Re: Unable to telnet to Catalyst switches on different subnets
- From: "Telus" <rob@xxxxxxxxxxxxxx>
- Date: Wed, 28 Dec 2005 21:56:50 GMT
Sorry - you said SWITCHES... The default-gateway command is the only option
on switches...
If they were routers, it would matter. In this case it doesn't.
Please disregard my post.
"Telus" <rob@xxxxxxxxxxxxxx> wrote in message
news:cMDsf.13339$AP5.8098@xxxxxxxxxxx
> You might have a problem with your default gateway command - the 'default
> gateway' command only sets the DGW for the console. It's the 'ip route'
> command that determines routes for the interfaces.
>
> If you can ping the router, the 'ip route' is correct. If you can't
telnet,
> you need to fix your 'default gateway'.
>
>
>
>
> <ttripp@xxxxxxxxxxxxxxxxx> wrote in message
> news:1135793671.752836.300480@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > My problem is this: I have two Catalyst switches (a 2950 LRE and a
> > 2950T) on remote subnets that I cannot telnet or http to. While the
> > subnets are remote (different cities), they are all connected through
> > the Internet via VPN tunnels. I can ping the switches from my subnet
> > (192.168.1.x, the switches are on subnets 192.168.7.x and 192.168.9.x),
> > but I cannot telnet or http to them.
> >
> > Making things more interesting: if I take remote control of a user's
> > computer (RDP or SMS remote tools) that is on the same subnet as the
> > switch, I CAN telnet or http to the switch!
> >
> > No other devices seem to have this problem (HP switches, which are
> > basically rebadged Cisco switches, or a older Cat1900, and no Cats on
> > my local subnet). I thought it might be some weirdness with the VLANs,
> > but all my equipment is set to VLAN1, Cisco and non-Cisco alike.
> >
> > Here are the configs for the two switches (modified for my protection,
> > natch)
> >
> >
> > SWITCH ON THE 192.168.7.X SUBNET
>
> --------------------------------------------------------------------------
> ----------------
> > sh run
> > Building configuration...
> >
> > Current configuration : 2436 bytes
> > !
> > ! Last configuration change at 12:26:29 EST Wed Dec 28 2005
> > ! NVRAM config last updated at 12:26:29 EST Wed Dec 28 2005
> > !
> > version 12.1
> > no service pad
> > service timestamps debug uptime
> > service timestamps log uptime
> > no service password-encryption
> > !
> > hostname Cat2950T
> > !
> > enable secret xxxxxxxxxx
> > !
> > clock timezone EST -5
> > ip subnet-zero
> > !
> > ip domain-name xxxxxxxxx
> > !
> > spanning-tree mode pvst
> > no spanning-tree optimize bpdu transmission
> > spanning-tree extend system-id
> > !
> > !
> > !
> > !
> > interface FastEthernet0/1
> > !
> > interface FastEthernet0/2
> > !
> > interface FastEthernet0/3
> > !
> > interface FastEthernet0/4
> > !
> > interface FastEthernet0/5
> > !
> > interface FastEthernet0/6
> > !
> > interface FastEthernet0/7
> > !
> > interface FastEthernet0/8
> > !
> > interface FastEthernet0/9
> > !
> > interface FastEthernet0/10
> > !
> > interface FastEthernet0/11
> > !
> > interface FastEthernet0/12
> > !
> > interface FastEthernet0/13
> > !
> > interface FastEthernet0/14
> > !
> > interface FastEthernet0/15
> > !
> > interface FastEthernet0/16
> > !
> > interface FastEthernet0/17
> > !
> > interface FastEthernet0/18
> > !
> > interface FastEthernet0/19
> > !
> > interface FastEthernet0/20
> > !
> > interface FastEthernet0/21
> > !
> > interface FastEthernet0/22
> > !
> > interface FastEthernet0/23
> > !
> > interface FastEthernet0/24
> > !
> > interface GigabitEthernet0/1
> > !
> > interface GigabitEthernet0/2
> > !
> > interface Vlan1
> > ip address 192.168.7.5 255.255.255.0
> > no ip route-cache
> > !
> > ip default-gateway 192.168.7.1
> > ip http server
> >
> > (bunch of snmp stuff deleted)
> >
> > !
> > line con 0
> > line vty 0 4
> > password yyyyyyyy
> > login
> > line vty 5 15
> > password yyyyyyyyyy
> > login
> > !
> > ntp clock-period 17179946
> > ntp server 192.168.1.81
> > !
> > end
>
> --------------------------------------------------------------------------
> ----------------
> >
> >
> > SWITCH ON THE 192.168.9.X SUBNET
>
> --------------------------------------------------------------------------
> -----------------
> > Current configuration : 1485 bytes
> > !
> > version 12.1
> > no service pad
> > service timestamps debug uptime
> > service timestamps log uptime
> > no service password-encryption
> > !
> > hostname CiscoCat2950LRE
> > !
> > enable secret xxxxxxxxxxxxxxx
> > !
> > ip subnet-zero
> > !
> > !
> > spanning-tree mode pvst
> > no spanning-tree optimize bpdu transmission
> > spanning-tree extend system-id
> > !
> > !
> > !
> > controller LongReachEthernet 0
> > !
> > !
> > interface GigabitEthernet0/1
> > !
> > interface GigabitEthernet0/2
> > !
> > interface LongReachEthernet0/1
> > cpe type CISCO575-LRE
> > flowcontrol receive on
> > flowcontrol send on
> > !
> > interface LongReachEthernet0/2
> > flowcontrol receive on
> > flowcontrol send on
> > !
> > interface LongReachEthernet0/3
> > flowcontrol receive on
> > flowcontrol send on
> > !
> > interface LongReachEthernet0/4
> > flowcontrol receive on
> > flowcontrol send on
> > !
> > interface LongReachEthernet0/5
> > flowcontrol receive on
> > flowcontrol send on
> > !
> > interface LongReachEthernet0/6
> > flowcontrol receive on
> > flowcontrol send on
> > !
> > interface LongReachEthernet0/7
> > flowcontrol receive on
> > flowcontrol send on
> > !
> > interface LongReachEthernet0/8
> > flowcontrol receive on
> > flowcontrol send on
> > !
> > interface Vlan1
> > ip address 192.168.10.5 255.255.255.0
> > no ip route-cache
> > !
> > ip default-gateway 192.168.10.1
> > ip http server
> >
> > (bunch of snmp stuff deleted)
> >
> > !
> > line con 0
> > line vty 0 4
> > password yyyyyyyyy
> > login
> > line vty 5 15
> > login
> > !
> > !
> > end
>
> --------------------------------------------------------------------------
> ----------------------------
> >
> > As you can see, no access-lists blocking anything. As I said, I can
> > ping OK, and SNMP queries (I deleted all the SNMP stuff above to make
> > this long post a bit shorter) are returned w/ no problems. The VPNs
> > are working OK, and there's nothing in the firewall rules (SonicWALL
> > firewalls) to block anything on the VPN. And as I said, telnet and
> > http work fine as long as I'm on a computer that's on the same subnet.
> >
> > I've never come across this sort of problem with Cisco equipment, but
> > I've always played in pure Cisco environments, not one with a mix of
> > Cisco and non-Cisco equipment like this.
> >
> > Anyone? Anyone? Bueller?
> >
>
>
.
- References:
- Unable to telnet to Catalyst switches on different subnets
- From: ttripp@xxxxxxxxxxxxxxxxx
- Re: Unable to telnet to Catalyst switches on different subnets
- From: Telus
- Unable to telnet to Catalyst switches on different subnets
- Prev by Date: Re: Unable to telnet to Catalyst switches on different subnets
- Next by Date: Set privilage to only allow reboot
- Previous by thread: Re: Unable to telnet to Catalyst switches on different subnets
- Next by thread: Cisco 1750 Router Cisco QoS Device Manager Cisco VPN Device Manager
- Index(es):
Relevant Pages
|
|
