4

Few tasks in the world are more of a joy than to have a chunk of hardware dropped into ones lap with a post-it note that says "configure this for that new subnet".

I know my way around Linux/UNIX but have never had to deal with a CISCO router, ever. So I have been given an old CISCO 2960S chunk of metal and managed to figure out how to connect a serial cable to it and reset it to factory default. Did that. Even managed to setup the enable password. Yay. On a real roll now. However I have been given a subnet like 204.xxx.yyy.160 - 204.xxx.yyy.191 so that looks like a slash 27 (32 ip addresses with a netmask of 255.255.255.191?) to me.

I am not a network guy, not even remotely, so I had to convert that last octet to binary in order for it to make sense: 

160 = 10100000 binary
191 = 10111111 binary

So I am guessing that the broadcast address must be 204.xxx.yyy.191. Just a guess.

Anyways, before I can get even close to plugging this thing into a rack and then attaching a chunk of copper that an ISP gave us, I need to be able to login to the CISCO router itself. On the management interface I mean.

So I tried to read through the endless stuff here : 

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swint.html#wp2220949

That got me almost nowhere. I was able to at least query the interface status, at least ... I think that is what I am seeing here: 

SW4-03#show interfaces fastethernet 0
FastEthernet0 is up, line protocol is up 
  Hardware is PowerPC FastEthernet, address is 6c50.4d83.a537 (bia 6c50.4d83.a537)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Full-duplex, 100Mb/s, MII
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:08, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 1000 bits/sec, 2 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     596880 packets input, 91088101 bytes
     Received 233272 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     24904 packets output, 10360064 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
SW4-03#

Most of that is pure noise to me. I seem to see that the interface is up and running as a 100Mbit/sec interface but what is its ip? I just want to set it to 192.168.35.3 and then ssh into this router to continue on with the next mystery.

So the question is, how does one configure a permanent static ip of 192.168.35.3 to the management interface which allows me to telnet or SSH into this router?

Is this black magic?

I thank in advance anyone else that has management that drops stuff like this in their laps and says "figure it out, how tough can it be right?"

This information may be helpful: 

SW4-03#show running-config
Building configuration...

Current configuration : 4429 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW4-03
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$lots-off-good-hash-here
enable password secretgoodpasswd
!
!
!
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
authentication mac-move permit
ip subnet-zero
!
!
!
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos
!
crypto pki trustpoint TP-self-signed-1300473088
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1300473088
 revocation-check none
 rsakeypair TP-self-signed-1300473088
!
!
crypto pki certificate chain TP-self-signed-1300473088
 certificate self-signed 01
  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
    .
    .
    . lots of hex here 
    .
  0D8C4FFC 852B4817 36F1DD49 BD625EE4 5946A7CE 70E72481 EB63BC59 05B4F27A C4C418
  quit
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0
 no ip address
 speed 100
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
 switchport access vlan 10
!
interface GigabitEthernet0/3
 switchport access vlan 10
!
interface GigabitEthernet0/4
 switchport access vlan 10
!
interface GigabitEthernet0/5
 switchport access vlan 10
!
interface GigabitEthernet0/6
 switchport access vlan 10
!         
interface GigabitEthernet0/7
 switchport access vlan 10
!
interface GigabitEthernet0/8
 switchport access vlan 10
!
interface GigabitEthernet0/9
 switchport access vlan 10
!
interface GigabitEthernet0/10
 switchport access vlan 10
!
interface GigabitEthernet0/11
 switchport access vlan 10
!
interface GigabitEthernet0/12
 switchport access vlan 10
!
interface GigabitEthernet0/13
 switchport access vlan 10
!
interface GigabitEthernet0/14
 switchport access vlan 10
!
interface GigabitEthernet0/15
 switchport access vlan 10
!
interface GigabitEthernet0/16
 switchport access vlan 10
!
interface GigabitEthernet0/17
 switchport access vlan 10
!
interface GigabitEthernet0/18
 switchport access vlan 10
!
interface GigabitEthernet0/19
 switchport access vlan 11
!
interface GigabitEthernet0/20
 switchport access vlan 11
!
interface GigabitEthernet0/21
 switchport access vlan 12
!
interface GigabitEthernet0/22
 switchport access vlan 12
!
interface GigabitEthernet0/23
 switchport mode trunk
 mls qos trust cos
 macro description cisco-switch
 spanning-tree link-type point-to-point
!
interface GigabitEthernet0/24
 switchport mode trunk
 mls qos trust cos
 macro description cisco-switch
 spanning-tree link-type point-to-point
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
 switchport trunk allowed vlan 1,10-12,999
 switchport mode trunk
!
interface Vlan1
 ip address 192.168.250.203 255.255.255.0
!         
ip http server
ip http secure-server
!
!
line con 0
 password somepawwordsstuff
line vty 0 4
 password someotherpasswdstuff
 login
line vty 5 15
 password yetanotherpasswordstuff
 login
!
end

Really there should be no vlan configured at all ..

Joseph Quinsey
  • 222
  • 6
  • 17
paul lanken
  • 123
  • 1
  • 9
  • Try this: http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swint.html#wp2220949 – joeqwerty Jun 19 '13 at 02:18
  • I was just looking there and saw no way to configure an ip address. However I do see `show ip interface brief` shows me Vlan1 has ip address 192.168.250.203. I don't know where that comes from or how to change it .. but I can see if it works. – paul lanken Jun 19 '13 at 02:22
  • Admittedly I'm not a Cisco practitioner but on most other Cisco switches you configure VLAN 1 (which is the default VLAN) with an ip address/mask and that becomes the "management" interface, which is a logical construct. It looks like the 2960-S is a slightly different animal. – joeqwerty Jun 19 '13 at 02:29
  • sure feels that way. Thank you for trying. I will reach out to a network CISCO guru type tomorrow and throw beer/money/women at him or whatever it takes. – paul lanken Jun 19 '13 at 02:31
  • VLAN 1 doesn't have to be the management VLAN, I don't think. I actually wouldn't use that, to prevent accidentally unconfigured stuff from breaching physical protection. – Falcon Momot Jun 19 '13 at 02:34
  • On most (maybe all) Cisco switches only a single VLAN can be assigned an ip address/mask and that VLAN/ip address combination become the "management" VLAN/interface. It doesn't have to be VLAN 1 but that's usually how they're configured. Again, the "management" interface is a logical construct and not a physical interface. – joeqwerty Jun 19 '13 at 02:47
  • On this particular switch, there is a device port which is labelled "management" that is treated specially. This is an exception to the usual way catalyst switches are configured. – Falcon Momot Jun 19 '13 at 03:17

1 Answers1

3

The management interface on this device is Fa0 (FastEthernet0 in long-speak). Here, it is configured no ip address.

You should configure it to have an IP address, and that might actually be sufficient. So, enable, and conf t to start configuring. Then interface fa0 to configure the management interface.

Give it an IP: ip address 1.2.3.4 255.255.0.0 or whatever IP and netmask you want it to have.

Finally, exit configuration mode (exit) and write the configuration to NVRAM (copy running-config startup-config). Now, it should work.

Were the interface administratively disabled, you would have had to specify the no shut configuration directive as well, but it doesn't look like this is the case.

Don't specify a VLAN on that interface. It's not an access port or a trunk port; it's an endpoint. It should be connected to some other switch, to an access port on your management VLAN.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
  • that seems to be exactly what was needed. I now have 192.168.35.3 set on vlan1 and I was able to configure ssh. Regardless of this I still can not ssh into the switch so I have to figure out what port is vlan1. Or even is vlan1 is a port on the switch. No idea really. – paul lanken Jun 19 '13 at 02:57
  • VLAN's aren't physical ports or interfaces, they're logical constructs. Can you telnet to the switch using the ip address you configured? If so, then the problem probably lies in the SSH configuration. If not, then double check that you're using the correct ip address/subnet mask on the switch for the network you're connected to/from. – joeqwerty Jun 19 '13 at 03:04