Cisco – SSH to Access Switch Management Console from other VLANs

The infrastructure I currently work on has 3 switches:

One 3560X which is acting as a core switch and as a VTP Server with below characteristics:

no aaa new-model
system mtu routing 1500
ip routing

interface FastEthernet0
 ip address 10.0.0.11 255.255.255.0
 no ip route-cache
!

interface Vlan100
 ip address 10.1.0.1 255.255.252.0
!
interface Vlan110
 ip address 10.1.4.1 255.255.252.0
 ip helper-address 10.0.4.40
!

It's got about 5 VLANs with IP set as 10.1.0.1/22, 10.1.4.1/22 etc. The FastEthernet0 is Management port.

Current VLAN Layout is like:

Vlan1                  10.0.0.1         YES NVRAM  up                    up      
Vlan2                  10.0.1.1        YES NVRAM  up                    up      
Vlan10                 unassigned      YES unset  down                  down    
Vlan20                 10.0.2.1        YES NVRAM  up                    up      
Vlan30                 10.0.4.1        YES NVRAM  up                    up      
Vlan100                10.1.0.1        YES NVRAM  up                    up      
Vlan110                10.1.4.1        YES NVRAM  up                    up

Then I have 2 other Cisco 2960Xs, acting as Access Switches and as VTP clients. Both switch is SSH enabled and I can do ssh by connecting to the management console and by assigning an IP to the client machine which is in the range management port.

I have below stuffs working correcting:

Inter-VLAN routing from all the switches.
I can ssh to the Core switch using any of the VLAN IP addresses (E.g. 10.1.4.1) and manage it.

But

I cannot ping the Default VLAN IP (10.0.0.1) from any other VLAN
I cannot ping IP address given to the management consoles of the
2960Xs (10.0.0.11, 10.0.0.12).

Question is, how I can do an SSH to the Access Switch and Manage it by sitting in other VLANs? What configuration is pending here ?

Update:
Corrected wrong default VLAN IP Address. I can now ping the Default VLAN.

Best Answer

Based on @TeunVink's comments, Problem 1 was fixed.

Below are the methods I have used for setting up the management interface.

I chose not to use VLAN 1 for management, as per many recommendations. So I cleared IPs from VLAN 1 and Management Console (Fastethernet0), as:

conf t
int vlan 1
no ip address
exit
int fa0
no ip address
exit

Assuming that VTP is enabled is working between Core and Access switches:

Create a separate management vlan in the core switch. E.g. VLAN 10

conf t
vlan 10
name management
exit

Assign IP address to this vlan

int vlan 10
ip address 10.0.10.1 255.255.255.0
exit

Then connect to the 2960 access switch via console and verify the vlan 10 is present there using show vlan command. It should be there as the VTP already would have taken care of distributing it. Now assign ip separately here for vlan 10 in the access switch as:

conf t
int vlan 10
ip address 10.0.10.2 255.255.255.0
exit

Configure ssh by following this link.

That's it. Now Ping 10.0.10.2 from other vlans to the Access switch. Should be good to go.

This link can be treated as an excellent reference for this purpose.

Best Answer

Related Solutions

Cisco – How to Locate a Host on Network

Vlan – Connecting two VLANs together on a single switch

Related Topic