Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Henry Bennett

2 Posts

44116

July 14th, 2015 15:00

Cannot telnet to loopback/vlan interface on N2000 (N2048) switch.

I had a N2048 switch connected to our network with an IP address on a vlan with a static default route.

I made the following changes to the switch and the switch was no longer available to telnet \ ssh \https.

* Added  loopback address 10.250.8.105/32 to the loopback0 interface
* Added RIPv2 routing to transmit the loopback interface's address
* RIPv2 from network delivers the route 0.0.0.0/0 to the switch.

After the changes:

* Cannot use telnet \ ssh \ https to contact the switch from routed networks
* Can use networks that are directly connected to the switch to connect.
* AAA no longer works
* Switch is pingable via the loopback and the vlan interface
* SNMP (UDP) works fine with the switch
* Syslog based logging still work from the router

I have  other N-Series (N3048 and N2048) that is showing the same issues and I have some that actually work fine (all the working are N3000). This the first N2000 that I have converted to RIP

It feels like the system is not using the routing table or that the TCP connection is not completing due to some stateful connection checking out differing interfaces.

Routing Table:
Default Gateway is 10.8.0.20
R      *0.0.0.0/0 [120/2] via 10.8.0.20,   Vl100
S       0.0.0.0/0 [250/0] via 10.8.0.10,   Vl100
C      *10.8.0.0/24 [0/1] directly connected,   Vl100
C      *10.250.8.105/32 [0/1] directly connected,   Lo0

Switch Configuration:
* Version 6.1.1.7

!Current Configuration:
!System Description "Dell Networking N2048, 6.1.1.7, Linux 3.6.5-601418a5"
!System Software Version 6.1.1.7
!
configure
vlan 100
name "100_INF_Network-OSPF"
exit
vlan 101
name "101_INF_Network-Static"
exit


<<< >>>>


vlan 888
name "test"
exit
vlan 100-104,106-107,120-122,130-131,200-201,203,215-216,300,307-309,320-322
vlan 500-504
vlan 888
exit
snmp-server location "IDF2 White Stack"
snmp-server contact "Jeff Madrazo"
hostname "netcalswtds06"
slot 1/0 5    ! Dell Networking N2048
slot 2/0 9    ! Dell Networking N2048P
slot 3/0 9    ! Dell Networking N2048P
sntp server 10.40.50.20
sntp server 10.40.50.21 priority 2
clock summer-time recurring USA
clock timezone -8 minutes 0
stack
member 1 8    ! N2048
member 2 9    ! N2048P
member 3 9    ! N2048P
exit
ip domain-name "XXXXXXX.net"
ip name-server "10.40.50.20"
logging 10.40.50.51
exit
boot auto-copy-sw
ip access-list CONNECTED_RIP
permit ip 10.250.0.0 0.0.255.255 any
exit
ip routing
ip route 0.0.0.0 0.0.0.0 10.8.0.10 250
router rip
redistribute connected
distribute-list CONNECTED_RIP out connected
exit
interface vlan 1
ip address dhcp
exit
interface vlan 100
ip address 10.8.0.105 255.255.255.0
ip rip
ip rip receive version rip2
exit
interface vlan 101
exit
interface vlan 300
exit
no passwords min-length
username "admin" password XXXXXXXXXXXXXXXXXXXXXXXXXXX privilege 15 encrypted
aaa authentication login "Management" radius local
aaa authentication login "Console" local
aaa authentication enable "Management" none
aaa authentication enable "Console" none
aaa authorization exec "Management" radius local
aaa authorization exec "Console" local
radius-server source-ip 10.250.8.105
radius-server host auth 10.40.50.20
name "Default-RADIUS-Server"
deadtime 1
key "XXXXXX"
exit
line console
login authentication Console
enable authentication Console
authorization exec Console
exit
line telnet
login authentication Management
enable authentication Management
authorization exec Management
exit
line ssh
login authentication Management
enable authentication Management
exit
!
interface Gi1/0/1
description "IDF2_White_Placeholder"
spanning-tree portfast
switchport access vlan 300
exit

<<<< >>>>

interface Gi3/0/48
description "IDF2_White_Placeholder"
spanning-tree portfast
switchport access vlan 300
exit
!
interface loopback 0
ip address 10.250.8.105 255.255.255.255
exit
snmp-server engineid local 800002a203f8b1564ba500
snmp-server community "XXXXXXXXX" ro
exit

DELL-Josh Cr

Moderator

 • 

9.6K Posts

July 14th, 2015 18:00

Hi,

If you create a static route for the loopback instead of rip does it work? Is there a firmware version difference between the switches where it works and the ones where it doesn’t? Are you able to access the web gui via the loopback?

Try updating the firmware to the latest version. There were some fixes to loopback interface behavior and switches not responding to telnet or ssh. http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=N8K2G&fileId=3461947867&osCode=NAA&productCode=networking-n2000-series&languageCode=EN&categoryId=NI

Henry Bennett

2 Posts

July 15th, 2015 10:00

Thanks for the reply.

The web gui , ssh and telnet all behave the same.

When RIP is removed from the switch and just a default route (floating static) is placed on the switch, both telnet to the loopback and to the vlan interface works. The upstream router has a route to point the loopback to the vlan interface.

The issue with ping working and telnet not working was due to a stateful firewall being the default gateway and the routed path being asynchronous. When an internal router was used for the default gateway work the system works.

Once the default gateway was removed and the RIP command were reissued to the vlan interfaces and the rip routes confirmed in the routing table the issue came back.

We are filtering the routes advertised via RIP due to the number of router that the N2000 can handle. We would like only advertise the 10.0.0.0/8 router to point back to the internal routers.

With the testing below the issue seems to be that telnet \ ssh \ https services will not honor the 10.0.0.0/8 route on the switch. When a /16 route to the client is inserted the system works. The added /16 route is the same destination of the 10.0.0.0/8 route. If the route was added with RIP or static did not matter. With the prior configuration the 0.0.0.0/0 was not honored either.

Some additional tests were performed to see were the routes break, different netmasks were tested. The routes were inserted as static routes. The route was the only non-connected route in the routing table.

route/mask - result

10.40.0.0/16 - Works

10.40.0.0/15 - Works

10.40.0.0/14 - Works

10.40.0.0/13 - Works

10.32.0.0/12 - Works

10.32.0.0/11 - Works

10.0.0.0/10 - Broken

10.0.0.0/9 - Broken

10.0.0.0/8 - Broken

==== Tests ====

More testing was performed:

> Client - 10.40.50.51

* Test1: Removed the distribute command to enable full routing table.

* Result - Telnet works (loopback and vlan interface)

* Test2: Used distribute command to allow 10.0.0.0/8 network

* Result: Telnet does not work and ping does not work (loopback and vlan interface)

----Routing Tables----

No default gateway is configured.

R      *10.0.0.0/8 [120/2] via 10.8.0.10,   Vl100

R      *10.0.0.0/16 [120/2] via 10.8.0.10,   Vl100

C      *10.8.0.0/24 [0/1] directly connected,   Vl100

C      *10.250.8.105/32 [0/1] directly connected,   Lo0

----Traceroute from switch to client----

Traceroute to 10.40.50.51 ,30 hops max 0 byte packets:

Hop Count = 1 Last TTL = 1 Test attempt = 1 Test Success = 0

--------------------------------------------------

* Test3: Used IP ROUTE command add 10.40.0.0/16 -> 10.8.0.10 route.  (same dest as 10.0.0.0/8)

* Result: Telnet Works  and Ping works (loopback and vlan interface)

----Routing Table----

R      *10.0.0.0/8 [120/2] via 10.8.0.10,   Vl100

R      *10.0.0.0/16 [120/2] via 10.8.0.10,   Vl100

C      *10.8.0.0/24 [0/1] directly connected,   Vl100

S      *10.40.0.0/16 [1/0] via 10.8.0.10,   Vl100

C      *10.250.8.105/32 [0/1] directly connected,   Lo0

----Traceroute from switch to client----

1  10.8.0.10          167 ms    167 ms    167 ms  

2  [obfuscated]       3640 ms    3640 ms    3640 ms  

3  [obfuscated]       1828 ms    1828 ms    1828 ms  

4  [obfuscated]      1845 ms    1845 ms    1845 ms  

5  10.40.1.1          16  ms    1016 ms    16  ms  

6  10.40.50.51        858 ms    858 ms    858 ms

--------------------------------------------------

*Test4: Used RIP distribute to allow the add the route (same dest as 10.0.0.0/8)

*Result: Telnet works and RIP works (loopback and vlan interface)

----Routing Table----

R      *10.0.0.0/8 [120/2] via 10.8.0.10,   Vl100

R      *10.0.0.0/16 [120/2] via 10.8.0.10,   Vl100

C      *10.8.0.0/24 [0/1] directly connected,   Vl100

R      *10.40.0.0/16 [120/2] via 10.8.0.10,   Vl100

C      *10.250.8.105/32 [0/1] directly connected,   Lo0

----Traceroute from Switch to Client ----

1  10.8.0.10          167 ms    167 ms    167 ms  

2  [obfuscated]      3640 ms    3640 ms    3640 ms  

3  [obfuscated]       1828 ms    1828 ms    1828 ms  

4  [obfuscated]       1845 ms    1845 ms    1845 ms  

5  10.40.1.1          16  ms    16  ms    16  ms  

6  10.40.50.51        858 ms    858 ms    858 ms  

--------------------------------------------------

Was this post helpful?

View All

0 events found

No Events found!

Top