defeated by a measly 2950!?!

cisco_trooper

Ok guys, I'm about to admit to my first defeat by a Cisco device, but I want to get some input before I throw in the towel. So here's the situation:

I've got a 2950 that I just wiped so I can reconfigure it to company standards with RADIUS, etc. I've assigned it a layer 3 address in the management VLAN and have assigned an interface to that same VLAN. I connected my laptop to that interface and assigned it an address in the same VLAN. From my laptop I can ping my laptop and the switch just fine. From the switch, I can ping the switch but not the laptop....so I obviously am not able to copy my IOS image down from my laptop.

Anyone have any ideas? The laptop's mac address is in the mac table. ARP is in the ARP table. What gives? I'm at my wits end on what should be a pretty simple issue.

tiersten

Laptop firewall?

kalebksp

Do you have a firewall on your laptop?

tiersten

kalebksp wrote: »

Do you have a firewall on your laptop?

Too slow!

cisco_trooper

Wish I could say I was that blind but the firewall IS in fact disabled...:)

networker050184

Show us the config we might be able to spot something, but it sounds like you have everything right.

ciscojay-houston

Remember that 2950's can only have 1 VLAN active at a time. If you created a second VLAN, although it's configured and you've issued a "no shut", the VLAN will not come up.

If you have shut VLAN1, and created say, VLAN2, make sure the switchport is in this VLAN. Also, make sure your sh vlan output shows the VLAN created. Also, remember that the 2950's still use the vlan database command to assign and name these.

mikej412

Think about using XMODEM..... That should motivate you to double and triple check your configurations and firewall.

Netwurk

ciscojay-houston wrote: »

Remember that 2950's can only have 1 VLAN active at a time. If you created a second VLAN, although it's configured and you've issued a "no shut", the VLAN will not come up.

If you have shut VLAN1, and created say, VLAN2, make sure the switchport is in this VLAN. Also, make sure your sh vlan output shows the VLAN created. Also, remember that the 2950's still use the vlan database command to assign and name these.

Good point about the one active VLAN, but 2950's don't need to use the deprecated vlan database commands. It will work, but you can also use the new commands.

cisco_trooper

Switch#sho run
Building configuration...
Current configuration : 2100 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$EboP$5hZRzV/822dybFSJrWTaB/
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface FastEthernet0/27
!
interface FastEthernet0/28
!
interface FastEthernet0/29
!
interface FastEthernet0/30
!
interface FastEthernet0/31
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
!
interface FastEthernet0/36
!
interface FastEthernet0/37
!
interface FastEthernet0/38
!
interface FastEthernet0/39
!
interface FastEthernet0/40
!
interface FastEthernet0/41
!
interface FastEthernet0/42
!
interface FastEthernet0/43
!
interface FastEthernet0/44
!
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
switchport access vlan 2
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
ip address 172.16.1.35 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.1.1
ip http server
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
login
!
!
end
Switch#exit

kryolla

if your laptop is sending echo and the switch is sending an echo reply then you have 2 way comm but when the switch initiates the echo but does not get an echo reply make sure the switch is indeed sending it and if you have another switch plug that in instead of your laptop and see if you have 2 way comm.

Netwurk

cisco_trooper wrote: »

interface Vlan1
no ip address
no ip route-cache
shutdown

interface Vlan2
ip address 172.16.1.35 255.255.255.0
no ip route-cache

Looks like you need to put your IP on the first VLAN interface and then do a no shut

Don't know if it is possible to use a Vlan2 interface on a 2950

cisco_trooper

kryolla wrote: »

if your laptop is sending echo and the switch is sending an echo reply then you have 2 way comm but when the switch initiates the echo but does not get an echo reply make sure the switch is indeed sending it and if you have another switch plug that in instead of your laptop and see if you have 2 way comm.

Yeah, I've tried using a different interface on the switch to no avail. I'm getting ready to start sniffing traffic but I really didn't feel like going through the hassle of setting up the SPAN session and finding a box to sniff it with. I've got better things to do at the moment.

cisco_trooper

Netwurk wrote: »

Looks like you need to put your IP on the first VLAN interface and then do a no shut

Don't know if it is possible to use a Vlan2 interface on a 2950

You can, you can just only use ONE vlan interface. I have 70 other devices configured in this same way. I personally would never use VLAN 1 for management.

kryolla

not a different inteface but using a different switch set up as a host to take the place of your laptop. I have a feeling the issue is with your laptop and not sending an echo reply

cisco_trooper

kryolla wrote: »

not a different inteface but using a different switch set up as a host to take the place of your laptop. I have a feeling the issue is with your laptop and not sending an echo reply

Ah, I see what you're saying. I don't have another switch laying around unfortunately.

malcybood

That's strange if you can ping the switch from the laptop, config looks fine to me. The only issues that would spring to mind is if you were using dot1q trunking but not the case I see.

I know in theory the ping is going in the opposite direction and this makes no sense on the surface, but have you tried hard coding VLAN 2 to being the management VLAN?

interface Vlan2
ip address 172.16.1.35 255.255.255.0
no ip route-cache
management

When I've had connectivity issues on both Cisco and Nortel switches that have been reset to defaults or out the box, I like you always create a new VLAN for management and copying the config file, but I've had to actually bring the VLAN up which you have done, then "tell" it is the mgmt vlan with the above command.

Doesn't really make sense in your scenario as you have some connectivity, but there's no other reason for it not to work and it's the only thing I can think of other than a PC firewall.

APA

Your config is absolutely fine.

shut vlan 2, shut int fa 0/1

Clear the arp table.

re-enable vlan2, wait till it comes up,up then re-enabled int fa 0/1.

Tell us how you go...

What O.S are you using??? I have a sneaking suspicion that you have some client firewall enabled still.... Hence the one way traffic allowed out from the machine....

mikearama

cisco_trooper wrote: »

!
interface Vlan2
ip address 172.16.1.35 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.1.1
end
Switch#exit

Just curious... what's the IP of your laptop? Does it have a default gateway?

AutoBahn81

Reboot your laptop.

itdaddy

mike said: Think about using XMODEM
hahaahahhaaaa hahahah ahaahahaaa hahah


omg that is so funny; gives you motivation hahaahhahhahhahhhh I was told that once and well yeah I got motivated haahhhahahahh


Mike you should do standup for cisco haahhaha

ITdude

I agree. Check laptop for enabled software Windows firewall and or something else like Norton Internet Security suite.

Or use Mike's idea!

cisco_trooper

Just an update for those curious. I finally gave up and used a different machine and it worked fine. The laptop firewall WAS disabled by the way. To this day I don't know why the laptop couldn't connect to that switch. I use it ALL the time to connect to any of the other 50 or 100 devices we have. I'm chalking this one up to something really really weird.

netteaser

Was the laptop you were having problems with running Vista?

cisco_trooper

netteaser wrote: »

was the laptop you were having problems with running vista?

xp sp3...