Cisco Switching/Routing :: 2960 - Management IP Cannot Be Reached / Pinged
Sep 11, 2012
We have a 2960 switch (switch2), whose Management IP cannot be reached/Ping'd. Could not Ping . We have checked the following, but still no clue on the root cause. Haven't tried a reboot yet.
Topology.
All switches are cascaded through trunk and allows all v lan's.
Switch 2 has correct ARP entries for the other switches that we try to ping.Mac address table is fine.Switches other than Switch 2 has proper ARP and Mac entries.This Mgmt v lan is not pruned across any trunks. (we are able to ping switch3 crossing switch2 when tried from switch1)Switches are running PVST and convergence is fine.No access list to deny the traffic.Tried sut/no shut on the V lan interface.
We have quite a few 3560 & 2960 on our edge network - what I have been looking at was to access switches via web-interface i.e. web-browser. Only problem with this is it always gives you access on privilige level 15 which is not ideal as not all who we decide to give access to these switches will be admin and allowed to configure these swicthes - In the 3560/2960 data-sheet states:
"Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to different administrators"
Where as there is no mention of how to configure these two levels of Web-based management in the configuration guide.
I have a problem with siemens industrial profinet apparatous and my Cat2960.
Siemens host can be pinged without any problem but they are not able to do any other kind of traffic. If i look at the interface I can find that all ingress packet are UNKNOWN DROPPED.
I found a document where si explained that "probably" siemens host are using packet with 802.1p header and vlan 0.
I tried the following tests:
1) port in access mode - failed 2) port in trunk mode with native vlan - failed 3) port in access mode with voice vlan - failed 4) port in acess-mode with voice vlan dot1p - failed
I have an existing stack of 4 x 2960-S switches connected by stack cables.I would like to add another 2960-S switch to the stack but am unable to as the 2960-S will only allow 4 x 2960-S switches per stack.how I would add the 5th 2960-S switch to the existing stack of 4 x 2960-S switches.
I have a 24 port 2960-S that is not communicating with a 2960-LST that it is directly connected to over fiber. The link is up on the LST but will not come up on the -S. What command should I use to bring up this link? I have tried no shut from the (Config-if)# prompt.
Apparently on older switches you could just enter the "management" command under the new VLAN interface and it would pull the config from the old one, apparently that feature isn't around anymore. I've tried establishing a trunk to the damned thing and trying to switch over that way, but it doesn't seem to work.
We are looking at putting in a solution at a hotel for Free Guest WiFI.The solution would cover 4 floors and about 120 rooms and some open areas .In short the hardware would look as follows
-2500 controller -1142LAP -2960 PoE switch -878 Adsl router for internet connectivity (20Mbps/1Mbps internet ADSL feed)
One of the concerns raised by the client is that they would like to make sure that no single user could eat up too much bandwidth creating problems for the rest of the users . Can the above KIT or something similar achieve this objective? As far as I can think of we would require a Proxy server .
I am just going to deploy some new 4900Ms for a customer. Want to know if configuring management for 4900 (everything like NTP, AAA, SNMP , DNS ) is doable through management interface in management VRF and there are no caveats to be aware of.
Is there some kind of trick to getting the fastethernet 0 management port to come up? My adjacent switch is up/up, but fe0 is down/down. I dont' see how this could be possible. I am getting all my info remotely, but I am pretty sure it's wired up correctly.
I have a stack of 3750-X that are used to both switch traffic inside V LAN and also to route a couple of WAN ranges from our up link provider to the DMZ v LAN.Now I'd like to have a SVI Vlan1 with an IP in the "management v LAN", but I'd like that SVI not to be rout able.
More exactly :
- no traffic should ever exit that interface that's not the generated by the router itself (ssh/snmp/...) - no incoming traffic on that interface should be forwarded anywhere - I'd also like to have a different default gw to be used by traffic generated by the switch itself. (for eg, ssh traffic coming from any another sub net like 10.2.0.0/24 to the switch SVI Vlan1 ip 10.1.0.1/24 should be routed back through the Vlan1 gw and not through out up link ptp gateway)
I think I can achieve the first two with ACLs on the SVI. But not sure about the last one ...
In mucking around with my 4500 I accidently deleted the ip address that I use to get into it with telnet and CNA. I have a console cable hooked up to and I'm in that way but the commands I got off the internet did not work. Those commands were set interface sc0 10.x.x.x/xx and set interface me1 10.x.x.x/xx. It didn't like interface and I notices when I did a set ?
i have a small network with Polycom phones connected to the sf300 switch and have the pc's daisy chained via the second switch port on each phone. i have the pc traffic running on the default vlan 1 and the voice traffic running on the voice vlan 100. can i do bandwidth management on a vlan/port basis or is that not necessary. i want to ensure that the voice traffic is never impacted by the pc traffic on the same cable.
spam up the boards with the same basic CCNA level stuff, but I have a couple of questions about ios differences, limitations, and references. I have the following three switches. One appears to be considerably dated in regard to software version. My confusion/ignorance stems from managing VTP settings.
When I set either 2950 switch as the VTP server, and the other as a client, the client inherits the server settings as expected. However the 2924 requires that I go into the vlan database from priv exec and manually set vtp client. That's pretty similar to setting any switch to client mode. The problem I am observing is that after setting the 2924 to client, it still doesn't inherit vtp version settings or pruning settings. I still have to manually configure those. Additionally, if I copy run start the 2924 after making these manual settings, and then reload the switch, all the settings are lost and it defaults back to server mode with all features disabled. From my searches, it looks like vlan information is stored in vlan.dat, but all the documentation I've found is on 12.1 ios which doesn't appear to use vlan database for vtp setup, meaning it might still be an issue, but not one I'm focused on at the moment.
Is the vlan database dumped at reload? I've read vlan.dat is stored in nvram and should be saved after a copy run start, but that is not the case for me.I have since set the 2924 as the server, manually configured the server from vlan database, executed copy run start, and reloaded the switch. Oddly, my manual settings saved from the reload, meaning I only lose settings when the switch is in client mode.Am I missing additional necessary client commands to save the config, or is this just a limitation of either the 2924XL or the 12.0 ios?On a related but completed out of scope topic, without a cisco service contract, how am I supposed to make heads or tails of all the different versions of ios, along with the letter-based features and what-not? I can't even find my 2924 in the list of platforms when searching for ios upgrades.
regarding to the out of band Management interface , if I configured an intervace vlan to be as a managment interface for one vdc ( the default vdc ), when I connected to this vdc via telnet , can I switch to any other vdc ? ( suppose that I have the Admin role which allows me to enter and config all the vdc's )If that is possible so that I dont have to make a dedicated managment ip for each VDC I need to do that only if I want to make vdc admin's account to allow some users to access specific vlans only , is that true ?
I want to configure management for some Nexus 5548's?I wanted to manage the switches via an SVI. I have read the following document which gives details about the Management SVI but doesn't answer all questions.[URL]I am not running any layer 3 functionality on the switch, no layer3 license (which it mentions in the above link) Will I still be able to create a management SVI. I know I will need to enable the feature 'interface-vlan' to setup a Management SVI, does that require a license?
What is the point of it? It is not a remote console. If i reboot the switch i cannot get back to the out of band management port unless the switch is fully running. Is this only for security purposees? so all telnet/ssh is from an Out of band network?
I have a Nexus 5548UP that would be managed by two organizations. Is it possible to set IP addresses for mgmt0 and an SVI (or an L3 interface) without using the L3 daughter card? I don't want to route between VLANs, just to separate management traffic.
I am just going to deploy some new 4900Ms for a customer. Want to know if configuring management for 4900 (everything like NTP, AAA, SNMP , DNS ) is doable through management interface in management VRF and there are no caveats to be aware of.
I have a client who is changing their management IP scheme as a bridge to replacing equipment and much of the old equipment (Catalyst 4000) is running CatOS and I am a bit weak in CatOS. The existing Management IP is setup as follows:
set interface sc0 1 192.168.252.209/255.255.255.0 192.168.252.255 set ip route 0.0.0.0/0.0.0.0 192.168.252.1
What we want to change this to is as follows:
set interface sc0 110 192.168.197.209/255.255.255.0 192.168.197.255 set ip route 0.0.0.0/0.0.0.0 192.168.197.1
The devices are spreadout over a large area and visiting each device is almost out of the question due to a time deadline I was wondering if I run this set of commands will this allow me to keep a remote session (SSH) running until the change is complete?
set ip route 192.168.197.0/255.255.255.0 192.168.197.1 set interface sc0 110 192.168.197.209/255.255.255.0 192.168.197.255 set ip route 0.0.0.0/0.0.0.0 192.168.197.1
I' ve three 4900M switches equipped with the WS-X4920-GB-RJ45 module and the WS-X4908-10GE module. Now I'm started to setup these switches in our lab environment for the first time. They behave a little bit strange in comparison with the C3750 series which I used before and which I will replace by these powerful machines.
I tried to setup these switches to be managed through the management port. I configured IP address, default route in the management vrf, set the source-interface for tftp,ssh,ftp and tacacs to use the management port. Ping using the manangement port was successful. After finishing theses steps I configured the TACACS and AAA settings accordingly the informations I found on CCO. I tested the settings with "test aaa group authentication" command- without success. On my Cisco ACS no request was received and the switch told me he could't reach the tacacs server. Other switches in the same IP subnet are working without failure, so firewall or server should not be the problem.
i have: two nexus 5596 connected each other the mgmt0 is NOT in use SVI for keepalives with IP address and /30 netmask vpc-keepalives running over fiber in e1/1. this works well uplinks to datacenter distribution switch (Cat 6500 VSS) over fiber on port-channel 1 (e1/2 and e1/10), also carrying the management VLAN (vlan 14). SVI with an IP address for management purposes
I can't get this to work. i can ping my whole network from the nexus, but not the nexus from my network. also pinging inside the mgmt vlan is not possible.
How separate is the management interface on a Nexus 5548?
In context - what's the risk of having a layer 2 only Nx5K in a DMZ and running the managment ports down into an internal managment VLAN, to form peer-keepalive links and software upgrades.
We have a couple of Nexus 7010's split into Core and Distribution VDCs. MGMT0 interfaces on each of the Nexus VDC's (including the Admin VDC) are configured with different IP address, but on the same subnet i.e 10.10.10.1/24 for admin, 10.10.10.2/24 for Core and 10.10.10.3/24 for Distribution. The MGMT 0 physical port on each Nexus is connected to a physical gig port on a 3750 X switch, and the 3750X has uplinks back to the Nexus configured for vPC.
When i ssh to the VDC MGMT0 IPs from the 3750X, i can access each of these VDCs without any problems. But if i enable routing on each of these links(OSPF) and advertise it to the WAN, i cannot see these routes advertised and also cannot see any of these routes in the local routing table.Just wondering if i have to enable these links on a VLAN and then advertise it to the WAN..But if this the case, VLANs cannot be created on the Admin(default VDC).
I'm trying to figure out how to (or if I can) setup the management interfaces (fa1) on a couple of new 4500X switches. My issue is that the 4500X's themselves are the gateway for my management VLAN (.1 HSRP virtual, .2 and .3 SVIs on the pair of switches).
I would like to assign addresses from the management VLAN to the router Fa1 management interfaces but the software configuration guide seems to note this is not supported (and indeed it doesn't seem to work).
Physically I have Fa1 from core-1 into a port on an adjacent switch. Fa1 from core-2 also goes into a port on that adjacent switch. Both are in my management VLAN, whose SVIs are on the cores themselves.
I am trying to setup the management vrf on the 4948 10GE so that my TACACS requests will use that vrf for out-of-band purposes. The vrf is working properly because I can ping the TACACS server using the vrf but the logins do not work. I see this error in the tacacs debug:
TPLUS(00000016)/0: Connect Error No route to host
Looking at the release notes, it states that my version (12.2.54 SG1) does support vrf aware tacacs but the documentation seems to be a bit off because i do not get a server private command option as stated in the configuration doc after configuring a tacacs server group:
[URL]
Here is my config:
ip vrf mgmtVrf rd X:X ! interface FastEthernet1 ip vrf forwarding mgmtVrf ip address x.x.x.x
I can not find any information about management port of Cisco ISR 2911, 2921 and so on. There is management port in specification of 2911 and 2921 and I do not know if this port can be as a simple Ethernet port – forward traffic in/out on L3.
My management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE) 6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4 For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
I am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
I have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode. DHCP relay is setup on this switch.
The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.
DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).
There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).
Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.
After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.
we do not have an out-of-band management network and setting one up at this point is not being planned. We are mainly a swtiched environment and the only devices that are using L3 are the core switch for WAN purposes and the lab because it is mimicking the production environment. I have two Nexus switches that are sitting on the other side of a 3750 switch which is currently acting as a L3 device because this is a pre-production environment for a new project. We had an issue with management of the devices before but our workaround was to put them on the management vlan direcltly off of the core, allowing only management traffic to pass by means of mgmt0 on each device. The problem I'm having now is that I've now setup the mgmt0 interfaces on both for the keepalive link for vpc only (vpc traffic is going accross 2x10gb connections and the link to the 3750 is 1gb each trunked) and have lost my ability to use the mgmt0 connections for management. How to connect my management connection through either the 3750 or directly off the core switch (as that's what will happen once it's put into production)
