > interface FastEthernet0/13
    > > !
    > > interface FastEthernet0/14
    > > !
    > > interface FastEthernet0/15
    > > !
    > > interface FastEthernet0/16
    > > !
    > > interface FastEthernet0/17
    > > !
    > > interface FastEthernet0/18
    > > !
    > > interface FastEthernet0/19
    > > !
    > > interface FastEthernet0/20
    > > !
    > > interface FastEthernet0/21
    > > !
    > > interface FastEthernet0/22
    > > !
    > > interface FastEthernet0/23
    > > !
    > > interface FastEthernet0/24
    > > !
    > > interface GigabitEthernet0/1
    > > !
    > > interface GigabitEthernet0/2
    > > !
    > > interface Vlan1
    > > ip address 192.168.7.5 255.255.255.0
    > > no ip route-cache
    > > !
    > > ip default-gateway 192.168.7.1
    > > ip http server
    > >
    > > (bunch of snmp stuff deleted)
    > >
    > > !
    > > line con 0
    > > line vty 0 4
    > > password yyyyyyyy
    > > login
    > > line vty 5 15
    > > password yyyyyyyyyy
    > > login
    > > !
    > > ntp clock-period 17179946
    > > ntp server 192.168.1.81
    > > !
    > > end

    >
    > --------------------------------------------------------------------------
    > ----------------
    > >
    > >
    > > SWITCH ON THE 192.168.9.X SUBNET

    >
    > --------------------------------------------------------------------------
    > -----------------
    > > Current configuration : 1485 bytes
    > > !
    > > version 12.1
    > > no service pad
    > > service timestamps debug uptime
    > > service timestamps log uptime
    > > no service password-encryption
    > > !
    > > hostname CiscoCat2950LRE
    > > !
    > > enable secret xxxxxxxxxxxxxxx
    > > !
    > > ip subnet-zero
    > > !
    > > !
    > > spanning-tree mode pvst
    > > no spanning-tree optimize bpdu transmission
    > > spanning-tree extend system-id
    > > !
    > > !
    > > !
    > > controller LongReachEthernet 0
    > > !
    > > !
    > > interface GigabitEthernet0/1
    > > !
    > > interface GigabitEthernet0/2
    > > !
    > > interface LongReachEthernet0/1
    > > cpe type CISCO575-LRE
    > > flowcontrol receive on
    > > flowcontrol send on
    > > !
    > > interface LongReachEthernet0/2
    > > flowcontrol receive on
    > > flowcontrol send on
    > > !
    > > interface LongReachEthernet0/3
    > > flowcontrol receive on
    > > flowcontrol send on
    > > !
    > > interface LongReachEthernet0/4
    > > flowcontrol receive on
    > > flowcontrol send on
    > > !
    > > interface LongReachEthernet0/5
    > > flowcontrol receive on
    > > flowcontrol send on
    > > !
    > > interface LongReachEthernet0/6
    > > flowcontrol receive on
    > > flowcontrol send on
    > > !
    > > interface LongReachEthernet0/7
    > > flowcontrol receive on
    > > flowcontrol send on
    > > !
    > > interface LongReachEthernet0/8
    > > flowcontrol receive on
    > > flowcontrol send on
    > > !
    > > interface Vlan1
    > > ip address 192.168.10.5 255.255.255.0
    > > no ip route-cache
    > > !
    > > ip default-gateway 192.168.10.1
    > > ip http server
    > >
    > > (bunch of snmp stuff deleted)
    > >
    > > !
    > > line con 0
    > > line vty 0 4
    > > password yyyyyyyyy
    > > login
    > > line vty 5 15
    > > login
    > > !
    > > !
    > > end

    >
    > --------------------------------------------------------------------------
    > ----------------------------
    > >
    > > As you can see, no access-lists blocking anything. As I said, I can
    > > ping OK, and SNMP queries (I deleted all the SNMP stuff above to make
    > > this long post a bit shorter) are returned w/ no problems. The VPNs
    > > are working OK, and there's nothing in the firewall rules (SonicWALL
    > > firewalls) to block anything on the VPN. And as I said, telnet and
    > > http work fine as long as I'm on a computer that's on the same subnet.
    > >
    > > I've never come across this sort of problem with Cisco equipment, but
    > > I've always played in pure Cisco environments, not one with a mix of
    > > Cisco and non-Cisco equipment like this.
    > >
    > > Anyone? Anyone? Bueller?
    > >

    >
    >
     
    Telus, Dec 28, 2005
    #5
  6. wrote:
    > The only places any ACL's would be located are on the SonicWALL
    > firewalls, and I've rechecked those; no ACL blocks anywhere.
    >


    when you connect to them via console, what shows a "sh line"?
    Do you have free lines available? Outherwise you have to clear them. In
    this case also use sercive tcp-keepalives.

    bye
    andre
     
    Andre Janssen, Dec 28, 2005
    #6
  7. Guest

    If by console, you mean a serial cable plugged into the actual console
    port, then I don't know. One switch is about 3 hours drive from me,
    and the other is about 9 hours, so...

    On the other hand, if you mean by telnet, I'll have to look, but I
    don't think that could be the problem, as I couldn't telnet into them
    from a local or a remote subnet if there weren't any lines available.
     
    , Dec 29, 2005
    #7
  8. Merv Guest

    Configure loging buffered if it is not already configured (i.e logging
    buffere 10000 debug)

    On the switch vty lines, configure an extended access list that permits
    any any and logs

    Try telnetting to switch. If nothing is logged then the packets are not
    making it to the switch in question
     
    Merv, Dec 29, 2005
    #8
  9. Merv wrote:
    > Configure loging buffered if it is not already configured (i.e logging
    > buffere 10000 debug)
    >
    > On the switch vty lines, configure an extended access list that permits
    > any any and logs
    >
    > Try telnetting to switch. If nothing is logged then the packets are not
    > making it to the switch in question
    >

    youa may also have someone to powercycle the switch.

    andre
     
    Andre Janssen, Dec 29, 2005
    #9
  10. Guest

    Great Giggaly-Wiggaly. POWERCYCLE! Of all the dumb, useless...

    Oh, wait. It worked.

    Actually, I used a local PC to telnet to the switches and performed a
    "reload" command. It worked for one of the switches (the LRE). It
    worked for a moment with the 2950T, but after about a minutes I lost
    connectivity.

    Why it should work one minutes, then stop the next, is the next great
    question.
     
    , Dec 30, 2005
    #10
  11. Guest

    And the LRE switch is gone again. I had about 10 minutes worth of
    telnet access, and now I've lost it.

    Why? Why, why, WHY? Oh, and why?
     
    , Dec 30, 2005
    #11
  12. Guest

    Have you tried identifying vlan1 as the management interface? This
    should be default, but sometimes forcing it is required. If you can
    get to the clients on the LAN (through the switch) its strictly a
    management problem which usually is one of two things: the management
    interface isn't setup or is missconfigured, or you don't have your DG
    setup correctly. This case the DG looks fine. Try this:

    Switch#conf t
    Switch(config)#int vlan1
    Switch(config-subif)#management
    Swtich(config-subif)#end

    Just a thought....

    ~Ryan
     
    , Dec 30, 2005
    #12
  13. Guest

    One more thing I thought of....

    You mentioned all your equipment (Cisco and Non-Cisco) are on VLAN1.
    By default, all your switch ports are in fact set for VLAN1 on the
    Cisco equipment, *however* with ISL encapsulation. ISL is Cisco
    proprietary, so I doubt your Non-Cisco equipment recognizes the Cisco
    ports as being part of VLAN1. This may not be the problem though; it
    all depends on the switch layout/design. But for piece of mind, in a
    mixed environment like this, I'd turn everything on to IEEE standards
    so you don't have any of the Cisco proprietary encapsulations being
    used.

    However, I don't know how it's configured with LRE switches - from
    what I know (could be outdated knowledge), 802.1q IEEE tagging is only
    supported on Fast Ethernet switch ports. But some things to look into
    at least. Maybe some vlan debugging may help.

    If you do enable IEEE 802.1q tagging, EVERYTHING must use that
    standard. If you try and mix it up, you'll end up with lots of
    weirdness and hard to troubleshoot problems with your vlans. The
    router would also need to be configured for 802.1q.

    To enable IEEE 802.1q tagging on a switch interface:

    switch#
    switch(config)#int <interface>
    switch(config-subif)#encapsulation dot1q <vlan-id>
    switch(config-subif)#end

    of course, since you're only running VLAN1, the vlan Id would simply be
    1 (please note, the vlan ID is only the number, without the word "VLAN"
    proceeding it).

    Again, may be totally off track, but I'm just throwing some other ideas
    not mentioned out there.

    ~Ryan
     
    , Dec 30, 2005
    #13
  14. Guest

    Working with your first post...

    I don't see a "management" command anywhere. It doesn't appear in the
    2950LRE documentaton I have and the switch won't accept it.

    As for as the ISL/.1q config, I'll give it a try, but given the way the
    network is laid out, vlans don't even really have a role at all. As
    far as the network is concerned, it shouldn't even know vlans exist;
    basically, other than an IP address so I can telnet to the switch, the
    vlans are unconfigured. Still, it's one of the few options I can think
    of myself.

    wrote:
    > One more thing I thought of....
    >
    > You mentioned all your equipment (Cisco and Non-Cisco) are on VLAN1.
    > By default, all your switch ports are in fact set for VLAN1 on the
    > Cisco equipment, *however* with ISL encapsulation. ISL is Cisco
    > proprietary, so I doubt your Non-Cisco equipment recognizes the Cisco
    > ports as being part of VLAN1. This may not be the problem though; it
    > all depends on the switch layout/design. But for piece of mind, in a
    > mixed environment like this, I'd turn everything on to IEEE standards
    > so you don't have any of the Cisco proprietary encapsulations being
    > used.
    >
    > However, I don't know how it's configured with LRE switches - from
    > what I know (could be outdated knowledge), 802.1q IEEE tagging is only
    > supported on Fast Ethernet switch ports. But some things to look into
    > at least. Maybe some vlan debugging may help.
    >
    > If you do enable IEEE 802.1q tagging, EVERYTHING must use that
    > standard. If you try and mix it up, you'll end up with lots of
    > weirdness and hard to troubleshoot problems with your vlans. The
    > router would also need to be configured for 802.1q.
    >
    > To enable IEEE 802.1q tagging on a switch interface:
    >
    > switch#
    > switch(config)#int <interface>
    > switch(config-subif)#encapsulation dot1q <vlan-id>
    > switch(config-subif)#end
    >
    > of course, since you're only running VLAN1, the vlan Id would simply be
    > 1 (please note, the vlan ID is only the number, without the word "VLAN"
    > proceeding it).
    >
    > Again, may be totally off track, but I'm just throwing some other ideas
    > not mentioned out there.
    >
    > ~Ryan
     
    , Jan 1, 2006
    #14
  15. Guest

    More on this issue; I've managed to get the LRE switch mentioned (and a
    second LRE switch I didn't mention) to consistantly accept telneting
    from a remote subnet by setting the vtp mode to "transparent",
    essentially disabling vtp.

    This hasn't worked so far for the 2950T, however.
     
    , Jan 4, 2006
    #15
  16. Guest

    I tried using an access-list to log telnet activity to the 2950T's vlan
    1 port and this is what I get:

    Jan 05 08:25:52 192.168.7.15 local7.info 33: 14:22:01:
    %SEC-6-IPACCESSLOGP: list 101 permitted tcp 192.168.1.132(0) ->
    192.168.7.15(0), 1 packet

    So, if I'm reading that right, the switch is getting telnet traffic
    routed to it.
     
    , Jan 5, 2006
    #16
  17. Guest

    Curious - Your switch config above for the 7 subnet shows an IP of
    192.168.7.5, yet this log shows access to 192.168.7.15. Have you
    changed IP's since you posed the origonal config?

    I do realize that you have not manually configured anything with VLAN's
    so it'd be easy to think that its not the issue. However, on all Cisco
    switches, you'll notice every port is part of a VLAN (VLAN 1 by
    default). Of course, since thats its native VLAN, VLAN tagging won't
    be happening on these switches. I don't know how the HP switches will
    react though. You said they're set to VLAN 1 as well (I don' t know if
    maybe they'll tag the packets, while the Cisco eqiupment won't). Just
    some things to think through.

    You also mentioned that turnning VTP mode to transparent on, on the LRE
    "fixed" the issue. Something else that could pose an issue is if your
    HP switches are in the same VTP domain, your LRE will be set as a VTP
    server by default. So that could also be causing some weirdness (hence
    why setting it to transparent fixed it).

    At this point, Cisco would recommend updating your IOS on the switches.
    Have you tried this? Its possible you've got some sort of bug you're
    encountering.

    Also, can you try and diagram out your design? You mentioned the use
    of HP switches as well as Cisco switches, but really I'm not 100% clear
    on the actual layout. Will you please diagram the connectivity from
    the router out through the LAN?

    ~Ryan
     
    , Jan 17, 2006
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Kotuby

    Wireless Network and Wired LAN on different subnets

    John Kotuby, Apr 27, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    1,123
    John Kotuby
    Apr 27, 2005
  2. Jack B. Pollack
    Replies:
    4
    Views:
    1,256
    Zaltor
    Jul 24, 2003
  3. Replies:
    3
    Views:
    1,241
  4. isptrader
    Replies:
    0
    Views:
    1,772
    isptrader
    Dec 20, 2007
  5. Replies:
    4
    Views:
    1,442
    Trendkill
    Aug 29, 2008
Loading...

Share This Page